CyberArk ACCESS-DEF Exam Dumps

Question 6 of 63

ACME Corporation employees access critical business web applications through CyberArk Identity. You notice a constant high volume of unauthorized traffic from 103.1.200.0/24 trying to gain access to the CyberArk Identity portal. Access to the CyberArk Identity portal is time sensitive. ACME decides to enforce IP restrictions to reduce vulnerability.

Which configuration can help achieve this?

Log in to the CyberArk Identity Admin portal and define the IP range of 103.1.200.0/24 into the ACME Corporation IP range.

Implement device trust through the Windows Cloud Agent.

Implement zero trust through the App Gateway.

Correct Answer: B

To prevent unauthorized traffic from the IP range 103.1.200.0/24, you would need to log in to the CyberArk Identity Admin portal and define this range as a blocked IP range. This effectively prevents any traffic from these IP addresses from accessing the CyberArk Identity portal, thereby reducing the vulnerability to unauthorized access attempts from this specific range.

Question 7 of 63

Refer to the exhibit.

Which statements are correct regarding this Authentication Policy? (Choose two.)

Users will still be asked for their MFA even if they mistyped their username.

If users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.

Users will not be notified which challenge they failed if their login attempt failed.

If users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.

If the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".

Correct Answer: B, E

The setting 'Continue with additional challenges after failed challenge' in the Authentication Policy indicates that even if the initial challenge (e.g., password) fails, subsequent challenges (MFA) will continue to be presented to the user. Therefore, if users have set up the CyberArk Mobile Authenticator as an MFA, they will still receive the push notification even if they mistyped their password. Also, if the first factor is a password and the user is an Active Directory user but Active Directory is unavailable, the user will not be able to authenticate using Active Directory credentials and will see the message 'Active Directory not available,' making the setting irrelevant in this scenario.

Question 8 of 63

DRAG DROP -

Your organization wants to automatically create user accounts with different Salesforce licenses (e.g., Salesforce, Identity, Chatter External).

In CyberArk Identity, arrange the steps to achieve this in the correct sequence.

Correct Answer:

Question 9 of 63

DRAG DROP -

Match each User Portal tab to the correct description.

Correct Answer:

Question 10 of 63

Refer to the exhibit.

Within the "Allow user notifications on multiple devices", if you leave the setting as Default (--), what happens if a user triggers a MFA Push notification and has enrolled three different devices?

The push notification will be sent to none of the enrolled devices.

The push notification will be sent to the first enrolled device only.

The push notification will be sent to all enrolled devices.

The push notification will be sent to the last enrolled device only.

Correct Answer: C

Leaving the setting as Default (--) typically means that the system's default behavior will apply. For notifications in multi-device environments, the default behavior will most likely be to send the push notification to all enrolled devices to ensure the user gets it on one of their devices. This promotes accessibility and ensures a higher chance that the user will receive and act on the notification promptly.