CyberArk Defender

Here you have the best CyberArk CAU201 practice exam questions

You have 152 total questions to study from
Each page has 5 questions, making a total of 31 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on May 16, 2025
This site is not affiliated with or endorsed by CyberArk.

Question 1 of 152

If a user is a member of more than one group that has authorizations on a safe, by default that user is granted____________________.

the vault will not allow this situation to occur.

only those permissions that exist on the group added to the safe first.

only those permissions that exist in all groups to which the user belongs.

the cumulative permissions of all the groups to which that user belongs.

Correct Answer: D

If a user is a member of more than one group that has authorizations on a safe, by default that user is granted the cumulative permissions of all the groups to which that user belongs. This means that the user will inherit all the permissions assigned to the various groups, rather than being limited to permissions from only one group.

Question 2 of 152

It is possible to control the hours of the day during which a user may long into the vault.

TRUE

FALSE

Correct Answer: A

It is possible to control the hours of the day during which a user may log into the vault. This feature is common in many security and access control systems to enhance security by restricting access to specific time frames.

Question 3 of 152

VAULT authorizations may be granted to ____________________. (Choose all that apply.)

Vault Users

Vault Groups

LDAP Users

LDAP Groups

Correct Answer: A

VAULT authorizations are typically granted to Vault Users. This means that individual users who have been added to the system can receive specific authorizations. The concept of granting authorizations primarily to individual users rather than groups or external entities like LDAP users aligns with common practices in access management for secure systems.

Question 4 of 152

What is the purpose of the Interval setting in a CPM policy?

To control how often the CPM looks for System Initiated CPM work.

To control how often the CPM looks for User Initiated CPM work.

To control how long the CPM rests between password changes.

To control the maximum amount of time the CPM will wait for a password change to complete.

Correct Answer: A

The purpose of the Interval setting in a Central Policy Manager (CPM) policy is to control how often the CPM looks for System Initiated CPM work. This setting determines the frequency with which the CPM checks for new tasks initiated by the system to manage tasks efficiently and ensure timely execution of automated password management processes.

Question 5 of 152

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group

UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group

OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsStaff? (Choose all that apply.)

Use Accounts

Retrieve Accounts

List Accounts

Authorize Password Requests

Access Safe without Authorization

Correct Answer: A, B

To meet the requirements for OperationsStaff, both 'Use Accounts' and 'Retrieve Accounts' permissions are necessary. 'Use Accounts' is required for connecting to the servers using PSM (Privileged Session Manager), and 'Retrieve Accounts' is required to show and copy passwords. While 'List Accounts' may assist in viewing accounts in the safe, it is not directly indicated as necessary based on the requirements specified. 'Authorize Password Requests' and 'Access Safe without Authorization' are not necessary for OperationsStaff to use the show, copy, and connect functions as described.