CyberArk Sentry – PAM

Here you have the best CyberArk PAM-SEN practice exam questions

You have 97 total questions to study from
Each page has 5 questions, making a total of 20 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 11, 2024

Question 1 of 97

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

Manage Directory Mapping

Activate Users

Backup All Safes, Restore All Safes

Audit Users, Add Network Areas

Correct Answer: B

To install the Central Policy Manager (CPM) in CyberArk, in addition to permissions like Add Safes, Add/Update Users, Reset Users’ Passwords, and Manage Server File Categories, a CyberArk user also requires the 'Activate Users' authorization. This ensures that the user has full access to manage user activities, which is a necessary component for installing and configuring the CPM.

Question 2 of 97

In which configuration file do you add LoadBalancerClientAddressHeader when you enable x-forwarding on the PVWA loadbalancer?

PVconfiguration.xml

web.config

apigw.ini

CyberArkScheduledTasks.exe.config

Correct Answer: B

The LoadBalancerClientAddressHeader setting is typically configured in the web.config file for web applications. This file contains settings and configurations specific to the internet information services (IIS) for web hosting, making it the appropriate place to add configurations related to load balancing and forwarding such as X-Forwarded-For headers.

Question 3 of 97

You are configuring SNMP remote monitoring for your organization’s Vault servers.

In the PARAgent.ini, which parameter specifies the destination of the Vault SNMP traps?

SNMPHostIP

SNMPTrapPort

SNMPCommunity

SNMPVersion

Correct Answer: A

In the context of configuring SNMP remote monitoring for Vault servers, the parameter in the PARAgent.ini file that specifies the destination of the Vault SNMP traps is SNMPHostIP. This parameter should be set to the IP address of the remote computer where SNMP traps are to be sent.

Question 4 of 97

You want to improve performance on the CPM by restricting accounts for the CYBRWINDAD platform to only the WINDEMEA and WINDEMEA_Admin safes.

How do you set this in CyberArk?

In the CYBRWINDAD platform, under Automatic Password Management/General, configure AllowedSafes and set to (WINDEMEA)|(WINDEMEA_ADMIN).

In the settings for Configuration/CPM assigned to the WINDEMEA and WINDEMEAADMIN safes, configure AllowedSafes and set to (WINDEMEA)|(WINDEMEAADMIN).

In the CYBRWINDAD platform, under UI&Workflows/Properties/Optional, configure AllowedSafes and set to (WINDEMEA)|(WINDEMEA_ADMIN).

Modify cpm.ini on the relevant CPM/s and add the setting AllowedSafesCYBRWINDAD and set to (WINDEMEA)|(WINDEMEAADMIN).

Correct Answer: A

To restrict accounts for the CYBRWINDAD platform to only the WINDEMEA and WINDEMEA_Admin safes in CyberArk, you need to configure this setting in the CYBRWINDAD platform under Automatic Password Management/General. The correct parameter to set is AllowedSafes, and it should be set to (WINDEMEA)|(WINDEMEA_ADMIN). This configuration ensures that only the specified safes are allowed for this platform, thereby improving performance on the CPM.

Question 5 of 97

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.

Which file should you update to allow this to run?

PSMConfigureAppLocker.xml

PSMHardening.xml

PSMAppConfig.xml

PSMConfigureHardening.xml

Correct Answer: A

To allow a PSM Universal Connector executable to run on the PSM, you need to update the PSMConfigureAppLocker.xml file. This file is used to configure application rules in AppLocker, which controls which executables are allowed to run. Modifying this file ensures that the required applications can execute on the PSM server.