Here you have the best CyberArk PAM-CDE-RECERT practice exam questions
Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM. Which file should you update to allow this to run?
To allow a specific executable to run on the PSM, you need to update the AppLocker rules. The correct file to modify for this purpose is PSMConfigureAppLocker.xml, as it directly influences which executables are permitted to run on the PSM server.
As Vault Admin, you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?
To configure LDAP authentication for CyberArk users, you would need the ability to manage directory mappings, which allows you to connect CyberArk roles to the appropriate LDAP groups. This ensures that users are authenticated correctly based on their LDAP group memberships. Therefore, the permissions required would be Audit Users and Manage Directory Mapping.
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.
What is the least intrusive way to accomplish this?
The least intrusive way to update the password configured for usage in CyberArk is to use the 'reconcile' button on the parent account's details page. Reconciliation allows the system to ensure that the password in the vault is synchronized with the password on the target system without directly changing or modifying the existing password in an intrusive manner.
DRAG DROP -
Arrange the steps to complete CPM Hardening for Out-of-Domain Deployment in the correct sequence.
To complete CPM Hardening for Out-of-Domain Deployment, the correct sequence of steps is as follows: 1. Locate the CPM_Hardening.ps1 script in the installation media. This is the initial step because you need to find the script before you can run it. 2. Open PowerShell as Administrator and run the script. Running the script requires administrative privileges to ensure it can make the necessary system changes. 3. Review the script log called HardeningScript log. This step involves checking the log file generated by the script to verify that the hardening process has completed correctly. 4. Review the script log called CYBRHardeningsecedit.log. This final step involves reviewing another log file to ensure that additional hardening steps have been correctly applied. This order is essential to ensure each step follows logically and that the hardening process is verified through log checks at the end.
Which certificate type do you need to configure the vault for LDAP over SSL?
To configure the vault for LDAP over SSL, you need the CA Certificate that signed the certificate used by the External Directory. This is because the Vault needs to validate and trust the certificate presented by the LDAP server, and importing the CA Certificate that signed the LDAP server's certificate is the proper way to establish this trust.