CyberArk Sentry – PAM

Here you have the best CyberArk PAM-SEN practice exam questions

  • You have 97 total questions to study from
  • Each page has 5 questions, making a total of 20 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 17, 2024
Question 1 of 97

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

    Correct Answer: B

    To install the Central Policy Manager (CPM) in CyberArk, in addition to permissions like Add Safes, Add/Update Users, Reset Users’ Passwords, and Manage Server File Categories, a CyberArk user also requires the 'Activate Users' authorization. This ensures that the user has full access to manage user activities, which is a necessary component for installing and configuring the CPM.

Question 2 of 97

In which configuration file do you add LoadBalancerClientAddressHeader when you enable x-forwarding on the PVWA loadbalancer?

    Correct Answer: B

    The LoadBalancerClientAddressHeader setting is typically configured in the web.config file for web applications. This file contains settings and configurations specific to the internet information services (IIS) for web hosting, making it the appropriate place to add configurations related to load balancing and forwarding such as X-Forwarded-For headers.

Question 3 of 97

You are configuring SNMP remote monitoring for your organization’s Vault servers.

In the PARAgent.ini, which parameter specifies the destination of the Vault SNMP traps?

    Correct Answer: A

    In the context of configuring SNMP remote monitoring for Vault servers, the parameter in the PARAgent.ini file that specifies the destination of the Vault SNMP traps is SNMPHostIP. This parameter should be set to the IP address of the remote computer where SNMP traps are to be sent.

Question 4 of 97

You want to improve performance on the CPM by restricting accounts for the CYBRWINDAD platform to only the WINDEMEA and WINDEMEA_Admin safes.

How do you set this in CyberArk?

    Correct Answer: A

    To restrict accounts for the CYBRWINDAD platform to only the WINDEMEA and WINDEMEA_Admin safes in CyberArk, you need to configure this setting in the CYBRWINDAD platform under Automatic Password Management/General. The correct parameter to set is AllowedSafes, and it should be set to (WINDEMEA)|(WINDEMEA_ADMIN). This configuration ensures that only the specified safes are allowed for this platform, thereby improving performance on the CPM.

Question 5 of 97

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.

Which file should you update to allow this to run?

    Correct Answer: A

    To allow a PSM Universal Connector executable to run on the PSM, you need to update the PSMConfigureAppLocker.xml file. This file is used to configure application rules in AppLocker, which controls which executables are allowed to run. Modifying this file ensures that the required applications can execute on the PSM server.