Question 6 of 113
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.
What is the correct location to identify users or groups who can approve?
Answer

Suggested Answer

The suggested answer is B.

To identify users or groups who can approve a password request that is under dual control, navigate to PVWA (Privileged Vault Web Access) > Policies > Access Control (Safes) > Select the safe > Safe Members > Workflow > Authorize Password Requests. This path allows you to see the members who are authorized to approve password requests, which is essential for the dual control process.

Community Votes2 votes
BSuggested
100%
Question 7 of 113
What must you specify when configuring a discovery scan for UNIX? (Choose two.)
Answer

Suggested Answer

The suggested answer is C, D.

When configuring a discovery scan for UNIX, it is essential to specify the root password for each machine because this allows the scanning process to authenticate and access the necessary information on each target machine. Additionally, you must provide a list of machines to scan, so the discovery process knows which machines need to be scanned. Both of these elements are critical for conducting a successful and comprehensive discovery scan.

Community Votes10 votes
BDMost voted
100%
Question 8 of 113
To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?
Answer

Suggested Answer

The suggested answer is A.

To change the safe where recordings are kept for a specific platform, you must update the 'SessionRecorderSafe' setting in the platform configuration. This setting specifies the name of the safe that will store recordings of activities for accounts associated with the platform.

Community Votes19 votes
ASuggested
100%
Question 9 of 113
Which processes reduce the risk of credential theft? (Choose two.)
Answer

Suggested Answer

The suggested answer is B, D.

Requiring a password change every X days ensures that even if credentials are compromised, the window of opportunity for misuse is limited, since the credentials will frequently be rotated. Enforcing one-time password access significantly reduces the risk of credential theft because the password expires after a single use, making it much harder for unauthorized users to reuse stolen credentials. These processes directly focus on reducing risks associated with credential theft.

Community Votes34 votes
BDSuggested
65%
CD
35%
Question 10 of 113
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How can this be configured to allow for password management using least privilege?
Answer

Suggested Answer

The suggested answer is C.

To allow for password management using least privilege, the correct approach is to configure the UNIX platform to use the correct logon account. This ensures that the CPM can log in using a secondary account with the necessary permissions instead of directly using the root account. By doing this, the CPM gains the ability to manage the root account's password without having direct root access, which adheres to the principle of least privilege.

Community Votes13 votes
CSuggested
77%
D
23%