CyberArk SECRET-SEN Exam Questions

Question 6 of 60

An application is having authentication issues when trying to securely retrieve credential’s from the Vault using the CCP webservices RESTAPI. CyberArk Support advised that further debugging should be enabled on the CCP server to output a trace file to review detailed logs to help isolate the problem.
What best describes how to enable debug for CCP?

A.

Edit web.config. change the “AIMWebServiceTrace” value, restart Windows Web Server (IIS)

B.

In the PVWA, go to the Applications tab, select the Application in question, go to Options > Logging and choose Debug.

C.

From the command line, run appprvmgr.exe update_config logging=debug.

D.

Edit the basic_appprovider.conf, change the “AIMWebServiceTrace" value, and restart the provider.

Question 7 of 60

When working with Credential Providers in a Privileged Cloud setting, what is a special consideration?

A.

If there are installation issues, troubleshooting may need to involve the Privileged Cloud support team.

B.

Credential Providers are not supported in a Privileged Cloud setting.

C.

The AWS Cloud account number must be defined in the file main_appprovider.conf. <platform>.<version> found in the AppProviderConf Safe.

D.

Debug logging for Credential Providers deployed in a Privileged Cloud setting can inadvertently exhaust available disk space.

Question 8 of 60

While retrieving a secret through REST, the secret retrieval fails to find a matching secret. You know the secret onboarding process was completed, the secret is in the expected safe with the expected object name, and the CCP is able to provide secrets to other applications.
What is the most likely cause for this issue?

A.

The application ID or Application Provider does not have the correct permissions on the safe.

B.

The client certificate fingerprint is not trusted.

C.

The service account running the application does not have the correct permissions on the safe.

D.

The OS user does not have the correct permissions on the safe

Question 9 of 60

You are setting up a Kubernetes integration with Conjur. With performance as the key deciding factor, namespace and serviceaccount will be used as identity characteristics.
Which authentication method should you choose?

A.

JWT-based authentication

B.

Certificate-based authentication

C.

API key authentication

D.

OpenID Connect (O|DC) authentication

Question 10 of 60

When attempting to retrieve a credential, you receive an error 401 – Malformed Authorization Token.
What is the cause of the issue?

A.

The token is not correctly encoded.

B.

The token you are trying to retrieve does not exist.

C.

The host does not have access to the credential with the current token.

D.

The credential has not been initialized.