CAU201 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAU201 Exam - Question 5

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group

UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group

OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsStaff? (Choose all that apply.)

Show Answer
Correct Answer: AB

To meet the requirements for OperationsStaff, both 'Use Accounts' and 'Retrieve Accounts' permissions are necessary. 'Use Accounts' is required for connecting to the servers using PSM (Privileged Session Manager), and 'Retrieve Accounts' is required to show and copy passwords. While 'List Accounts' may assist in viewing accounts in the safe, it is not directly indicated as necessary based on the requirements specified. 'Authorize Password Requests' and 'Access Safe without Authorization' are not necessary for OperationsStaff to use the show, copy, and connect functions as described.

Discussion

7 comments
Sign in to comment
Atoure_22Option: A
Feb 8, 2022

The enswer is ABC

powertechnetOptions: ABC
Apr 16, 2022

answer A, B , C List accounts = to show list of accounts in safe Use accounts = to connect to the target using PSM retrieve accounts = show and copy passwords

[Removed]Option: C
Oct 24, 2022

Answer is ABC

ramazana
Feb 11, 2024

the answer is ABC with a request to OperationsManagers

sahilyakup
Jan 15, 2023

I think here the answer is A, B, C and D. For connection users must be given Use account permission. Besides, to show and copy the account details, users must have the Retrieve account permission. Finally, if dual control is enabled and users request to use the account, they have to be given the Authorize account request permission in the safe.

sahilyakup
Jan 15, 2023

One that I forget to write here is that users who are given "Authorize account request" require the ‘List accounts’ authorization to see the Request details of the account requests waiting for their confirmation.

akik13
Apr 3, 2023

The answer is ABC

dru0pa
Jul 6, 2023

The answer is both A and C. As I have this setup in my lab and have tested this.