Exam CAU201 All QuestionsBrowse all questions from this exam
Go to Exam
Question 5

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group

UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group

OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsStaff? (Choose all that apply.)

    Correct Answer: A, B

    To meet the requirements for OperationsStaff, both 'Use Accounts' and 'Retrieve Accounts' permissions are necessary. 'Use Accounts' is required for connecting to the servers using PSM (Privileged Session Manager), and 'Retrieve Accounts' is required to show and copy passwords. While 'List Accounts' may assist in viewing accounts in the safe, it is not directly indicated as necessary based on the requirements specified. 'Authorize Password Requests' and 'Access Safe without Authorization' are not necessary for OperationsStaff to use the show, copy, and connect functions as described.

Discussion
Atoure_22Option: A

The enswer is ABC

powertechnetOptions: ABC

answer A, B , C List accounts = to show list of accounts in safe Use accounts = to connect to the target using PSM retrieve accounts = show and copy passwords

ramazana

the answer is ABC with a request to OperationsManagers

[Removed]Option: C

Answer is ABC

dru0pa

The answer is both A and C. As I have this setup in my lab and have tested this.

akik13

The answer is ABC

sahilyakup

I think here the answer is A, B, C and D. For connection users must be given Use account permission. Besides, to show and copy the account details, users must have the Retrieve account permission. Finally, if dual control is enabled and users request to use the account, they have to be given the Authorize account request permission in the safe.

sahilyakup

One that I forget to write here is that users who are given "Authorize account request" require the ‘List accounts’ authorization to see the Request details of the account requests waiting for their confirmation.