CyberArk Sentry (49 items)

 Multiple PVWA servers are always all active

True

 Within the Vault each password is encrypted by

It own unique key.

 In an SMTP integration it is recommended to use the FQDN when specifying the SMTP server
address(es)

True

 The vault supports a number of dual factor authentication methods.

True

 During LDAP/S integration you should specify the FQDN of Domain Controller

True

 A stand alone Vault server requires DNS services to operate properly

False

 The DR module allows an integration with Enterprise Backup software

False

 Does CyberArk need service accounts on each server to change passwords?

No, the CPM uses account information stored in the vault to login and change the account's password
using its own credentials.

 The connect button requires PSM to work

FALSE

 Which keys are required to be present in order to start the PrivateArk Server Service?

Server Key
Recovery Public Key

 A vault administrator wants to change the PSM server ID to comply with a naming standard.
What is the process for changing the PSM server ID?

First, login to the PVWA, browse to administration, system config, options, PSM, Configured PSM
servers and select the PSM Server you need to change from the list of servers. In the properties pane,
set the value of the ID property to the new Server ID, click Apply and OK. Next, edit the basic_psmi.ini
file located on the PSM server in the PSM root directory and update the PSMServerID parameter with
the new Server ID, save the file and restarted the “CyberArk PSM” server on PSM server.

 Multiple PVWA servers provide automatic load balancing.

False

 The vault provides tamper-proof audit trail.

True

 The following applications are included with PSM and require no additional installation or
configuration.

SQL Plus
RDP
Putty
WinSCP

 If a transparent user matches two different directory mappings, how does the system determine
which user template to use?

The system will use the template for the mapping listed first.

 What would be a good use case for a High Availability vault?

Recovery Time Objectives or Recovery Point Objectives are at or near zero.

 Name two ways of viewing the ITAlog

1. Log into the vault locally and navigate to the Server folder under the PrivateArk install location.
2. Access the System Safe from PrivateArk client.

 What is the purpose of the PrivateArk Database service?

Maintains Vault metadata.

 The vault uses a modified version of the Microsoft Windows firewall.

True

 What is the best practice for storing the Master CD?

Store the CD in a secure location, such as a physical safe.

 What is the name of the account used to establish the initial RDP session from the end user
client machine to the PSM server?

PSMConnect

 What is the purpose of the Reconcile process?

To allow CyberArk to manage unknown or lost credentials.

The CyberArk Event Notification Engine Service on the Vault.

 By default, the vault secure protocol uses which IP port and protocol?

TCP/1858

 In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

TRUE

 To apply a new license file you must

Upload the .xml file to the System Safe

 What would be a good use case for the Replicate module?

Integration with an Enterprise Backup Solution is required.

 The vault supports multiple instances of the following components

PVWA
CPM
PSM
AIM Provider

 At what point is a transparent user provisioned in the vault?

The first time the user logs in.

 What is the purpose of the PrivateArk Server service?

Makes vault data accessible to components.

 A SIEM integration allows you to forward ITALOG records to a monitoring solution.

False

 Which of the following are secure options for storing the contents of the Operator CD, while still
allowing the contents to be accessible upon a planned Vault restart?

1. Store the CD in a physical safe and mount the CD every time vault maintenance is performed.
2. Copy the contents of the CD to a folder on the vault server and secure it with NTFS permissions
3. Store the server key in a Hardware Security Module.

 For the hardening process to complete successfully, security products like Antivirus should be
installed on the Vault server before running the vault installer.

FALSE

 A SIEM integration allows you to forward audit records to a monitoring solution.

 The Remote Desktop Services role must be property licensed by Microsoft.

TRUE

 Prior to version 10.7, what is the correct order of installation for PAS components?

Vault, CPM, PVWA, PSM

 HA, DR, Replicate are mutually exclusive and cannot be used in the same environment.

FALSE

 What is the purpose of the CyberArk Event Notification Engine service?

Sends email messages from the vault.

 You are successfully managing passwords in the a.cyberark.com domain; however, when you
attempt to manage a password in the b.cyberark.domain, you receive the ‘network path not
found’ error. What should you check first?

That the CPM can successfully resolve addresses in the b.cyberark.com domain.

 The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set
the IP address of the SNMP solution?

PARAgent.ini

 What would be a good use case for the Disaster Recovery module?

Off site replication is required.

 When a DR vault server becomes an active vault, it will automatically fail back to the original
state once the primary vault comes back online.

False, this is not possible

 Which file would you modify to configure your Vault Server to forward Activity Logs to a SIEM or
SYSLOG server?

Dbparm.ini

 The Vault Internal safe contains all of the configuration for the vault.

FALSE

 PSM requires the Remote Desktop Session Host role service.

TRUE

 The Vault Internal safe contains the configuration for an LDAP integration.

TRUE
  Which file would you modify to configure the vault to send SNMP traps to your monitoring
solution?

Paragent.ini

 What is the PRIMARY reason for installing more than 1 active CPM?

Installing CPMs in multiple sites prevents complex firewall rules to manage devices at remote sites.

 Multiple PSM Servers can be load balanced

TRUE