EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply)

Question2: What is the chief benefit of PSM?

Question3: Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

Question4: A user is receiving the error message "ITATS006E Station is suspended for User jsmith" when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Question5: It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Question6: You are logging into CyberArk as the Master user to recover an orphaned safe.
Which items are required to log in as Master?

Question7: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question8: When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Question9: A Logon Account can be specified in the Master Policy.

Question10: Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Question11: Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Question12: You are creating a Dual Control workflow for a team's safe.
Which safe permissions must you grant to the Approvers group?

Question13: For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Question14: Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client's machine makes an RDP connection to the PSM server, which user will be utilized?

Question15: When managing SSH keys, the CPM stored the Private Key

Question16: Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Question17: In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

Question18: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question19: You are creating a new Rest API user that utilizes CyberArk Authentication.
What is a correct process to provision this user?

Question20: When managing SSH keys, the CPM stores the Public Key

Question21: Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question22: Which command configures email alerts within PTA if settings need to be changed post install?

Question23: Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Question24: In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to "Fast Forward" within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.
What could be the cause?

Question25: As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Question26: According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Question27: PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Question28: Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Question29: What is the primary purpose of One Time Passwords?

Question30: You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

Question31: Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

Question32: Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Question33: To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.
Which configuration is correct?

Question34: Which usage can be added as a service account platform?

Question35: Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Question36: To manage automated onboarding rules, a CyberArk user must be a member of which group?

Question37: Match the log file name with the CyberArk Component that generates the log.

Question38: One can create exceptions to the Master Policy based on ____________________.

Question39: If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Question40: Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Question41: A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Question42: As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Question43: Which is the primary purpose of exclusive accounts?

Question44: What is the purpose of the password change process?

Question45: What is the purpose of the CyberArk Event Notification Engine service?

Question46: Which of the following PTA detections are included in the Core PAS offering?

Question47: A user with administrative privileges to the vault can only grant other users privileges that he himself has.

Question48: Within the Vault each password is encrypted by:

Question49: Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

Question50: When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

Question51: Which report provides a list of account stored in the vault.

Question52: Which of the following logs contains information about errors related to PTA?

Question53: Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Question54: What is the purpose of the HeadStartlnterval setting m a platform?

Question55: Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Question56: Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?

Question57: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question58: What is the maximum number of levels of authorization you can set up in Dual Control?

Question59: When creating an onboarding rule, it will be executed upon .

Question60: A logon account can be specified in the platform settings.