EMT Practice Test

1. Question Content...


Question List

Question1: PSM for Windows (previously known as "RDP Proxy") supports connections to the following target systems

Question2: What is the purpose of the Interval setting in a CPM policy?

Question3: When managing SSH keys, the CPM stored the Private Key

Question4: Which utilities could you use to change debugging levels on the vault without having to restart the vault.
Select all that apply.

Question5: When managing SSH keys, the CPM stores the Public Key

Question6: When managing SSH keys, the CPM stored the Private Key

Question7: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question8: For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

Question9: Which report provides a list of account stored in the vault.

Question10: Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Question11: Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Question12: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question13: You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to
change the root account's password the CPM will...

Question14: According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Question15: CyberArk implements license limits by controlling the number and types of users that can be provisioned in the
vault.

Question16: Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?

Question17: Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

Question18: In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?

Question19: Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Question20: For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

Question21: You want to generate a license capacity report.
Which tool accomplishes this?

Question22: Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI).

Question23: In your organization the "click to connect" button is not active by default.
How can this feature be activated?

Question24: As long as you are a member ofthe Vault Admins group you can grant any permission on any safe.

Question25: CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.

Question26: As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Question27: Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Question28: Time of day or day of week restrictions on when password verifications can occur configured in
____________________.

Question29: Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Question30: Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select
all that apply.

Question31: What is the purpose of a linked account?

Question32: Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

Question33: Which of these accounts onboarding methods is considered proactive?

Question34: Which of the following options is not set in the Master Policy?

Question35: What is the easiest way to duplicate an existing platform?

Question36: All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the
accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and
connect buttons on those passwords at any time without confirmation. The members of the AD group
OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an
emergency basis, but only with the approval of a member of OperationsManagers. The members of
OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to OperationsStaff? Check all that apply.

Question37: The System safe allows access to the Vault configuration files.

Question38: Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

Question39: Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Question40: Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.

Question41: An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Question42: What is the purpose of the CyberArk Event Notification Engine service?

Question43: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question44: When on-boarding account using Accounts Feed, Which of the following is true?

Question45: You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to
[b]change [/b] the root account's password the CPM will.....

Question46: Which of the following statements are NOT true when enabling PSM recording for a target Windows server?
(Choose all that apply)

Question47: For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Question48: It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Question49: For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

Question50: A user with administrative privileges to the vault can only grant other users privileges that he himself has.

Question51: A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.
What is the correct location to identify users or groups who can approve?

Question52: The password upload utility must run from the CPM server

Question53: For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Question54: For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Question55: If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Question56: What is the primary purpose of One Time Passwords?

Question57: You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to
[b]change [/b] the root account's password the CPM will.....

Question58: CyberArk recommends implementing object level access control on all Safes.

Question59: The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).

Question60: A logon account can be specified in the platform settings.

Question61: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question62: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question63: Secure Connect provides the following. Choose all that apply.

Question64: Accounts Discovery allows secure connections to domain controllers.

Question65: Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Question66: SAFE Authorizations may be granted to____________.
Select all that apply.

Question67: What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

Question68: When creating an onboarding rule, it will be executed upon .

Question69: What is the purpose of the Immediate Interval setting in a CPM policy?

Question70: Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes
property.

Question71: Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Question72: You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

Question73: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question74: Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?

Question75: Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Question76: Which command configures email alerts within PTA if settings need to be changed post install?

Question77: Match each key to its recommended storage location.

Question78: The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Question79: Which is the primary purpose of exclusive accounts?

Question80: Which of the following components can be used to create a tape backup of the Vault?

Question81: What is the name of the Platform parameter that controls how long a password will stay valid when One Time
Passwords are enabled via the Master Policy?

Question82: When on-boarding account using Accounts Feed, which of the following is true?

Question83: The Password upload utility can be used to create safes.

Question84: Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Question85: When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

Question86: What is the purpose of the Immediate Interval setting in a CPM policy?

Question87: Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are
configured for Dual control, still need to request approval to use the account.

Question88: A Reconcile Account can be specified in the Master Policy.

Question89: The password upload utility must run from the CPM server

Question90: Which user is automatically added to all Safes and cannot be removed?

Question91: Which report could show all accounts that are past their expiration dates?

Question92: You receive this error:
"Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied." Which root cause should you investigate?

Question93: It is possible to control the hours of the day during which a user may long into the vault.

Question94: If a password is changed manually on a server, bypassing the CPM, how would you configure the account so
that the CPM could resume management automatically?

Question95: In order to connect to a target device through PSM, the account credentials used for the connection must be
stored in the vault?

Question96: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question97: Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Question98: Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C.
Which file should you edit?

Question99: If a user is a member of more than one group that has authorizations on a safe, by default that user is
granted____________________.

Question100: dbparm.ini is the main configuration file for the Vault.

Question101: You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?

Question102: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question103: A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?

Question104: In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?