EMT Practice Test

1. Question Content...


Question List

Question1: A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

Question2: The Remote Desktop Services role must be property licensed by Microsoft.

Question3: Which service is optional on the Vault?

Question4: Which combination of safe member permissions will allow End Users to log in to a remote machine transparently but NOT show or copy the password?

Question5: A Logon Account can be specified in the Master Policy

Question6: What is the PRIMARY reason for installing more than 1 active Central Policy Manager (CPM)?

Question7: A vault admin received an email notification that a password verification process has failed Which service sent the message?

Question8: PSM captures a record of each command that was issued in SQL Plus.

Question9: In order to grant a permission to a user, and administrator MUST possess that permission.

Question10: A SIEM integration is a powerful way to correlate Privileged Account Usage with Privileged Account Activity.

Question11: A safe was recently created by a user who is a member of the LDAP Vault Administrators group. Which of the following users does not have access to the newly created safe by default?

Question12: When working with the CyberArk High Availability Cluster, which services are running on the passive node?

Question13: A Security Information and Event Management (SIEM) integration allows you to forward audit records to a monitoring solution.

Question14: Which of the following is considered a prerequiste for installing PSM?

Question15: The Remote Desktop Services role installed on PSM must be properly licensed by Microsoft.

Question16: All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to UnixAdmins? Check all that apply

Question17: The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a "Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

Question18: When the PSM Gateway (also known as the HTML5 Gateway) is implemented, users must have an RDP client, such as MSTSC, installed on their endpoint in order to launch connections via the PSM.

Question19: PSM for SSH (previously known as "PSM SSH Proxy") supports connections to the following target systems:

Question20: Which of the following are secure options for storing the contents of the Operator CD. while still allowing the contents to be accessible upon a planned Vault restart? Choose alt that apply

Question21: What is the name of the Platform parameter that determines the amount of time a person is allowed to use a One Time Password?

Question22: The Vault does not support dual factor authentication.

Question23: CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.

Question24: When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Question25: The vault supports a number of dual factor authentication methods.

Question26: Platform settings are applied to_________.

Question27: Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.)

Question28: Two-factor authentication can be implemented by integrating the Vault with a RADIUS server configured to require PIN and token.

Question29: Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply

Question30: Which user is automatically given all Safe authorizations on all Safes?

Question31: PSM requires the Remote Desktop Session Host role service.

Question32: Which is the purpose of the HeadStartInterval setting in a platform?

Question33: The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

Question34: The Accounts Feed contains:

Question35: What is the maximum number of levels of authorizations you can set up in Dual Control?

Question36: It is possible to control the hours of the day during which a safe may be used.

Question37: The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Question38: Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? (Choose all that apply.)

Question39: What is the purpose of the password Reconcile process?

Question40: In version 10.7 the correct order of installation for components changed. Make the necessary corrections to the list below to show the new installation order.
Select and Place:

Question41: Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords.

Question42: How does the Vault administrator configure the CyberArk Disaster Recovery (DR) solution to perform automatic failover in case of failure in the Primary Vault?

Question43: Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? Choose all that apply.

Question44: Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.D18912E1457D5D1DDCBD40AB3BF70D5D

Question45: In order to connect to a target device through PSM. the account credentials used for the connection must be stored in the vault?

Question46: What is the chief benefit of PSM?

Question47: The Vault needs to send Simple Network Management Protocol (SNMP) traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

Question48: Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the target email server during Simple Mail Transfer Protocol (SMTP) integration?

Question49: A Vault Administrator wants to change the PSM Server ID to comply with a naming standard. What is the process for changing the PSM Server ID?

Question50: A SIEM integration allows you to forward audit records to a monitoring solution.

Question51: When on-boarding accounts using Accounts Feed, Which of the following is true?

Question52: Which of the following sends out Simple Network Management Protocol (SNMP) traps?

Question53: PSM captures a record of each command that was executed in Unix.

Question54: PSM for SSH (previously known as "PSM SSH Proxy") supports connections to the following target systems:

Question55: In an SIEM integration it is recommended to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es).

Question56: Which parameter controls how often the Central Policy Manager (CPM) looks for accounts that need to be changed from recently completed Dual Control requests?

Question57: Which of the following is considered a prerequisite for installing PSM?

Question58: In a Distributed Vaults environment, which of the following components will NOT be communicating with the Satellite Vaults?

Question59: Ad-Hoc Access (formerly Secure Connect) provides the following features. (Choose all that apply.)

Question60: What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

Question61: CyberArk creates exceptions for Data Execution Prevention (DEP) on selected executable files. This is done as part of installing which of the following components?

Question62: The password upload utility must run from the CPM server.

Question63: An SMTP integration allows you to forward audit records from the vault to the SIEM.

Question64: When creating an onboarding rule, it will be executed upon.

Question65: Can you forward audit records to your monitoring solution via SIEM integration?

Question66: The Vault supports multiple instances of the following components Choose all that Apply

Question67: The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

Question68: Platform settings are applied to _________.

Question69: What values are acceptable in the address field on the Accounts Details.

Question70: What values are acceptable in the address field on the Accounts Details?

Question71: PTA can automatically suspend sessions in case of suspicious activities detected in a privileged session, only if the session is made via the CyberArk PSM.

Question72: To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults. Which file needs to be changed on the PVWA to enable this setup?

Question73: PSM requires the Remote Desktop Gateway role service.

Question74: Which credentials does CyberArk use when managing a target account?

Question75: One of your users is receiving the error message "ITATS006E Station is suspended for User jsmith" when attempting to sign in to the pvwa. Which utility would you use to correct this problem?

Question76: What is the purpose of the CyberArk Event Notification Engine service.

Question77: When the PSM Gateway (also known as the HTML5 Gateway) is implemented, users must have an RDP client, such as MSTSC, installed on their endpoint in order to launch connections via the PSM.

Question78: After the Vault Server is installed, the Microsoft Windows Firewall is now commandeered by the Vault Can the administrator change these firewall rules?

Question79: PSM captures a record of each command that was issues in SQL Plus.

Question80: Which is the purpose of the HeadStartInterval setting in a platform?

Question81: When managing SSH keys, CPM automatically pushes the Private Key to all systems that use it.

Question82: You have associated a logon account to one of your UNIX root accounts in the vault When attempting to verify the root account's password the CPM will...

Question83: A SIEM integration allows you to forward ITALOG records to a monitoring solution.

Question84: A Simple Network Management Protocol (SNMP) integration allows you to forward audit records from the vault to the Security Information and Event Management (SIEM).

Question85: In order to connect to a target device through PSM, the account credentials used for the connection must
be stored in the vault?

Question86: In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Question87: Which of the following statements are NOT truewhen enabling PSM recording fora target Windows server?
Choose all that apply

Question88: Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question89: One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows.

Question90: It is impossible to override Mater Policy settings for a Platform

Question91: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question92: Which of the following statements are NOT true when enabling PSM recording for a target Windows server?

Question93: Accounts Discovery allows secure connections to domain controllers.

Question94: It is possible to restrict the time of day, or day of week that a change process can occur.

Question95: Auto-Detection can be configured to leverage LDAP/S.

Question96: The Remote Desktop Services role must be properly licensed by Microsoft.

Question97: Auto-Detection can be configured to leverage LDAP/S.

Question98: Which is the purpose of a linked account?

Question99: An SMTP integration allows you to forward audit records to a monitoring solution.

Question100: Which user(s) can access all passwords in the vault

Question101: When accessing the Vault via PVWA, is it possible, is it possible to configure multiple Dual Authentication Methods?

Question102: What are the chief benefits of PSM? Choose all that apply

Question103: In an SIEM integration it is recommended to use the fully-qualified domain name (FGDN) when specifying the SIEM server address(es).