EMT Practice Test

1. Question Content...


Question List

Question1: Which file is used to open up a non-standard firewall port to the Vault?

Question2: Platform settings are applied to _________.

Question3: Which one the following reports is NOT generated by using the PVWA?

Question4: Select the best practice for storing the Master CD.

Question5: Which authentication methods does PSM for SSH support?

Question6: Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation.

Question7: All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.
Which safe permission do you need to grant Operations Staff? Check all that apply.

Question8: Which onboarding method is used to integrate CyberArk with the accounts provisioning process?

Question9: For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Question10: When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

Question11: Which components support fault tolerance.

Question12: In a default CyberArk installation, which group must a user be a member of to view the "reports" page in PVWA?

Question13: A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Manager (CPM) will:

Question14: What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?

Question15: You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?

Question16: The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

Question17: What is the easiest way to duplicate an existing platform?

Question18: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question19: How does the Vault administrator apply a new license file?

Question20: A company requires challenge/response multi-factor authentication for PSMP sessions. Which server must you integrate with the CyberArk vault?

Question21: How much disk space do you need on the server for a PAReplicate?

Question22: The password upload utility must run from the Central Policy Manager (CPM) server.

Question23: Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the target email server during Simple Mail Transfer Protocol (SMTP) integration?

Question24: In a Distributed Vaults environment, which of the following components will NOT be communicating with the Satellite Vaults?

Question25: What is the purpose of the Interval setting in a CPM policy?

Question26: Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Question27: You are creating a Dual Control workflow for a team's safe.
Which safe permissions must you grant to the Approvers group?

Question28: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question29: Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?

Question30: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question31: Within the Vault each password is encrypted by:

Question32: After the Vault server is installed, the Microsoft Windows firewall is now commandeered by the Vault.
Can the administrator change these firewall rules?

Question33: The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Question34: Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Question35: An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Question36: Match the log file name with the CyberArk Component that generates the log.

Question37: Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C.
Which file should you edit?

Question38: What is the purpose of the password verify process?

Question39: It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Question40: If a customer has one data center and requires high availability, how many PVWA's should be deployed.

Question41: A Reconcile Account can be specified in the Master Policy.

Question42: Which of the following logs contains information about errors related to PTA?

Question43: What is the purpose of the CyberArk Event Notification Engine service?

Question44: A customer's environment three data centers, consisting of 5,000 servers in Germany, 10,000 servers in Canada, 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPM's should you deploy?

Question45: PSM for Windows (previously known as RDP Proxy) supports connections to the which of the following target systems?

Question46: The password upload utility must run from the CPM server

Question47: The PSM requires the Remote Desktop Web Access role service.

Question48: Access control to passwords is implemented by __________.

Question49: In your organization the "click to connect" button is not active by default.
How can this feature be activated?

Question50: Which user(s) can access all passwords in the Vault?

Question51: Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Question52: Which of the following is considered a prerequisite for installing PSM?

Question53: A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Question54: In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

Question55: The Accounts Feed contains:

Question56: CyberArk user Neil is trying to connect to the Target Linux server 192.168.1.64 using a domain account ACME/linuxuser01 on Domain Acme.corp using PSM for SSH server 192.168.65.145. What is the correct syntax?

Question57: Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Question58: SAFE Authorizations may be granted to____________.
Select all that apply.

Question59: When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Question60: The Vault needs to send Simple Network Management Protocol (SNMP) traps to the SNMP solution.
Which file is used to configure the IP address of the SNMP server?

Question61: Which of the following features are provided by Ad-Hoc Access (formerly Secure Connect)? (Choose three.)

Question62: The DR module allows an integration with enterprise backup software.

Question63: When managing SSH keys, the CPM stores the Public Key

Question64: You have been asked to design the number of PVWAs a customer must deploy. The customer has three data centers with a distributed vault in each, requires high availability, and wants to use all vaults, at all times. How many PVWAs does the customer need?

Question65: Which report could show all accounts that are past their expiration dates?

Question66: Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Question67: For the hardening process to complete successfully, the Vault administrator must ensure that the antivirus software on the Vault server is installed and up to date before running the installation.

Question68: During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault.
For which purpose are these credentials used?

Question69: Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Question70: The password upload utility can be used to create Safes.

Question71: Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Question72: Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Question73: An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor's machine makes an RDP connection the PSM server, which user will be used?

Question74: You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?

Question75: You want to generate a license capacity report.
Which tool accomplishes this?

Question76: Multiple Password Vault Web Access (PVWA) servers can be load balanced.

Question77: What is the easiest way to duplicate an existing platform?

Question78: In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

Question79: As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Question80: Which is the primary purpose of exclusive accounts?

Question81: Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

Question82: Match each PTA alert category with the PTA sensors that collect the data for it.