EMT Practice Test

1. Question Content...


Question List

Question1: What is the purpose of the Interval setting in a CPM policy?

Question2: Which file is used to open up a non-standard Firewall port to the Vault?

Question3: When a DR vault server becomes an active vault, it will automatically fail bacK to the original state once the primary vault comes back online.

Question4: Which Built-in group grants access to the ADMINISTRATION page?

Question5: Which credentials does CyberArk use when managing a target account?

Question6: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault.

Question7: What is the purpose of the PrivateArk Server service?

Question8: How does the Vault administrator configure the CyberArk Disaster Recovery (DR) solution to perform automatic failover in case of failure in the Primary Vault?

Question9: Which service is optional on the Vault?

Question10: An Auditor needs to login to the PSM in order to live monitor an active session.
Which User ID is used to establish the RDP connection to the PSM server?

Question11: When managing SSH keys, the CPM stores the Public Key ________________.

Question12: PSM captures a record of each command that was issues in SQL Plus.

Question13: What conditions must be met in order to log into the vault as the Master user? Select all that apply

Question14: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted __________________.

Question15: As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Question16: When working with the CyberArk Disaster Recovery (DR) solution, which services should be running on the DR Vault?

Question17: A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?

Question18: Two-factor authentication can be implemented by integrating the Vault with a RADIUS server configured to require PIN and token.

Question19: Which parameter controls how often the CPM looks for Exclusive Passwords that need to be changed?

Question20: Multiple CPM Servers can be load balanced.

Question21: A Simple Network Management Protocol (SNMP) integration allows the Vault administrator to forward ITALOG records to a monitoring solution.

Question22: The password upload utility must run from the CPM server.

Question23: dbparm.ini is the main configuration file for the vault.

Question24: The Password upload utility can be used to create safes.

Question25: Multiple PVWA servers can be load balanced.

Question26: The DR module allows an integration with Enterprise Backup software

Question27: The vault supports a number of dual factor authentication methods.

Question28: It is possible to control the hours of the day during which a safe may be used.

Question29: Multiple Vault Servers can be load balanced.

Question30: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question31: In order to grant a permission to a user, and administrator MUST possess that permission.

Question32: Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Question33: When planning to load balance at least 2 PSM Servers in an "in-domain" deployment, is it required to move the PSMConnect and PSMAdminConnect users to the domain level?

Question34: Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question35: PSM requires the Remote Desktop Session Host role service.

Question36: What is the purpose of the password Reconcile process?

Question37: It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.

Question38: The Vault Internal safe contains all of the configuration for the vault.

Question39: Can ITALOG records be forwarded to the monitoring solution via Security Information and Event Management (SIEM) integration?

Question40: When managing SSH keys. CPM automatically pushes the Public Key to the target system.

Question41: One time passwords reduce the risk of Pass the Hash vulnerabilities in Windows

Question42: It is possible to restrict the time of day. or day of week that a change process can occur

Question43: PSM generates recordings on the Vault server in real time.

Question44: Platform settings are applied to_________.

Question45: Within the Vault each password is encrypted by

Question46: Which report shows the accounts that are accessible to each user?

Question47: A Vault Administrator wants to change the PSM Server ID to comply with a naming standard What is the process for changing the PSM Server ID?

Question48: If a transparent user belongs two different directory mappings, how does the system determine which user template to use?

Question49: The Remote Desktop Services role must be property licensed by Microsoft.

Question50: All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to UnixAdmins? Check all that apply

Question51: What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

Question52: DRAG DROP
Match the log file name with the CyberArk Component that generates the log.

Question53: Which user(s) can access all passwords in the vault

Question54: The Vault does not support dual factor authentication.

Question55: When the PSM Gateway (also known as the HTML5 Gateway) is implemented, users must have an RDP client, such as MSTSC, installed on their endpoint in order to launch connections via the PSM.

Question56: The Accounts Feed contains:

Question57: Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Question58: PSM requires the Remote Desktop Gateway role service.

Question59: The Vault Internal safe contains the configuration for an LDAP integration

Question60: To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults.
Which file needs to be changed on the PVWA to enable this setup?

Question61: Multiple PVWA servers are always all active

Question62: Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts'? Select all that apply.

Question63: Which of the following are secure options for storing the contents of the Operator CD. while still allowing the contents to be accessible upon a planned Vault restart? Choose alt that apply

Question64: Which is the purpose of the HeadStartInterval setting in a platform?

Question65: The vault supports Subnet Based Access Control.

Question66: After the Vault administrator configures syslog integration on the Vault, the Vault will be able to.

Question67: What is the purpose of the Allowed Safes parameter in a CPM policy? Select all that apply.

Question68: Which of the following components can be used to create a tape backup of the Vault?

Question69: When on-boarding accounts using Accounts Feed.
Which of the following is true"?

Question70: A Logon Account can be specified in the Master Policy

Question71: The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a "Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry.

Question72: When working with the CyberArk Cluster, the Virtual IP is used by:

Question73: Which of the following logs contain information about errors related to PTA?

Question74: A Logon Account can be specified in the platform settings

Question75: Which of the following is considered a prerequisite for installing PSM?

Question76: What is the purpose of the PrivateArk Database service?

Question77: The vault server uses a modified version of the Microsoft Windows firewall

Question78: The Remote Desktop Services role installed on PSM must be properly licensed by Microsoft.

Question79: Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply.

Question80: Which of the following are prerequisites for installing PVWA Check all that Apply

Question81: What is the purpose of the password Change process?

Question82: Accounts Discovery allows secure connections to domain controllers.

Question83: When accessing the Vault via PVWA, is it possible, is it possible to configure multiple Dual Authentication Methods?

Question84: A SIEM integration allows you to forward audit records to a monitoring solution.