EMT Practice Test

1. Question Content...


Question List

Question1: Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

Question2: A user is receiving the error message "ITATS006E Station is suspended for User jsmith" when attempting to sign into the Password Vault Web Access (PVWA) .
Which utility would a Vault administrator use to correct this problem?

Question3: The vault supports Role Based Access Control.

Question4: You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?

Question5: Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C.
Which file should you edit?

Question6: An auditor needs to login to the PSM in order to live monitor an active session .
Which user ID is used to establish the RDP connection to the PSM server?

Question7: Which user(s) can access all passwords in the Vault?

Question8: You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.
Which security configuration should you recommend?

Question9: user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?

Question10: Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Question11: Which one the following reports is NOT generated by using the PVWA?

Question12: To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

Question13: The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

Question14: Which of the following logs contains information about errors related to PTA?

Question15: Which of these accounts onboarding methods is considered proactive?

Question16: Secure Connect provides the following. Choose all that apply.

Question17: Which values are acceptable in the address field of an Account?

Question18: DRAG DROP
Match each PTA alert category with the PTA sensors that collect the data for it.

Question19: CyberArk recommends implementing object level access control on all Safes.

Question20: Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

Question21: The Accounts Feed contains:

Question22: When running a "Privileged Accounts Inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

Question23: Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Question24: Which report could show all accounts that are past their expiration dates?

Question25: What is the purpose of the HeadStartlnterval setting m a platform?

Question26: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question27: Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Question28: DRAG DROP
Match each component to its respective Log File location.

Question29: PSM captures a record of each command that was executed in Unix.

Question30: What is the maximum number of levels of authorization you can set up in Dual Control?

Question31: Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Question32: PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Question33: How does the Vault administrator apply a new license file?

Question34: Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Question35: In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system .
What is the BEST way to allow CPM to manage root accounts?

Question36: DRAG DROP
Match each permission to where it can be found.

Question37: Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question38: Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp.
When the client's machine makes an RDP connection to the PSM server, which user will be utilized?

Question39: Platform settings are applied to _________.

Question40: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question41: In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?

Question42: If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Question43: Within the Vault each password is encrypted by:

Question44: An auditor initiates a live monitoring session to PSM server to view an ongoing live session.
When the auditor's machine makes an RDP connection the PSM server, which user will be used?

Question45: In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.

What is the least intrusive way to accomplish this?

Question46: It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Question47: Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?

Question48: VAULT authorizations may be granted to_____.

Question49: A Vault administrator have associated a logon account to one of their Unix root accounts in the vault.
When attempting to verify the root account's password the Central Policy Manager (CPM) will:

Question50: Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

Question51: Accounts Discovery allows secure connections to domain controllers.

Question52: For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Question53: The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.
How are these keys managed?

Question54: When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

Question55: In a default CyberArk installation, which group must a user be a member of to view the "reports" page in PVWA?

Question56: The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Question57: You are logging into CyberArk as the Master user to recover an orphaned safe.
Which items are required to log in as Master?

Question58: You receive this error: "Error in changepass to user domain\user on domain server(\domain. (winRc=5) Access is denied."
Which root cause should you investigate?

Question59: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question60: You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

Question61: When creating an onboarding rule, it will be executed upon .

Question62: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question63: Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

Question64: dbparm.ini is the main configuration file for the Vault.