EMT Practice Test

1. Question Content...


Question List

Question1: When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

Question2: Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Question3: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question4: A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.
Which locations must you update?

Question5: By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

Question6: DRAG DROP
Match each key to its recommended storage location.

Question7: tsparm.ini is the main configuration file for the Vault.

Question8: Which item is an option for PSM recording customization?

Question9: What is the maximum number of levels of authorization you can set up in Dual Control?

Question10: A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?

Question11: What is the purpose of the password change process?

Question12: Match the connection component to the corresponding OS/Function.

Question13: Which option in the Private Ark client is used to update users' Vault group memberships?

Question14: What is the chief benefit of PSM?

Question15: Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (Choose all that apply)

Question16: To manage automated onboarding rules, a CyberArk user must be a member of which group?

Question17: Which utilities could you use to change debugging levels on the vault without having to restart the vault.
Select all that apply.

Question18: Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Question19: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question20: Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Question21: Secure Connect provides the following. Choose all that apply.

Question22: Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?

Question23: When managing SSH keys, the CPM stores the Public Key

Question24: As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Question25: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question26: One can create exceptions to the Master Policy based on ____________________.

Question27: You are creating a Dual Control workflow for a team's safe.
Which safe permissions must you grant to the Approvers group?

Question28: What is the purpose of the password change process?

Question29: When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?

Question30: Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Question31: It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Question32: Match the built-in Vault User with the correct definition.

Question33: Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Question34: Which of the following logs contains information about errors related to PTA?

Question35: In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?

Question36: Your organization has a requirement to allow users to "check out passwords" and connect to targets with the same account through the PSM.
What needs to be configured in the Master policy to ensure this will happen?

Question37: Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Question38: DRAG DROP
Match each permission to where it can be found.

Question39: It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Question40: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question41: What is the primary purpose of One Time Passwords?

Question42: In a default CyberArk installation, which group must a user be a member of to view the "reports" page in PVWA?

Question43: Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Question44: Which values are acceptable in the address field of an Account?

Question45: The Vault administrator can change the Vault license by uploading the new license to the system Safe.

Question46: user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.
What is the issue?

Question47: For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

Question48: Which report could show all accounts that are past their expiration dates?

Question49: Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Question50: Match each key to its recommended storage location.

Question51: Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question52: As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Question53: Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

Question54: dbparm.ini is the main configuration file for the Vault.

Question55: For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Question56: Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question57: Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

Question58: The Accounts Feed contains:

Question59: Match the log file name with the CyberArk Component that generates the log.

Question60: What is the easiest way to duplicate an existing platform?

Question61: A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Question62: In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

Question63: What is the purpose of the CyberArk Event Notification Engine service?

Question64: PSM for Windows (previously known as "RDP Proxy") supports connections to the following target systems

Question65: Which is the primary purpose of exclusive accounts?

Question66: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question67: Match each PTA alert category with the PTA sensors that collect the data for it.

Question68: You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.
Which security configuration should you recommend?

Question69: One can create exceptions to the Master Policy based on ____________________.

Question70: As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

Question71: If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Question72: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question73: A Vault administrator have associated a logon account to one of their Unix root accounts in the vault.
When attempting to verify the root account's password the Central Policy Manager (CPM) will:

Question74: It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Question75: Which keys are required to be present in order to start the PrivateArk Server service?

Question76: VAULT authorizations may be granted to_____.

Question77: Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C.
Which file should you edit?