EMT Practice Test

1. Question Content...


Question List

Question1: You are creating a new Rest API user that utilizes CyberArk Authentication.
What is a correct process to provision this user?

Question2: DRAG DROP
For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.

Question3: Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Question4: DRAG DROP
Match each component to its respective Log File location.

Question5: Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?

Question6: Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Question7: Which command configures email alerts within PTA if settings need to be changed post install?

Question8: PSM for Windows (previously known as "RDP Proxy") supports connections to the following target systems

Question9: Which is the primary purpose of exclusive accounts?

Question10: An auditor initiates a live monitoring session to PSM server to view an ongoing live session.
When the auditor's machine makes an RDP connection the PSM server, which user will be used?

Question11: A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

Question12: You are onboarding an account that is not supported out of the box.
What should you do first to obtain a platform to import?

Question13: The vault supports Role Based Access Control.

Question14: For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Question15: You need to enable the PSM for all platforms.
Where do you perform this task?

Question16: A Logon Account can be specified in the Master Policy.

Question17: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question18: All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.
Which safe permission do you need to grant Operations Staff? Check all that apply.

Question19: Match each key to its recommended storage location.

Question20: DRAG DROP
Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

Question21: According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Question22: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question23: Match the connection component to the corresponding OS/Function.

Question24: Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?

Question25: When on-boarding account using Accounts Feed, Which of the following is true?

Question26: Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

Question27: When managing SSH keys, the CPM stored the Private Key

Question28: You are logging into CyberArk as the Master user to recover an orphaned safe.
Which items are required to log in as Master?

Question29: Which values are acceptable in the address field of an Account?

Question30: In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

Question31: Which user(s) can access all passwords in the Vault?

Question32: A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Manager (CPM) will:

Question33: Which usage can be added as a service account platform?

Question34: A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?

Question35: The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

Question36: A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.
Which locations must you update?

Question37: A new HTML5 Gateway has been deployed in your organization.
Where do you configure the PSM to use the HTML5 Gateway?

Question38: Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Question39: When managing SSH keys, the CPM stores the Public Key

Question40: Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question41: Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.

Question42: Your organization has a requirement to allow users to "check out passwords" and connect to targets with the same account through the PSM.
What needs to be configured in the Master policy to ensure this will happen?

Question43: When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

Question44: It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

Question45: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question46: The System safe allows access to the Vault configuration files.

Question47: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question48: To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

Question49: DRAG DROP
Match each permission to where it can be found.

Question50: Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Question51: What is the purpose of the CyberArk Event Notification Engine service?

Question52: A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.
What is the correct location to identify users or groups who can approve?

Question53: What is the maximum number of levels of authorization you can set up in Dual Control?

Question54: An auditor needs to login to the PSM in order to live monitor an active session .
Which user ID is used to establish the RDP connection to the PSM server?

Question55: Match each component to its respective Log File location.

Question56: What is the purpose of the PrivateArk Database service?

Question57: Match the log file name with the CyberArk Component that generates the log.

Question58: Which of the following components can be used to create a tape backup of the Vault?

Question59: VAULT authorizations may be granted to_____.

Question60: As long as you are a member of the Vault Admins group you can grant any permission on any safe.

Question61: CyberArk implements license limits by controlling the number and types of users that can be provisioned in the vault.

Question62: Time of day or day of week restrictions on when password verifications can occur configured in
____________________.

Question63: Which user is automatically added to all Safes and cannot be removed?

Question64: You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?

Question65: A Logon Account can be specified in the Master Policy.

Question66: DRAG DROP
Match each key to its recommended storage location.

Question67: Which is the primary purpose of exclusive accounts?

Question68: You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

Question69: You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to
[b]change [/b] the root account's password the CPM will.....

Question70: How does the Vault administrator apply a new license file?