EMT Practice Test

1. Question Content...


Question List

Question1: For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Question2: You created a new safe and need to ensure the user group cannot see the password, but can connect through the PSM.
Which safe permissions must you grant to the group? (Choose two.)

Question3: An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Question4: When managing SSH keys, the CPM stores the Public Key

Question5: What is the purpose of the PrivateArk Server service?

Question6: When managing SSH keys, the CPM stored the Private Key

Question7: Target account platforms can be restricted to accounts that are stored m specific Safes using the Allowed Safes property.

Question8: Which report could show all accounts that are past their expiration dates?

Question9: Which of these accounts onboarding methods is considered proactive?

Question10: Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Question11: Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Question12: What does the Export Vault Data (EVD) utility do?

Question13: Match the connection component to the corresponding OS/Function.

Question14: When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Question15: You notice an authentication failure entry for the DR user in the ITALog.
What is the correct process to fix this error? (Choose two.)

Question16: Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).

Question17: In the Private Ark client under the Tools menu > Administrative Tools > Users and Groups, which option do you use to update users' Vault group memberships?

Question18: Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Question19: Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?

Question20: What is the chief benefit of PSM?

Question21: A user is receiving the error message "ITATS006E Station is suspended for User jsmith" when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault administrator use to correct this problem?

Question22: Which values are acceptable in the address field of an Account?

Question23: You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?

Question24: Which statement about the Master Policy best describes the differences between one-time password and exclusive access functionality?

Question25: tsparm.ini is the main configuration file for the Vault.

Question26: By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

Question27: What is required to enable access over SSH to a Unix account through both PSM and PSMP?

Question28: Which of the following statements are NOT true when enabling PSM recording for a target Windows server?
(Choose all that apply)

Question29: Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Question30: If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

Question31: According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Question32: A user with administrative privileges to the vault can only grant other users privileges that he himself has.

Question33: How much disk space do you need on a server to run a full replication with PAReplicate?

Question34: Within the Vault each password is encrypted by:

Question35: Which is the primary purpose of exclusive accounts?

Question36: Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Question37: Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Question38: In addition to add accounts and update account contents, which additional permission on the safe is required to add a single account?

Question39: Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?

Question40: Which utilities could you use to change debugging levels on the vault without having to restart the vault.
Select all that apply.

Question41: If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?

Question42: In the Private Ark client, how do you add an LDAP group to a CyberArk group?

Question43: You have been asked to delegate the rights to unlock users to Tier 1 support. The Tier 1 support team already has an LDAP group for its members.
Arrange the steps to do this in the correct sequence.

Question44: For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Question45: Which statement is true about setting the reconcile account at the platform level?

Question46: In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.
What is the least intrusive way to accomplish this?

Question47: What is the purpose of the password change process?

Question48: You are onboarding an account that is not supported out of the box.
What should you do first to obtain a platform to import?

Question49: What is required to manage loosely connected devices?

Question50: For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

Question51: It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Question52: It is possible to restrict the time of day, or day of week that a [b]reconcile[/b] process can occur

Question53: Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)

Question54: Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

Question55: A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

Question56: When running a "Privileged Accounts Inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

Question57: You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to
[b]change [/b] the root account's password the CPM will.....

Question58: To manage automated onboarding rules, a CyberArk user must be a member of which group?

Question59: Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

Question60: When are external vault users and groups synchronized by default?

Question61: Select the best practice for storing the Master CD.

Question62: You are configuring CyberArk to use HTML5 gateways exclusively for PSM connections.
In the PVWA, where do you set DefaultConnectionMethod to HTML5?

Question63: Which item is an option for PSM recording customization?

Question64: Which master policy settings ensure non-repudiation?

Question65: Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Question66: Where can you assign a Reconcile account? (Choose two.)

Question67: You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

Question68: You are logging into CyberArk as the Master user to recover an orphaned safe.
Which items are required to log in as Master?

Question69: Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.

Question70: To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

Question71: To change the safe where recordings are kept for a specific platform, which setting must you update in the platform configuration?

Question72: Which one the following reports is NOT generated by using the PVWA?

Question73: Which command configures email alerts within PTA if settings need to be changed post install?

Question74: One can create exceptions to the Master Policy based on ____________________.

Question75: What is the maximum number of levels of authorization you can set up in Dual Control?

Question76: What is the purpose of the Immediate Interval setting in a CPM policy?

Question77: The password upload utility must run from the CPM server

Question78: When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

Question79: What must you specify when configuring a discovery scan for UNIX? (Choose two.)

Question80: What does the minvalidity parameter on a platform policy determine?

Question81: The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

Question82: To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.
Which configuration is correct?

Question83: In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to
"Fast Forward" within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.
What could be the cause?

Question84: Match the built-in Vault User with the correct definition.

Question85: Which PTA sensors are required to detect suspected credential theft?

Question86: What is the easiest way to duplicate an existing platform?

Question87: You created a new platform by duplicating the out-of-box Linux through the SSH platform.
Without any change, which Text Recorder Type(s) will the new platform support? (Choose two.)

Question88: dbparm.ini is the main configuration file for the Vault.

Question89: What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

Question90: A recently-hired colleague onboarded five new Local Accounts that are used for five standalone Windows Servers. After attempting to connect to the servers from PVWA, the colleague noticed that the "Connect" button was greyed out for all five new accounts.
What can you do to help your colleague resolve this issue? (Choose two.)

Question91: A password compliance audit found:
1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.
2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.
What should you do to address these findings?

Question92: What is the purpose of the Interval setting in a CPM policy?