EMT Practice Test

1. Question Content...


Question List

Question1: If a customer has one data center and requires fault tolerance, how many PVWAs should be deployed?

Question2: You are installing multiple PVWAs behind a load balancer.
Which statement is correct?

Question3: What must you do to synchronize a new Vault server with an organization's NTP server?

Question4: Which configuration file and Vault utility are used to migrate the server key to an HSM?

Question5: The security of the Vault Server is entirely dependent on the security of the network.

Question6: For redundancy, you want to add a secondary RADIUS server.
What must you do to accomplish this?

Question7: What is the recommended method to determine if a PVWA is unavailable and should be disabled in a load balancing pool?

Question8: Which parameter must be identical for both the Identity Provider (IdP) and the PVWA?

Question9: After installing the first PSM server and before installing additional PSM servers, you must ensure the user performing the installation is not a direct owner of which safe?

Question10: As a member of a PAM Level-2 support team, you are troubleshooting an issue related to load balancing four PVWA servers at two data centers. You received a note from your Level-1 support team stating "When testing PVWA website from a workstation, we noticed that the "Source IP of last sign-in" was shown as the VIP (Virtual IP address) assigned to the four PVWA servers instead of the workstation IP where the PVWA site was launched from." Which step should you take?

Question11: Your customer upgraded recently to version 12.2 to allow the Linux team to use the new MFA caching feature. The PSM for SSH was installed with default configuration settings. After setting the Authentication to SSH key and enabling MFA Caching from the PVWA interface, the Linux Team cannot connect successfully using the new MFA caching feature.
What is the most probable cause?

Question12: Which file must you edit to ensure the PSM for SSH server is not hardened automatically after installation?

Question13: Which statement is correct about CPM behavior in a distributed Vault environment?

Question14: What is a prerequisite step before installing the Vault on Windows 2019?

Question15: A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.
Which locations must you update?

Question16: You are installing the HTML5 gateway on a Linux host using the RPM provided.
After installing the Tomcat webapp, what is the next step in the installation process?

Question17: As Vault Admin, you have been asked to enable your organization's CyberArk users to authenticate using LDAP.
In addition to Audit Users, which permission do you need to complete this task?

Question18: You need to add a new PSM server to an existing CyberArk environment.
What is the best way to determine the sizing of this server?

Question19: When configuring RADIUS authentication, which utility is used to create a file containing an encrypted version of the RADIUS secret?

Question20: What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?

Question21: To apply a new license file you must:

Question22: Which utility should be used to register the Vault in Amazon Web Services?

Question23: In an SMTP integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SMTP server address(es).

Question24: How should you configure PSM for SSH to support load balancing?

Question25: You are successfully managing passwords in the alpha cyberark com domain; however, when you attempt to manage a password in the beta cyberark com domain, you receive the 'network path not found' error. What should you check first?

Question26: Which components can connect to a satellite Vault in a distributed Vault architecture?

Question27: Which files does the Vault Installation Wizard prompt you for during the Vault install?

Question28: A customer asked you to help scope the company's PSM deployment.
What should be included in the scoping conversation?

Question29: You are setting up a Linux host to act as an HTML 5 gateway for PSM sessions.
Which servers need to be trusted by the Linux host to secure communications through the gateway?

Question30: Which configuration file and Vault utility are used to migrate the server key to an HSM?

Question31: Which statement is correct about a post-install hardening?

Question32: When integrating a Vault with HSM, which file is uploaded to the HSM device?

Question33: What is the purpose of the PSM health check hardening?

Question34: Which pre-requisite step must be completed before installing a Vault?

Question35: Your customer wants to store the Safes Data on Vault Drive D instead of Drive C.
Which file should you edit?

Question36: Which statements are correct about the PSM HTML5 gateway? (Choose two.)

Question37: Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply.

Question38: You want to add an additional maintenance user on the PSM for SSH.
How can you accomplish this if InstallCyberarkSSHD is set to Integrated?

Question39: A customer has two data centers and requires a single PVWA url.
Which deployment provides the fastest time to reach the PVWA and the most redundancy?

Question40: In which configuration file do you add LoadBalancerClientAddressHeader when you enable x-forwarding on the PVWA loadbalancer?

Question41: What must you do to prepare a Windows server for PVWA installation?

Question42: A customer has five PVWA servers. Three are located at the primary data center and the remaining two are at a satellite data center.
What is important to consider about the load balancer? (Choose two.)

Question43: What are the basic network requirements to deploy a CPM server?

Question44: You are configuring the Vault to send syslog audit data to your organization's SIEM solution.
What is a valid value for the SyslogServerProtocol parameter in DBPARM.INI file?

Question45: Which user is enabled when replicating data between active and stand-by Vaults?

Question46:
Arrange the steps to failover to the DR CPM in the correct sequence.

Question47: This value needs to be added to the PVWA configuration file:
Assuming all CyberArk PVWA servers were installed using default paths/folders, which configuration file should you locate and edit to accomplish this?

Question48: You are beginning the post-install process after a manual PSM installation is completed.
What must you do?

Question49: Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.
Which file should you update to allow this to run?

Question50: A customer has five main data centers with one PVWA in each center under different URLs.
How can you make this setup fault tolerant?

Question51: All 80 employees from your satellite Tokyo office are complaining that browsing the PVWA site is very slow; however, your New York headquarters users are not experiencing this. The current PAM solution is:
2 distributed Vaults, the primary one in New York and a satellite in Tokyo
2 PVWA servers, both in New York with load balancing configured
2 PSM servers, both in New York without load balancing configured
1 CPM server in New York
All PVWA, PSM, and CPM servers are connected to the primary Vault
Which proposal optimally resolves the performance issue while minimizing the impact to production?

Question52: What is the purpose of the CPM_Preinstallation.ps1 script included with the CPM installation package?

Question53: What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Question54: The connect button requires PSM to work.

Question55: The RemoteApp feature of PSM allows seamless Application windows (i.e the Desktop of the PSM server will not be visible.)

Question56: The account used to install a PVWA must have ownership of which safes? (Choose two.)

Question57: Which of the following protocols need to be installed on a standalone vault server? Check all that apply.

Question58: Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

Question59: In a SIEM integration it is possible to use the fully-qualified domain name (FQDN) when specifying the SIEM server address(es).

Question60: In large-scale environments, it is important to enable the CPM to focus its search operations on specific Safes instead of scanning all Safes it sees in the Vault.
How is this accomplished?

Question61: Which parameter must be provided when registering a primary Vault in Azure, but not in Amazon Web Services?

Question62: In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Question63: What is a step to enable NTP synchronization on a stand-alone Vault?

Question64: When performing "In Domain" hardening of a PSM server, which steps must be performed? (Choose two.)