Labour Day Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

PAM-CDE-RECERT CyberArk CDE Recertification Questions and Answers

Questions 4

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account’s password the CPM will…..

Options:

A.

Log in to the system as root, then change root's password

B.

Log in to the system as the logon account, then change roofs password

C.

Log in to the system as the logon account, run the su command to log in as root, and then change root’s password.

D.

None of these

Buy Now
Questions 5

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Options:

A.

Suspected credential theft

B.

Over-Pass-The-Hash

C.

Golden Ticket

D.

Unmanaged privileged access

Buy Now
Questions 6

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Options:

A.

PSMConnect

B.

PSMMaster

C.

PSMGwUser

D.

PSMAdminConnect

Buy Now
Questions 7

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Options:

A.

The Master Policy

B.

The Platform settings

C.

The Safe settings

D.

The Account Details

Buy Now
Questions 8

PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target systems

Options:

A.

Windows

B.

UNIX

C.

Oracle

D.

All of the above

Buy Now
Questions 9

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

Options:

A.

The heartbeat s no longer detected on the private network.

B.

The shared storage array is offline.

C.

An alert is generated in the Windows Event log.

D.

The Digital Vault Cluster does not detect a node failure.

Buy Now
Questions 10

Match each component to its respective Log File location.

Options:

Buy Now
Questions 11

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

Options:

A.

Configure one-time passwords for the appropriate platform in Master Policy.

B.

Configure shared account mode on the appropriate safe.

C.

Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D.

Configure object level access control on the appropriate safe.

Buy Now
Questions 12

Which item is an option for PSM recording customization?

Options:

A.

Windows events text recorder with automatic play-back

B.

Windows events text recorder and universal keystrokes recording simultaneously

C.

Universal keystrokes text recorder with windows events text recorder disabled

D.

Custom audio recording for windows events

Buy Now
Questions 13

Which report could show all accounts that are past their expiration dates?

Options:

A.

Privileged Account Compliance Status report

B.

Activity log

C.

Privileged Account Inventory report

D.

Application Inventory report

Buy Now
Questions 14

You are onboarding an account that is not supported out of the box.

What should you do first to obtain a platform to import?

Options:

A.

Create a service ticket in the customer portal explaining the requirements of the custom platform.

B.

Search common community portals like stackoverflow, reddit, github for an existing platform.

C.

From the platforms page, uncheck the “Hide non-supported platforms” checkbox and see if a platform meeting your needs appears.

D.

Visit the CyberArk marketplace and search for a platform that meets your needs.

Buy Now
Questions 15

You need to enable the PSM for all platforms.

Where do you perform this task?

Options:

A.

Platform Management > (Platform) > UI & Workflows

B.

Master Policy > Session Management

C.

Master Policy > Privileged Access Workflows

D.

Administration > Options > Connection Components

Buy Now
Questions 16

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Options:

A.

Require dual control password access Approval

B.

Enforce check-in/check-out exclusive access

C.

Enforce one-time password access

D.

Enforce check-in/check-out exclusive access & Enforce one-time password access

Buy Now
Questions 17

What is the primary purpose of One Time Passwords?

Options:

A.

Reduced risk of credential theft

B.

More frequent password changes

C.

Non-repudiation (individual accountability)

D.

To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.

Buy Now
Questions 18

The Password upload utility can be used to create safes.

Options:

A.

TRUE

B.

FALS

Buy Now
Questions 19

Which of the following PTA detections are included in the Core PAS offering?

Options:

A.

Suspected Credential Theft

B.

Over-Pass-The Hash

C.

Golden Ticket

D.

Unmanaged Privileged Access

Buy Now
Questions 20

You are helping a customer prepare a Windows server for PSM installation. What is required for a successful installation?

Options:

A.

Window 2012 KB4558843

B.

Remote Desktop services (RDS) Session Host Roles

C.

Windows 2016 KB4558843

D.

Remote Desktop services (RDS) Session Broker

Buy Now
Questions 21

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Options:

A.

Create an exception to the Master Policy to exclude the group from the workflow process.

B.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

C.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

D.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

Buy Now
Questions 22

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.

How should this be configured to allow for password management using least privilege?

Options:

A.

Configure each CPM to use the correct logon account.

B.

Configure each CPM to use the correct reconcile account.

C.

Configure the UNIX platform to use the correct logon account.

D.

Configure the UNIX platform to use the correct reconcile account.

Buy Now
Questions 23

How does the Vault administrator apply a new license file?

Options:

A.

Upload the license.xml file to the system Safe and restart the PrivateArk Server service

B.

Upload the license.xml file to the system Safe

C.

Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service

D.

Upload the license.xml file to the Vault Internal Safe

Buy Now
Questions 24

A Reconcile Account can be specified in the Master Policy.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 25

Your organization requires all passwords be rotated every 90 days.

Where can you set this regulatory requirement?

Options:

A.

Master Policy

B.

Safe Templates

C.

PVWAConfig.xml

D.

Platform Configuration

Buy Now
Questions 26

Which of these accounts onboarding methods is considered proactive?

Options:

A.

Accounts Discovery

B.

Detecting accounts with PTA

C.

A Rest API integration with account provisioning software

D.

A DNA scan

Buy Now
Questions 27

Accounts Discovery allows secure connections to domain controllers.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 28

Which of the following components can be used to create a tape backup of the Vault?

Options:

A.

Disaster Recovery

B.

Distributed Vaults

C.

Replicate

D.

High Availability

Buy Now
Questions 29

To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.

Which configuration is correct?

Options:

A.

Require privileged session monitoring and isolation = inactive; Record and save session activity = active.

B.

Require privileged session monitoring and isolation = inactive; Record and save session activity = inactive.

C.

Require privileged session monitoring and isolation = active; Record and save session activity = active.

D.

Require privileged session monitoring and isolation = active; Record and save session activity = inactive.

Buy Now
Questions 30

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

Options:

A.

Configure the Provider to change the password to match the Vault’s Password

B.

Associate a reconcile account and configure the platform to reconcile automatically

C.

Associate a logon account and configure the platform to reconcile automatically

D.

Run the correct auto detection process to rediscover the password

Buy Now
Questions 31

Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

Options:

A.

PSM connections to target devices that are not managed by CyberArk.

B.

Session Recording.

C.

Real-time live session monitoring.

D.

PSM connections from a terminal without the need to login to the PVWA.

Buy Now

CyberArk CDE Certification |

Exam Code: PAM-CDE-RECERT
Exam Name: CyberArk CDE Recertification
Last Update: May 8, 2024
Questions: 207
PAM-CDE-RECERT pdf

PAM-CDE-RECERT PDF

$28  $80
 Add to Cart
PAM-CDE-RECERT Engine

PAM-CDE-RECERT Testing Engine

$33.25  $95
 Add to Cart
PAM-CDE-RECERT PDF + Engine

PAM-CDE-RECERT PDF + Testing Engine

$45.5  $130
 Add to Cart