Labour Day Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

CyberArk Defender + Sentry Question and Answers

CyberArk Defender + Sentry

Last Update May 2, 2024
Total Questions : 237

We are offering FREE CAU302 CyberArk exam questions. All you do is to just go and sign up. Give your details, prepare CAU302 free exam questions and then go for complete pool of CyberArk Defender + Sentry test questions that will help you more.

CAU302 pdf

CAU302 PDF

$35  $99.99
 Add to Cart
CAU302 Engine

CAU302 Testing Engine

$42  $119.99
 Add to Cart
CAU302 PDF + Engine

CAU302 PDF + Testing Engine

$56  $159.99
 Add to Cart
Questions 1

Which report could show all accounts that are past their expiration dates?

Options:

A.  

Activity log

B.  

Privileged Account Inventory report

C.  

Privileged Account Compliance Status report

D.  

Applications Inventory report

Discussion 0
Questions 2

The Vault needs to send SNMP traps to an SNMP solution. In which configuration file do you set the IP address of the SNMP solution?

Options:

A.  

PARAgent.ini

B.  

dbparm.ini

C.  

ENEConf.ini

D.  

my.ini

Discussion 0
Questions 3

Which type of automatic remediation can be performed by the PTA in case of a Suspecious Password Change security event?

Options:

A.  

Password Change

B.  

Password Reconcilation

C.  

Session Suspension

D.  

Session Terminiation

Discussion 0
Questions 4

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the

accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and

connect buttons on those passwords at any time without confirmation. The members of the AD group

OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an

emergency basis, but only with the approval of a member of OperationsManagers. The members of

OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.)

Options:

A.  

Use Accounts

B.  

Retrieve Accounts

C.  

List Accounts

D.  

Authorize Password Requests

E.  

Access Safe without Authorization

Discussion 0
Questions 5

PSM requires the Remote Desktop Gateway role service.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 6

During the process of installing the Central Policy Manager (CPM), the Vault administrator will be asked to provide the credentials for an administrative user in the Vault. For which purpose are these credentials used?

Options:

A.  

The credentials will be used later by the CPM to retrieve passwords from the Vault.

B.  

The credentials are used by the installer to register the CPM in the CyberArk database.

C.  

The credentials are used by the installer to authenticate to the Vault and create the Central Policy Manager (CPM) environment (Safes, users, etc.).

D.  

The credentials will be used later by the CPM to update passwords in the Vault.

Discussion 0
Questions 7

What is the purpose of the password Reconcile process?

Options:

A.  

To test that CyberArk is storing accurate credentials for accounts.

B.  

To change the password of an account according to organizationally defined password rules.

C.  

To allow CyberArk to manage unknown or lost credentials.

D.  

To generate a new complex password.

Discussion 0
Questions 8

Which of the following is considered a prerequisite for installing PSM?

Options:

A.  

IIS web services role

B.  

HTML5 Gateway

C.  

Provider

D.  

Remote Desktop Services

Discussion 0
Questions 9

In a Disaster Recovery (DR) environment, which of the following should NEVER be configured for automatic failover due to the possibility of split-brain phenomenon?

Options:

A.  

Password Vault Web Access (PVWA)

B.  

PSM

C.  

CPM

D.  

PTA

Discussion 0
Questions 10

A Logon Account can be specified in the platform settings

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 11

Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts'? Select all that apply.

Options:

A.  

Discovery and Audit (DNA)

B.  

Auto Detection (AD)

C.  

Export Vault Data (EVD)

D.  

On Demand Privileges Manager (OPM)

E.  

Accounts Discovery

Discussion 0
Questions 12

You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error What should you check first?

Options:

A.  

That the username and password are correct.

B.  

That the CPM can successfully resolve addresses in the beta cyberark com domain

C.  

That the end user has the correct permissions on the safe

D.  

That an appropriate trust relationship exists between alphaxyberark.com and beta.cyberark.com

Discussion 0
Questions 13

Which of the following are secure options for storing the contents of the Operator CD. while still allowing the contents to be accessible upon a planned Vault restart? Choose alt that apply

Options:

A.  

Store the CD in a physical safe and mount the CD every time vault maintenance is performed.

B.  

Copy the contents of the CD to the System Safe on the vault

C.  

Copy the contents of the CD to a folder on the vault server and secure it with NTFS permissions.

D.  

Store the server key in a Hardware Security Module.

E.  

Store the server key in the Provider cache

Discussion 0
Questions 14

Which of the following are prerequisites for installing PVWA Check all that Apply

Options:

A.  

Web Services Role

B.  

NET 4.5.1 Framework Feature

C.  

Remote Desktop Services Role

D.  

Windows BitLocker

Discussion 0
Questions 15

When the PSM Gateway (also known as the HTML5 ( End Point in order to launch connections via the PSM

Options:

A.  

True

B.  

False, when the PSM Gateway is implemented, the user only requires a browser in order launch a connection via the PSM

Discussion 0
Questions 16

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Options:

A.  

PrivateArk Database

B.  

PrivateArk Server

C.  

CyberArk Vault Disaster Recovery (DR) service

D.  

CyberArk Logical Container

Discussion 0
Questions 17

Which one of the built-in Vault users is not automatically added to the safe when it is first created in PVWA?

Options:

A.  

Master

B.  

Administrator

C.  

Auditor

D.  

Operator

Discussion 0
Questions 18

The Accounts Feed contains:

Options:

A.  

Accounts that were discovered by CyberArk in the last 30 days

B.  

Accounts that were discovered by CyberArk that have not yet been onboarded

C.  

All accounts added to the vault in the last 30 days

D.  

All users added to CyberArk in the last 30 days

Discussion 0
Questions 19

Which type of automatic remediation can be performed by the PTA in case of a suspicious password change security event?

Options:

A.  

Password change

B.  

Password reconciliation

C.  

Session suspension

D.  

Session termination

Discussion 0
Questions 20

SAFE Authorizations may be granted to___________________.

Select all that apply.

Options:

A.  

Vault Users

B.  

Vault Groups

C.  

LDAP Users

D.  

LDAP Groups

Discussion 0
Questions 21

After the Vault administrator configures syslog integration on the Vault, the Vault will be able to.

Options:

A.  

forward ITALOG records to Security Information and Event Management (SIEM).

B.  

send out Simple Network Management Protocol (SNMP) traps.

C.  

forward audit records to Security Information and Event Management (SIEM).

D.  

forward emails to SIEM.

Discussion 0
Questions 22

Which file is used to configure new firewall rules on the Vault?

Options:

A.  

firewall.ini

B.  

paragent.ini

C.  

dbparm.ini

D.  

padr.ini

Discussion 0
Questions 23

What is the purpose of EVD?

Options:

A.  

To extract vault metadata into an open database platform.

B.  

To allow editing of vault metadata.

C.  

To create a backup of the MySQL database.

D.  

To extract audit data from the vault.

Discussion 0
Questions 24

Which of the following options is not set in the Master Policy?

Options:

A.  

Password Expiration Date

B.  

Dual Control

C.  

Password Complexity

D.  

Require Access Reason

Discussion 0
Questions 25

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

Options:

A.  

Password change

B.  

Password reconciliation

C.  

Session suspension

D.  

Session termination

Discussion 0
Questions 26

After the Vault server is installed, the Microsoft Windows firewall is now commandeered by the Vault. Can the administrator change these firewall rules?

Options:

A.  

Yes, but the administrator can only modify the firewall rules by editing the dbparm.ini file and the restarting the Vault.

B.  

Yes, the administrator can still modify firewall rules via the Windows firewall interface.

C.  

No, the Vault does not permit any changes to the firewall due to security requirements.

D.  

Yes, but the administrator can only modify the firewall rules by editing the FirewallRules.ini file and the restarting the Vault.

Discussion 0
Questions 27

What is the purpose of the PrivateArk Database service?

Options:

A.  

Maintains Vault metadata.

B.  

Communicates with components.

C.  

Sends email alerts from the vault ID.

D.  

Executes password changes

Discussion 0
Questions 28

The Vault does not support dual factor authentication.

Options:

A.  

True

B.  

False

Discussion 0
Questions 29

What is the maximum number of levels of authorizations you can set up in Dual Control?

Options:

A.  

1

B.  

2

C.  

3

D.  

4

Discussion 0
Questions 30

In accordance with best practice. SSH access is denied for root accounts on UNIX/LINUX systems. What is the BEST way to allow CPM to manage root accounts.

Options:

A.  

Create a privileged account on the target server Allow this account the ability to SSH directly from the CPM machine Configure this account as the Reconcile account of the target server's root account.

B.  

Create a non-privileged account on the target server Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account

C.  

Configure the Unix system to allow SSH logins.

D.  

Configure the CPM to allow SSH logins

Discussion 0
Questions 31

Ad-Hoc Access (formerly Secure Connect) provides the following features. (Choose all that apply.)

Options:

A.  

PSM connections to target devices that are not managed by CyberArk

B.  

Session Recording

C.  

Real-time live session monitoring

D.  

PSM connections from a terminal without the need to login to the PVWA

Discussion 0
Questions 32

CyberArk Logical Container

Options:

A.  

CPMLOG

B.  

CPM_errorlog

C.  

pmlog

D.  

pm errors log

Discussion 0
Questions 33

The Vault can only integrate with a single Security Information and Event Management (SIEM) or SYSLOG server.

Options:

A.  

True

B.  

False

Discussion 0
Questions 34

PSM for SSH (previously known as “PSM SSH Proxy”) supports connections to the following target systems:

Options:

A.  

Windows

B.  

UNIX

C.  

Oracle

D.  

All of the above

Discussion 0
Questions 35

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
CAU302 Questions Answers | CAU302 Test Prep | CyberArk Defender + Sentry Questions PDF | CAU302 Online Exam | CAU302 Practice Test | CAU302 PDF | CAU302 Test Questions | CAU302 Study Material | CAU302 Exam Preparation | CAU302 Valid Dumps | CAU302 Real Questions | Defender - Sentry (Combined) CAU302 Exam Questions