Black Friday Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CyberArk Sentry PAM Question and Answers

CyberArk Sentry PAM

Last Update Dec 2, 2024
Total Questions : 136

We are offering FREE PAM-SEN CyberArk exam questions. All you do is to just go and sign up. Give your details, prepare PAM-SEN free exam questions and then go for complete pool of CyberArk Sentry PAM test questions that will help you more.

PAM-SEN pdf

PAM-SEN PDF

$36.75  $104.99
PAM-SEN Engine

PAM-SEN Testing Engine

$43.75  $124.99
PAM-SEN PDF + Engine

PAM-SEN PDF + Testing Engine

$57.75  $164.99
Questions 1

Which files does the Vault Installation Wizard prompt you for during the Vault install?

Options:

A.  

Operator CD and License Most Voted

B.  

Master CD and License

C.  

Operator CD and Vault Certificate

D.  

Master CD and DBparm.ini

Discussion 0
Questions 2

Which pre-requisite step must be completed before installing a Vault?

Options:

A.  

Join the server to a domain.

B.  

Install a clean operating system.

C.  

Install antivirus software.

D.  

Copy the master CD to a folder on the Vault server.

Discussion 0
Questions 3

The connect button requires PSM to work.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 4

What authentication methods can be implemented to enforce Two-Factor Authentication (2FA) for users authenticating to CyberArk using both the PVWA (through the browser) and the PrivateArk Client?

Options:

A.  

LDAP and RADIUS Most Voted

B.  

CyberArk and RADIUS

C.  

SAML and Cyber Ark

D.  

SAML and RADIUS

Discussion 0
Questions 5

Which components support load balancing? (Choose two.)

Options:

A.  

CPM

B.  

PVWA

C.  

PSM

D.  

PTA

E.  

EPV

Discussion 0
Questions 6

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

Options:

A.  

Manage Directory Mapping

B.  

Activate Users

C.  

Backup All Safes, Restore All Safes

D.  

Audit Users, Add Network Areas

Discussion 0
Questions 7

Which CyberArk component changes passwords on Target Devices?

Options:

A.  

Vault

B.  

CPM

C.  

PVWA

D.  

PSM

E.  

PrivateArk

F.  

OPM

G.  

AIM

Discussion 0
Questions 8

In which file must the attribute ‘SignAuthnRequest=”true”’ be added to the PartnerIdentityProvider element to support signed SAML requests?

Options:

A.  

saml.config

B.  

samlconfig.ini

C.  

PVWAConfig.xml

D.  

PVConfiguration.xml

Discussion 0
Questions 9

The Remote Desktop Services role must be property licensed by Microsoft.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 10

When SAML authentication is used to sign in to the PVWA, which service performs the actual authentication?

Options:

A.  

Active Directory (AD)

B.  

Identity Provider (IdP) Most Voted

C.  

Service Provider (SP)

D.  

CyberArk Password Vault Web Access (PVWA)

Discussion 0
Questions 11

What is the name of the account used to establish the initial RDP session from the end user client machine to the PSM server?

Options:

A.  

PSMConnect

B.  

PSMAdminConnect

C.  

PSM

D.  

The credentials the end user retrieved from the vault

Discussion 0
Questions 12

What is the recommended method to determine if a PVWA is unavailable and should be disabled in a load balancing pool?

Options:

A.  

Monitor Port 443 on the PVWA server

B.  

Monitor Port 1858 on the PVWA server

C.  

Ping the PVWA server

D.  

Monitor Port 3389 on the PVWA server

Discussion 0
Questions 13

In large-scale environments, it is important to enable the CPM to focus its search operations on specific Safes instead of scanning all Safes it sees in the Vault.

How is this accomplished?

Options:

A.  

Administration Options > CPM Settings

B.  

AllowedSafe Parameter on each platform policy

C.  

MaxConcurrentConnection parameter on each platform policy

D.  

Administration > Options > CPM Scanner

Discussion 0
Questions 14

By default, the vault secure protocol uses which IP port and protocol.

Options:

A.  

TCP/1858

B.  

TCP/443

C.  

UDP/1858

D.  

TCP/80

Discussion 0
Questions 15

You are installing multiple PVWAs behind a load balancer.

Which statement is correct?

Options:

A.  

Port 1858 must be opened between the load balancer and the PVWAs.

B.  

The load balancer must be configured in DNS round robin.

C.  

The load balancer must support "sticky sessions".

D.  

The LoadBalancerClientAddressHeader parameter in the PVWA.ini file must be set.

Discussion 0
Questions 16

Which file would you modify to configure the vault to send SNMP traps to your monitoring solution?

Options:

A.  

dbparm ini

B.  

paragent.ini

C.  

ENEConf.ini I

D.  

padr ini

Discussion 0
Questions 17

To apply a new license file you must:

Options:

A.  

Upload the license.xml file to the System Safe

B.  

Upload the license.xml file to the Vaultlnternal Safe.

C.  

Upload the license.xml file to the System Safe and restart the PrivateArk Server service.

D.  

Upload the license.xml file to the Vaultlnternal Safe and restart the PrivateArk Server service.

Discussion 0
Questions 18

In order to avoid conflicts with the hardening process, third party applications like Antivirus and Backup Agents should be installed on the Vault server before installing the Vault.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 19

When configuring RADIUS authentication, which utility is used to create a file containing an encrypted version of the RADIUS secret?

Options:

A.  

CAVaultManager

B.  

CACert

C.  

CreateAuthFile

D.  

CreateCredFile

Discussion 0
Questions 20

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

Options:

A.  

retention period

B.  

number of PSMs

C.  

number of users

D.  

number of targets

Discussion 0
Questions 21

What is a step to enable NTP synchronization on a stand-alone Vault?

Options:

A.  

Run Powershell and add the NTP module.

B.  

Restart the organization's NTP servers.

C.  

Edit dbparm.ini and add a Firewall rule for the NTP address.

D.  

Restart the Vault Event Notification Engine service.

Discussion 0
Questions 22

Which of the following protocols need to be installed on a standalone vault server? Check all that apply.

Options:

A.  

Client for Microsoft Networks

B.  

QoS Packet Scheduler

C.  

File and Printer Sharing for Microsoft Networks

D.  

Internet Protocol version 4 (TCP/IPv4)

E.  

NIC Teaming Driver, if applicable

Discussion 0
Questions 23

The RemoteApp feature of PSM allows seamless Application windows (i e the Desktop of the PSM server will not be visible)

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 24

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:

A.  

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.  

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

C.  

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

D.  

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

Discussion 0
Questions 25

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 26

You are setting up a Linux host to act as an HTML 5 gateway for PSM sessions.

Which servers need to be trusted by the Linux host to secure communications through the gateway?

Options:

A.  

PSM and PVWA

B.  

PSM and CPM

C.  

PVWA and Vault

D.  

Vault and PSM

Discussion 0
Questions 27

After installing the first PSM server and before installing additional PSM servers, you must ensure the user performing the installation is not a direct owner of which safe?

Options:

A.  

PSMUnmanagedSessionAccounts Safe

B.  

PSMRecordingsSessionAccounts Safe

C.  

PSMUnmanagedApplicationAccounts Safe

D.  

PSMSessionBackupAccounts Safe

Discussion 0
Questions 28

The PrivateArk clients allows a user to view the contents of the vault like a filesystem.

Options:

A.  

TRUE

B.  

FALSE

Discussion 0
Questions 29

A customer has three data centers distributed globally and wants highly-available PSM connections in each segmented zone. In addition, the customer needs a highly-available PSM connection for the CyberArk Admins.

What will best satisfy this customer's needs?

Options:

A.  

one PSM per zone with a load balancer and two PSMs for Admins with a load balancer

B.  

six PSMs in the mam data center with a load balancer and one PSM for Admins

C.  

two PSMs per zone with a load balancer and two PSMs for Admins with a dedicated load balancer

D.  

three PSMs per zone with CyberArk built-in load balancing

Discussion 0
Questions 30

Which components can connect to a satellite Vault in a distributed Vault architecture?

Options:

A.  

CPM, EPM, PTA

B.  

PVWA, PSM

C.  

CPM, PVWA, PSM

D.  

CPM, PSM

Discussion 0
Questions 31

What is determined by the "MaxConcurrentConnections" setting within a platform?

Options:

A.  

maximum number of concurrent connections that can be opened between the CPM and the remote machines for the platform

B.  

maximum number of concurrent connections that can be between the PSM and the remote machines for the platform

C.  

maximum number of concurrent connections allowed for a specific account on the platform through the PSM

D.  

maximum number of concurrent connections to the Vault allowed for sending audit activities relating to the platform

Discussion 0
Questions 32

During the PSM installation process, Safes and a User are created.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords, and Activate Users, which authorization(s) does the Vault user installing the PSM need to enable them to be successfully created?

Options:

A.  

Manage Vault File Categories Most Voted

B.  

Manage Server File Categories

C.  

Manage Directory Mapping, Manage Server File Categories

D.  

Manage Directory Mapping, Manage Vault File Categories

Discussion 0
Questions 33

Which configuration file and Vault utility are used to migrate the server key to an HSM?

Options:

A.  

DBparm.ini and CAVaultManager.exe

B.  

VaultKeys.ini and CAVaultManager.exe

C.  

DBparm.ini and ChangeServerKeys.exe

D.  

VaultKeys.ini and ChangeServerKeys.exe

Discussion 0
Questions 34

When a DR vault server becomes an active vault, it will automatically fail back to the original state once the primary vault comes back online.

Options:

A.  

True, this is the default behavior

B.  

False, this is not possible

C.  

True, if the 'AllowFailback' setting is set to yes in the PADR.ini file.

D.  

True if the 'AllowFailback' setting is set to yes in the dbparm mi file

Discussion 0
Questions 35

A customer has five main data centers with one PVWA in each center under different URLs.

How can you make this setup fault tolerant?

Options:

A.  

This setup is already fault tolerant.

B.  

Install more PVWAs in each data center.

C.  

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered.

D.  

Load balance all PVWAs under same URL.

Discussion 0
Questions 36

Which of the following are supported authentication methods for CyberArk? Check all that apply

Options:

A.  

CyberArk Password (SRP)

B.  

LDAP

C.  

SAML

D.  

PKI

E.  

RADIUS

F.  

OracleSSO

G.  

Biometric

Discussion 0
Questions 37

A vault admin received an email notification that a password verification process has failed Which service sent the message?

Options:

A.  

The PrivateArk Server Service on the Vault.

B.  

The CyberArk Password Manager service on the Components Server.

C.  

The CyberArk Event Notification Engine Service on the Vault

D.  

The CyberArk Privileged Session Manager service on the Vault.

Discussion 0
Questions 38

If a transparent user matches two different directory mappings, how does the system determine which user template to use?

Options:

A.  

The system will use the template for the mapping listed first.

B.  

The system will use the template for the mapping listed last.

C.  

The system will grant all of the vault authorizations from the two templates.

D.  

The system will grant only the vault authorizations that are listed in both templates

Discussion 0
Questions 39

You are installing the HTML5 gateway on a Linux host using the RPM provided.

After installing the Tomcat webapp, what is the next step in the installation process?

Options:

A.  

Deploy the HTML5 service (guacd). Most Voted

B.  

Secure the connection between the guacd and the webapp.

C.  

Secure the webapp and JWT validation endpoint.

D.  

Configure ASLR.

Discussion 0
Questions 40

To enable LDAP over SSL for a Vault when DNS lookups are blocked, which step must be completed?

Options:

A.  

Add the FQDN & IP details for each LDAP host into the local hosts file of the Vault server. Most Voted

B.  

Configure an AllowNonStandardFWAddresses rule in DBParm.ini on the Vault to allow outbound TCP 53 to the organization’s DNS servers.

C.  

Ensure LDAP hosts added to the directory mapping configuration are defined using only IP addresses.

D.  

Set the ReferralsDNSLookup parameter value to “No” in the directory configuration.

Discussion 0