Free CAU201 Sample Questions — CyberArk Defender

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed?

• A. HeadStartInterval
• B. Interval
• C. ImmediateInterval
• D. The CPM does not change the password under this circumstance

Which of the following components can be used to create a tape backup of the Vault?

• A. Disaster Recovery
• B. Distributed Vaults
• C. Replicate
• D. High Availability

Which one of the following reports is NOT generated by using the PVWA?

• A. Account Inventory
• B. Application Inventory
• C. Safes List
• D. Compliance Status

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Manager (CPM) will:

• A. ignore the logon account and attempt to log in as root
• B. prompt the end user with a dialog box asking for the login account to use
• C. log in first with the logon account, then run the SU command to log in as root using the password in the Vault
• D. none of these

You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user?

• A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
• B. Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add
• C. PVWA > User Provisioning > LDAP Integration > Add Mapping
• D. PVWA > User Provisioning > Users and Groups > New > User

You are creating a Dual Control workflow for a team's safe. Which safe permissions must you grant to the Approvers group?

• A. List accounts, Authorize account request
• B. Retrieve accounts, Access Safe without confirmation
• C. Retrieve accounts, Authorize account request
• D. List accounts, Unlock accounts

Which is the primary purpose of exclusive accounts?

• A. Reduced risk of credential theft
• B. More frequent password changes
• C. Non-repudiation (individual accountability)
• D. To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization

Which Automatic Remediation is configurable for a PTA detection of a `Suspected Credential Theft`?

• A. Add to Pending
• B. Rotate Credentials
• C. Reconcile Credentials
• D. Disable Account

VAULT authorizations may be granted to ____________________. (Choose all that apply.)

• A. Vault Users
• B. Vault Groups
• C. LDAP Users
• D. LDAP Groups

If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?

• A. Configure the Provider to change the password to match the Vault's Password
• B. Associate a reconcile account and configure the platform to reconcile automatically
• C. Associate a logon account and configure the platform to reconcile automatically
• D. Run the correct auto detection process to rediscover the password

Which usage can be added as a service account platform?

• A. Kerberos Tokens
• B. IIS Application Pools
• C. PowerShell Libraries
• D. Loosely Connected Devices

In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

• A. True
• B. False. Because the user can also enter credentials manually using Secure Connect
• C. False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect
• D. False. Because if credentials are not stored in the vault, the PSM will prompt for credentials

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

• A. True
• B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

• A. True; this is the default behavior
• B. False; this is not possible
• C. True, if the AllowFailback setting is set to "yes" in the padr.ini file
• D. True, if the AllowFailback setting is set to "yes" in the dbparm.ini file

You have been asked to turn off the time access restrictions for a safe. Where is this setting found?

• A. PrivateArk
• B. RestAPI
• C. Password Vault Web Access (PVWA)
• D. Vault

Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.

• A. TRUE
• B. FALSE

To enable the Automatic response `Add to Pending` within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

• A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
• B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe
• C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit
• D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

PSM captures a record of each command that was executed in Unix.

• A. TRUE
• B. FALSE

The vault supports Subnet Based Access Control.

• A. TRUE
• B. FALSE

Which of these accounts onboarding methods is considered proactive?

• A. Accounts Discovery
• B. Detecting accounts with PTA
• C. Rest API integration with account provisioning software
• D. DNA scan