Free CPC-SEN Sample Questions — CyberArk Sentry - Privilege Cloud

Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM. Which file should you update to allow this to run?

• A. PSMConfigureAppLocker.xml
• B. PSMHardening.xml
• C. PSMAppConfig.xml
• D. PSMConfigureHardening.xml

Which statement is correct about using the AllowedSafes platform parameter?

• A. It allows users to access accounts in specific safes
• B. It prevents the CPM from scanning all safes, restricting it to scan only safes that match the AllowedSafes configuration
• C. It allows the CPM to access PSM safes to monitor platform configuration and connection component changes
• D. It prevents the CPM from processing pending items in the Discovery safes enforcing manual intervention to complete the onboarding process

Which actions must be performed when manually hardening a SUSE server with PSM for SSH? (Choose two.)

• A. Update settings in the sshd_config file on the server
• B. Add the PSM for SSH gateway user to the passwd file
• C. Validate that the psmpgwuser.cred file has correct permissions
• D. Remove all users and groups from the passwd file
• E. Add the PSM gateway user to wheel group

Which statements accurately describe the process of LDAP integration with CyberArk Privilege Cloud Standard? (Choose two.)

• A. Directory maps determine user or group creation within the Privilege Cloud Vault
• B. tailored Python script is required to facilitate the LDAP server interaction
• C. Upon user login, their directory attributes are refreshed through the directory map
• D. For establishing a connection, the domain base context is not a prerequisite
• E. The LDAP BIND user requires domain administrative privileges for a successful connection

You plan to install the Privilege Cloud Connector on Windows 2019 servers and must leverage your existing RDS Per-user licenses for PSM connections. What must you do?

• A. Add the UseRDSPerUser=Yes line to the basic_psm.ini parameters file
• B. Install the RDS License Server Service on Windows 2016
• C. Migrate the local PSMConnect Users to Domain users
• D. Modify the UseRDSPerUser parameter to Yes on every Windows-related platform

You need to map an enterprise's Active Directory to Privilege Cloud Shared Services to enable users to log in to CyberArk through their LDAP credentials. What do you need to accomplish this? (Choose two.)

• A. read-only domain user to facilitate the LDAP mapping
• B. installation and configuration of the Identity Connector
• C. Port 636 open to the Privilege Cloud back-end
• D. trusted certificate for LDAP server installed on Identity Connector
• E. configuration of an Federated Domain on the Identity Platform

During CPM hardening, which locally created users are granted Logon as a Service rights in the local group policy? (Choose two.)

• A. PasswordManager
• B. PluginManagerUser
• C. ScannerUser
• D. PasswordManagerUser
• E. CPMServiceAccount

To use SAML authentication in Privilege Cloud Standard Services, users must first be defined in Privilege Cloud. What are correct methods for defining users? (Choose two.)

• A. Integrate Privileged Cloud with your LDAP server
• B. Integrate Privileged Cloud with SIEM
• C. Integrate Privileged Cloud with Email System
• D. Create users in Privilege Cloud with details identical to those who access Privilege Cloud through SAML authentication
• E. Create users in CyberArk Privileged Cloud Database using the 'CAVaultManager createuser' command

Which tool configures the user object that will be used during the installation of the PSM for SSH component?

• A. CreateUserPass
• B. CreateCredFile
• C. ConfigureCredFile
• D. ConfigureUserPass

You plan to install Privilege Cloud Connectors on your AWS and Azure environments. What is the maximum number of concurrent RDP/SSH sessions that each connector can handle for Large Implementations?

• A. 1–10
• B. 31–60
• C. 100
• D. 200

You want to add an additional maintenance user on the PSM for SSH. How can you accomplish this if InstallCyberarkSSHD is set to Integrated?

• A. Create a local user and add it to the PSMP_MaintenanceUsers Group
• B. Create a local user called proxymaster and add it to /etc/pam.d/auth-password
• C. Create a local user and add it to group configured for the parameter AllowGroups in the /etc/sshd_config file
• D. Create a local user called psmpmng and add to the PSMMaintenance Group in /etc/pam.d/auth-password

What is a requirement for increasing the redundancy of PSMs?

• A. Use a load balancer
• B. Set it by adding parameters to the basic_PSM.ini configuration file
• C. CPM must be in all data centers
• D. Install the Vault in an HA cluster

You want to enforce Multi-Factor Authentication (MFA) for all Privilege Cloud Shared Services users and require them to set up an MFA factor. How should you accomplish this?

• A. Only allow SAML as the authentication method, enforce MFA on the SAML Identity Provider (IdP), and ensure users set up MFA accordingly on the IdP
• B. Navigate to the Identity Administration Portal's policies section and configure the required authentication policies for CyberArk Identity
• C. Navigate to the Identity Administration Portal's policies section and set the user security policy for Privilege Cloud to an authentication profile that only allows Multiple Authentication mechanisms
• D. Navigate to the Identity Administration Portal's policies section and configure the authentication policies for CyberArk Identity, adding a new authentication rule that applies with an 'identity cookie' as a filter

What is the purpose of the PSM health check hardening?

• A. Remove IIS settings which can be considered security vulnerabilities
• B. Validate that the PSM is ready to be placed behind a load balancer
• C. Confirm that the Windows Services for PSM are running on the server
• D. Ensure that the AppLocker script does not have any syntax errors

What must be done before configuring directory mappings in the CyberArk Privilege Cloud Standard Portal for LDAP integration?

• A. Retrieve the LDAPS certificate and deliver it to CyberArk
• B. Create a new domain in the Privilege Cloud Portal
• C. Make sure HTTPS (443/tcp) is reachable over the Secure Tunnel
• D. Ensure the user connecting to the domain has administrative privileges

Which prerequisites are required for installing PSM for SSH (Unix Connector)? (Choose two.)

• A. Create the PSM for SSH parameters file on Unix server with InstallCyberArkSSHD= Yes
• B. Configure the root user to not authenticate to the Unix server remotely through SSH using a password
• C. Verify that outbound traffic from the Unix server is always routed through the same public-facing IP
• D. Create an administrative user on Unix server for future maintenance tasks
• E. Reset the default root account password before installing the PSM for SSH

When calling the PSM Health Check Webservice to assess the state of a PSM node, which response code does a healthy node return?

• A. 200 (OK)
• B. 404 (OK)
• C. 500 (OK)
• D. 503 (OK)

What must be done to configure the syslog server IP address(es) for SIEM integration? (Choose two.)

• A. Submit a service request to CyberArk Support
• B. Update the syslog server IP address through the Privilege Cloud Portal
• C. Update the DBPARM.ini file with the correct syslog server IP address
• D. Update the vault.ini file with the correct syslog server IP address
• E. Configure the Secure Tunnel for SIEM integration

Which authentication methods does PSM for SSH support? (Choose two.)

• A. OIDC
• B. MFA Caching
• C. SAML
• D. RADIUS
• E. Client Authentication Certificate

What is the default username for the PSM for SSH maintenance user?

• A. proxymng
• B. psmp_maintenance
• C. psmpmaintenanceuser
• D. proxyusr