Free EPM-DEF Sample Questions — CyberArk Endpoint Privilege Manager

CyberArk EPM's Ransomware Protection comes with file types to be protected out of the box. If an EPM Administrator would like to remove a file type from Ransomware Protection, where can this be done?

• A. Policy Scope within Protect Against Ransomware
• B. Authorized Applications (Ransomware Protection) within Application Groups
• C. Set Security Permissions within Advanced Policies
• D. Protected Files within Agent Configurations

What best describes the purpose of the Policy Recommendations feature?

• A. suggest least privilege policies based on application usage patterns and behavior
• B. automatically block high-risk applications without user input
• C. enforce mandatory security updates for all endpoint devices
• D. recommend software upgrades for outdated applications

Where is the Download Immediate Enforcement Agent setting located in the CyberArk EPM console?

• A. Set Configuration
• B. Agent Configuration
• C. Administration
• D. Account Configuration

CyberArk EPM’s Ransomware Protection must be set to which mode to prevent ransomware?

• A. Detect
• B. Block
• C. Restrict
• D. Deny

If you want to diagnose agent EPM agent connectivity issues, what is the agent executable that can be used from the command line?

• A. vf_agent.exe
• B. epm_agent.exe
• C. vault_agent.exe
• D. db_agent.exe

What are default out-of-the-box predefined Application groups? (Choose two.)

• A. Elevate
• B. Stopped
• C. Elevate if necessary
• D. Developer applications
• E. Allowed sources

On the Default Policies page, what are the names of policies that can be set as soon as EPM is deployed?

• A. Privilege Escalation, Privilege Management, Application Management
• B. Privilege Management, Application Control, Threat analysis
• C. Privilege Management, Threat Protection, Application Escalation Control
• D. Privilege Management, Privilege Threat Protection, Local Privileged Accounts Management

What is the function of the group "Microsoft Windows Programs (default Policies)"?

• A. monitors or restricts access to sensitive resources for Microsoft Windows programs
• B. groups Microsoft Windows programs for easy management
• C. monitors the use of Windows programs for license management
• D. allows Windows applications to provide access to sensitive resources

After how many days will events be removed from event management?

• A. 14
• B. 30
• C. 90
• D. 365

As part of the IT team, you enabled auditing to record an end user's activities in the cmd application. When checking for a video file on an end user's computer, you found that it was deleted due to the default retention period. Now, you are trying to set the maximum retention period. What is the maximum retention period that can be set?

• A. 60 days
• B. 90 days
• C. 1 year
• D. 2 years

Which statements are correct about the functions of the Application Catalog? (Choose two.)

• A. It detects applications that are managed by policies and those that are not
• B. Threat analyses can be run on application events
• C. An event can be deleted before the retention period ends
• D. You can configure the number of displayed events in the Application Catalog up to 1000 events
• E. It detects only events for applications that are not managed by policies

Which types of sets are defined by their license type?

• A. regular machines and non-persistent VDI machines
• B. non-persistent VDI machines and full protection set
• C. credentials rotation and regular machines
• D. full protection set and credentials rotation set

What is the primary purpose of CyberArk CORA AI?

• A. Provide real-time antivirus protection for applications
• B. Recommend policy actions based on machine learning algorithms
• C. Manage user credentials and passwords
• D. Automatically block unauthorized users from accessing the network

Which action is required after adding driver-level exclusions for CybeArk EPM?

• A. Reboot the endpoint
• B. Restart the EPM service
• C. Manually update EPM settings
• D. Delete temporary files

What is the main reason to use the custom user access token for Elevate policies?

• A. to provide more privileges of permissions for the user
• B. to implement a less strict set of permissions for the user
• C. to provide least privileges of permissions for the user
• D. to impersonate the user with another set of permissions

Which types of reports does CyberArk EPM support?

• A. Events, Policies, Admin audits
• B. Events, Policies, Endpoints, Admin audits
• C. Events, Policies
• D. Events, Policies, Endpoints, Admin audits, Set Audits

An end user is reporting that an application that needs administrative rights is crashing when selecting a certain option menu item. The Application is part of an advanced elevate policy and is working correctly except when using that menu item. What could be the EPM cause of the error?

• A. The Users defined in the advanced policy do not include the end user running the application
• B. The Advanced: Time options are not set correctly to include the time that the user is running the application at
• C. The Elevate Child Processes option is not enabled
• D. The Specify permissions to be set for selected Services on End-user Computers is set to Allow Start/Stop

A company is looking to manage their Windows Servers and Desktops with CyberArk EPM. Management would like to define different default policies between the Windows Servers and Windows Desktops. What should the EPM Administrator do?

• A. In the Default Policies, exclude either the Windows Servers or the Windows Desktops
• B. Create Advanced Policies to apply different policies between Windows Servers and Windows Desktops
• C. CyberArk does not recommend installing EPM Agents on Windows Servers
• D. Create a separate Set for Windows Servers and Windows Desktops

How does a Trusted Source policy affect an application?

• A. Applications will be allowed to run and will only elevate if required
• B. Applications will be allowed to run and will inherit the process token from the EPM agent
• C. Applications will be allowed to run always in elevated mode
• D. Application from the defined trusted sources must be configured on a per applicationbasis, in order to define run and elevation parameters

What does the policy action influence?

• A. order of precedence
• B. policy name
• C. operating system
• D. application groups