Free PAM-CDE-RECERT Sample Questions — CyberArk CDE Recertification

Which PTA sensors are required to detect suspected credential theft?

• A. Logs, Vault Logs
• B. Logs, Network Sensor, Vault Logs
• C. Logs, PSM Logs, CPM Logs
• D. Logs, Network Sensor, EPM

What is a requirement for setting fault tolerance for PSMs?

• A. Use a load balancer
• B. Use a backup solution
• C. CPM must be in all data centers
• D. Install the Vault in an HA cluster

Which files does the Vault Installation Wizard prompt you for during the Vault install?

• A. Operator CD & License file
• B. Master CD & License file
• C. Operator CD & Vault Certificate
• D. Master CD & DBparm.ini

You receive this error: "Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied." Which root cause should you investigate?

• A. The account does not have sufficient permissions to change its own password
• B. The domain controller is unreachable
• C. The password has been changed recently and minimum password age is preventing the change
• D. The CPM service is disabled and will need to be restarted

You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user?

• A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
• B. Private Ark Client > Tools-> Administrative Tools > Directory Mapping > Add
• C. PVWA > User Provisioning > LDAP Integration > Add Mapping
• D. PVWA > User Provisioning > Users and Groups > New > User

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

• A. retention period
• B. number of PSMs
• C. number of users
• D. number of targets

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account. How should this be configured to allow for password management using least privilege?

• A. Configure each CPM to use the correct logon account
• B. Configure each CPM to use the correct reconcile account
• C. Configure the UNIX platform to use the correct logon account
• D. Configure the UNIX platform to use the correct reconcile account

You have been asked to turn off the time access restrictions for a safe. Where is this setting found?

• A. PrivateArk
• B. RestAPI
• C. Password Vault Web Access (PVWA)
• D. Vault

After installing the first PSM server and before installing additional PSM servers, you must ensure the user performing the installation is not a direct owner of which safe?

• A. PSMUnmanagedSessionAccounts Safe
• B. PSMRecordingsSessionAccounts Safe
• C. PSMUnmanagedApplicationAccounts Safe
• D. PSMSessionBackupAccounts Safe

When running a "Privileged Accounts inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

• A. List Accounts, View Safe Members
• B. Manage Safe Owners
• C. List Accounts, Access Safe without confirmation
• D. Manage Safe, View Audit

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens. Which piece of the platform is missing?

• A. PSM-SSH Connection Component
• B. UnixPrompts.ini
• C. UnixProcess.ini
• D. PSM-RDP Connection Component

You are creating a Dual Control workflow for a team's safe. Which safe permissions must you grant to the Approvers group?

• A. List accounts, Authorize account request
• B. Retrieve accounts, Access Safe without confirmation
• C. Retrieve accounts, Authorize account request
• D. List accounts, Unlock accounts

Which item is an option for PSM recording customization?

• A. Windows events text recorder with automatic play-back
• B. Windows events text recorder and universal keystrokes recording simultaneously
• C. Universal keystrokes text recorder with windows events text recorder disabled
• D. Custom audio recording for windows events

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

• A. Privileged Accounts Inventory
• B. Privileged Accounts Compliance Status
• C. Activity Log
• D. Privileged Accounts CPM Status

Which usage can be added as a service account platform?

• A. Kerberos Tokens
• B. IIS Application Pools
• C. PowerShell Libraries
• D. Loosely Connected Devices

What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?

• A. UnixPrompts.ini
• B. plink.exe
• C. dbparm.ini
• D. PVConfig.xml

What is mandatory for a PVWA Installation?

• A. DNS entry for the PVWA url must be created
• B. company-signed TLS certificate must be imported into the server
• C. Vault Administrative User must be used to register the PVWA
• D. Data Execution Prevention must be disabled

Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

• A. Specify Amazon as the cloud vendor using the /CloudVendor Flag
• B. After running the postinstall utility restart the "PrivateArk Server" service
• C. Specify the Cloud region using the /CloudRegion flag
• D. Specify whether the Vault is distributed or stand alone

Which permissions are needed for the Active Directory user required by the Windows Discovery process?

• A. Domain Admin
• B. LDAP Admin
• C. Read/Write
• D. Read

As Vault Admin, you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?

• A. Audit Users and Add Network Areas
• B. Audit Users and Manage Directory Mapping
• C. Audit Users and Add/Update Users
• D. Audit Users and Activate Users