Free PAM-SEN Sample Questions — CyberArk Sentry – PAM

Which browser is supported for PSM Web Connectors developed using the CyberArk Plugin Generator Utility (PGU)?

• A. Internet Explorer
• B. Google Chrome
• C. Opera
• D. Firefox

A customer's environment has three data centers consisting of 5,000 servers in Germany, 10,000 servers in Canada, and 1,500 servers in Singapore. You want to manage target servers and avoid complex firewall rules. How many CPMs should you deploy?

• A. 1
• B. 3 total, 1 per data center
• C. 15
• D. 6 total, 2 per data center

Which command should be executed to harden a Vault after registering it to Azure?

• A. HardenAzureFW.ps1
• B. ExecuteStage ./Hardening/HardeningConf.xml
• C. HardenVaultFW.ps1
• D. ExecuteStage ./PostInstallation/PostInstallation.xml

A customer wants to store PSM recordings for 100 days and estimates they will have 10 Windows sessions per day for 100 minutes each. What is the minimum storage required for the Vault and PAReplicate for the PSM recordings?

• A. 25 GB
• B. 250 GB
• C. 500 GB
• D. 5 GB

Which SMTP address can be set on the Notification Settings page to re-invoke the ENE setup wizard after the initial Vault installation?

• A. 255.255.255.255
• B. 8.8.8.8
• C. 192.168.1.1
• D. 1.1.1.1

Which step is required to register a Vault manually in Amazon Web Services using CAVaultManager?

• A. Specify Amazon as the cloud vendor using the /CloudVendor Flag
• B. After running the postinstall utility, restart the "PrivateArk Server" service
• C. Specify the Cloud region using the /CloudRegion flag
• D. Specify whether the Vault is distributed or stand alone

What is a step to enable NTP synchronization on a stand-alone Vault?

• A. Run Powershell and add the NTP module
• B. Restart the organization's NTP servers
• C. Edit dbparm.ini and add a Firewall rule for the NTP address
• D. Restart the Vault Event Notification Engine service

When SAML authentication is used to sign in to the PVWA, which service performs the actual authentication?

• A. Active Directory (AD)
• B. Identity Provider (IdP)
• C. Service Provider (SP)
• D. CyberArk Password Vault Web Access (PVWA)

What are the basic network requirements to deploy a CPM server?

• A. Port 1858 to Vault and Port 443 to PVWA
• B. Port 1858 only
• C. all ports to the Vault
• D. Port UDP/1858 to Vault and all required ports to targets and Port 389 to the PSM

Which method can be used to directly authenticate users to PSM for SSH? (Choose three.)

• A. CyberArk authentication
• B. LDAP authentication
• C. RADIUS authentication
• D. Windows authentication
• E. SAML authentication
• F. OpenID Connect (OIDC) authentication

A customer has two data centers and requires a single PVWA url. Which deployment provides the fastest time to reach the PVWA and the most redundancy?

• A. Deploy two PVWAs behind a global traffic manager
• B. Deploy one PVWA only
• C. Deploy two PVWAs in an active/standby mode
• D. Deploy two PVWAs using DNS round robin

What is determined by the "MaxConcurrentConnections" setting within a platform?

• A. maximum number of concurrent connections that can be opened between the CPM and the remote machines for the platform
• B. maximum number of concurrent connections that can be between the PSM and the remote machines for the platform
• C. maximum number of concurrent connections allowed for a specific account on the platform through the PSM
• D. maximum number of concurrent connections to the Vault allowed for sending audit activities relating to the platform

You are setting up a Linux host to act as an HTML 5 gateway for PSM sessions. Which servers need to be trusted by the Linux host to secure communications through the gateway?

• A. PSM and PVWA
• B. PSM and CPM
• C. PVWA and Vault
• D. Vault and PSM

If a customer has one data center and requires fault tolerance, how many PVWAs should be deployed?

• A. two or more
• B. one PVWA cluster
• C. one
• D. two PVWA clusters

Which configuration file and Vault utility are used to migrate the server key to an HSM?

• A. DBparm.ini and CAVaultManager.exe
• B. VaultKeys.ini and CAVaultManager.exe
• C. DBparm.ini and ChangeServerKeys.exe
• D. VaultKeys.ini and ChangeServerKeys.exe

What is the recommended method to determine if a PVWA is unavailable and should be disabled in a load balancing pool?

• A. Monitor Port 443 on the PVWA server
• B. Monitor Port 1858 on the PVWA server
• C. Ping the PVWA server
• D. Monitor Port 3389 on the PVWA server

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

• A. retention period
• B. number of PSMs
• C. number of users
• D. number of targets

You have been asked to limit a platform called “Windows_Servers” to safes called “WindowsDC1” and “WindowsDC2”. The platform must not be assigned to any other safe. What is the correct way to accomplish this?

• A. Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select General and modify “AllowedSafes” to be (WindowsDC1)|(WindowsDC2)
• B. Edit the “Windows_Servers” platform, expand “Automatic Password Management”, then select Options and modify “AllowedSafes” to be (Win*)
• C. Edit the “WindowsDC1” and “WindowsDC2” safes through Safe Management, Add “Windows_Servers” to the “AllowedPlatforms”
• D. Log in to PrivateArk using an Administrative user, Select File, Server File Categories, Locate the category “WindowsServersAllowedSafes” and specify “WindowsDC1,WindowsDC2”

What must you do to synchronize a new Vault server with an organization’s NTP server?

• A. Configure an AllowNonStandardFWAddresses rule for the organization’s NTP server in DBParm.ini on the Vault server
• B. Use the Windows Firewall console to configure a rule on the Vault server which allows communication with the organization’s NTP server
• C. Ensure the organization’s NTP server is installed in the same location as the Vault server requiring synchronization
• D. Update the AutoSyncExternalObjects configuration in DBParm.ini on the Vault server to schedule regular synchronization

Which statements are correct about the PSM HTML5 gateway? (Choose two.)

• A. Smart card redirection is supported
• B. It does not support connections to target system where NLA is enabled on the PSM server
• C. SSH sessions cannot be established
• D. Printer redirection cannot be enabled
• E. It does not support session recording capabilities for applications that run outside a web browser