Defender C201 Exam / Defender PAM
What is the chief benefit of PSM?
'Privileged session isolation' and 'Privileged session recording'
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)
- Operating System Username - Host IP Address - Client Hostname
Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)
- Store the CD in a physical safe and mount the CD every time Vault maintenance is performed - Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions - Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions
Which command configures email alerts within PTA if settings need to be changed post install?
/opt/tomcat/utility/emailConfiguration.sh
For each listed prerequisite, identify if it is mandatory or not mandatory to run the PSM Health Check.
1.PSM service installed on Windows 2016 or Windows 2019 2.Web Server (IIS 8.5) role is installed 3.A valid SSL certificate is installed on the Web Server https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PSM/psm_healthcheck.htm
Which of these accounts onboarding methods is considered proactive?
A Rest API integration with account provisioning software
A new HTML5 Gateway has been deployed in your organization. Where do you configure the PSM to use the HTML5 Gateway?
Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway
Match the built-in Vault User with the correct definition.
Administrator This user appears on the highest level of the User hierarchy and has all possible permissions. As such, it can create and manage other Users on any level on the User hierarchy. Auditor This user is a member of the Auditors group. This user appears at the top of the User hierarchy, enabling it to view all the Users in the Safe. The Auditor User can produce reports of Safe activities and User activities. This enables it to keep track of activity in the Safe and User requirements. Backup This user is a member of the Backup Users group. It has the Backup Safe authorization, and can backup all, several, or individual Safes. Batch This user is an internal user that cannot be logged onto. This user carries out internal tasks, such as automatically clearing expired user and Safe history. DR This user is a member of the DR Users group and is specifically for use in Disaster Recovery. This user can replicate the Safes in the production Vault to the Disaster Recovery Vault, keeping it continuously up-to-date. Master This user has all the available Safe member authorizations, except Authorize password requests, and therefore has complete control over the entire system. This user is used to manage a full recovery when necessary. The Master user can only log in with the Master CD, which contains the Private Recovery Key. In addition, the Master User enables the predefined Users immediately after installation and the initial network areas which enable other Users to begin working with the PrivateArk Client. It cannot be removed from any Safe. NotificationEngine This user is installed with the Event Notification Engine (ENE). It retrieves information about activities that occur in Safes as well as contact details of recipients so that the ENE can send notifications. It is a member of the Notification Engines group. Opera
Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?
All of the above
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
All of the above
For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?
An alert is generated in the Windows Event log.
When creating an onboarding rule, it will be executed upon ___________________.
Any future accounts discovered by a discovery process
Which values are acceptable in the address field of an Account?
Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
Auditors
Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.Select and Place:
BackupFilesDeletion=No PARestore vault.ini operator /FullVaultRestore CAVaultManager RecoverBackupFiles CAVaultManager RestoreDB BackupFilesDeletion=Yes,24,1,5,7d
You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment. Which security configuration should you recommend?
Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account. How should this be configured to allow for password management using least privilege?
Configure the UNIX platform to use the correct logon account.
Match the Status of Service on a DR Vault to what is displayed when it is operating normally in Replication mode.
CyberArk Hardened Windows Firewall - Running PrivateArk Database - Running PrivateArk Server - Stopped CyberArk Vault Disaster Recovery - Running CyberArk Event Notification Engine - Stopped
The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys.How are these keys managed?
CyberArk stores Private keys in the Vault and updates Public keys on target systems.
Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?
Enforce check-in/check-out exclusive access & Enforce one-time password access
Your organization has a requirement to allow users to `check out passwords` and connect to targets with the same account through the PSM. What needs to be configured in the Master policy to ensure this will happen?
Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
Which report shows the accounts that are accessible to each user?
Entitlement report
Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?
Export Vault Data
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.
FALSE
The password upload utility must run from the CPM server
FALSE
CyberArk recommends implementing object level access control on all Safes.
False
tsparm.ini is the main configuration file for the Vault.
False
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
False, the Vault administrator must manually set the DR Vault to DR mode by setting FailoverMode=no in the padr.ini file
When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.
False; this is not possible
What is the easiest way to duplicate an existing platform?
From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.
Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?
Golden Ticket / Over-Pass-The-Hash
Which usage can be added as a service account platform?
IIS Application Pools
What is the purpose of the CyberArk Event Notification Engine service?
It sends email messages from the Vault
To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?
List Accounts, Use Accounts
When running a `Privileged Accounts Inventory` Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?
List Accounts, View Safe Members https://docs.cyberark.com/PAS/Latest/en/Content/PASIMP/ReportsInPVWA.htm
To enable the Automatic response `Add to Pending` within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
You are creating a Dual Control workflow for a team's safe.Which safe permissions must you grant to the Approvers group?
List accounts, Authorize account request
Which PTA sensors are required to detect suspected credential theft?
Logs, Vault Logs https://docs.cyberark.com/PAS/10.10/en/Content/PTA/What-Does-PTA-Detect.htm
What is the purpose of the PrivateArk Database service?
Maintains Vault metadata
What is the purpose of the PrivateArk Server service?
Makes Vault data accessible to components
Which user is automatically added to all Safes and cannot be removed?
Master
Which user(s) can access all passwords in the Vault?
Master
You are logging into CyberArk as the Master user to recover an orphaned safe.Which items are required to log in as Master?
Master CD, Master Password, console access to the Vault server, Private Ark Client:
Your organization requires all passwords be rotated every 90 days.Where can you set this regulatory requirement?
Master Policy
You need to enable the PSM for all platforms.Where do you perform this task?
Master Policy > Session Management
Which is the primary purpose of exclusive accounts?
Non-repudiation (individual accountability)
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.Which piece of the platform is missing?
PSM-SSH Connection Component
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor's machine makes an RDP connection the PSM server, which user will be used?
PSMAdminConnect
An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?
PSMAdminConnect
Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client's machine makes anRDP connection to the PSM server, which user will be utilized?
PSMConnect
A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?
PVWA > Administration > LDAP Integration > Mappings
A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the account and identify who can approve their request.What is the correct location to identify users or groups who can approve?
PVWA> Policies > Access Control (Safes) > Safe Members > Workflow > Authorize Password Requests
According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?
PVWAMonitor
In a default CyberArk installation, which group must a user be a member of to view the `reports` page in PVWA?
PVWAMonitor
Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?
Password change
In your organization the `click to connect` button is not active by default.How can this feature be activated?
Policies > Master Policy > Allow EPV transparent connections > Active
You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user?
Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
A user is receiving the error message `ITATS006E Station is suspended for User jsmith` when attempting to sign into the Password Vault Web Access (PVWA).Which utility would a Vault administrator use to correct this problem?
PrivateArk
You have been asked to turn off the time access restrictions for a safe.Where is this setting found?
PrivateArk
You want to generate a license capacity report.Which tool accomplishes this?
PrivateArk Client
Which service should NOT be running on the DR Vault when the primary Production Vault is up?
PrivateArk Server
Which report could show all accounts that are past their expiration dates?
Privileged Account Compliance Status report
Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?
Privileged Accounts Compliance Status
Which permissions are needed for the Active Directory user required by the Windows Discovery process?
Read
DRAG DROP -Match each key to its recommended storage location.Select and Place:
Recovery Private Key = Physical Safe Recovery Prublic Key = Disk Drive on the Vault Server Key = HSM SSH Keys = Vault
You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.What do you need to recover and decrypt the object? (Choose three.)
Recovery Private Key, Recover.exe, Master Password
You have been asked to identify the up or down status of Vault services.Which CyberArk utility can you use to accomplish this task?
Remote Control Agent
Which of the following components can be used to create a tape backup of the Vault?
Replicate
To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes.Which configuration is correct?
Require privileged session monitoring and isolation = active; Record and save session activity = active.
In the Private Ark client, how do you add an LDAP group to a CyberArk group?
Select Update on the CyberArk group, and then click Add > LDAP Group
Which keys are required to be present in order to start the PrivateArk Server service?
Server key / Recovery public key
Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault. Which steps should you perform to restore DR replication to normal?
Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
Select the best practice for storing the Master CD.
Store the CD in a secure location, such as a physical safe
In a rule using `Privileged Session Analysis and Response` in PTA, which session options are available to configure as responses to activities?
Suspend, Terminate, None https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/Security-Configuration.htm?TocPath=End%20User%7CSecurity%20Events%7C_____3
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests?
The CPM does not change the password under this circumstance
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.
The Platform settings
You receive this error: `Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied.` Which root cause should you investigate?
The account does not have sufficient permissions to change its own password.
You are creating a shared safe for the help desk. What must be considered regarding the naming convention?
The use of these characters V:*<>".| is not allowed.
A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings.What is the issue?
The user is not a member of the Auditors group
What is the purpose of the password change process?
To change the password of an account according to organizationally defined password rules
What is the primary purpose of Dual Control?
To force a 'collusion to commit' fraud ensuring no single actor may use a password without authorization.
A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.
True
A logon account can be specified in the platform settings.
True
PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.
True
The Vault administrator can change the Vault license by uploading the new license to the system Safe.
True
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).
True
dbparm.ini is the main configuration file for the Vault.
True
What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?
UnixPrompts.ini
How does the Vault administrator apply a new license file?
Upload the license.xml file to the system Safe
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?
Use Accounts, List Accounts
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.What is the least intrusive way to accomplish this?
Use the change button on the parent account's details page.
To manage automated onboarding rules, a CyberArk user must be a member of which group?
Vault Admins
You are onboarding an account that is not supported out of the box. What should you do first to obtain a platform to import?
Visit the CyberArk marketplace and search for a platform that meets your needs.
Which of the following logs contains information about errors related to PTA?
diamond.log
Within the Vault each password is encrypted by:
its own unique key
A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password theCentral Policy Manager (CPM) will:
log in first with the logon account, then run the SU command to log in as root using the password in the Vault
How much disk space do you need on the server for a PAReplicate?
same as disk size on Primary Vault
Which certificate type do you need to configure the vault for LDAP over SSL?
the CA Certificate that signed the certificate used by the External Directory
