CyberArk CDE Recertification PAM-CDE-RECERT Questions

Text Material Preview

PAM-CDE-RECERT CyberArk CDE Recertification exam dumps questions are
the best material for you to test all the related CyberArk exam topics. By using
the PAM-CDE-RECERT exam dumps questions and practicing your skills, you
can increase your confidence and chances of passing the PAM-CDE-RECERT
exam.
Features of Dumpsinfo’s products
Instant Download
Free Update in 3 Months
Money back guarantee
PDF and Software
24/7 Customer Support
Besides, Dumpsinfo also provides unlimited access. You can get all Dumpsinfo
files at lowest price.
CyberArk CDE Recertification PAM-CDE-RECERT exam free dumps questions
are available below for you to study. 
Full version: PAM-CDE-RECERT Exam Dumps Questions
1.Which tools are used during a CPM renaming process?
A. APIKeyManager Utility
B. CreateCredFile Utility
C. CPMinDomain_Hardening.ps1
D. PMTerminal.exe
E. Data Execution Prevention
Answer: A,B
2.Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux
machine using RemoteApp.
When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?
 1 / 8
https://www.dumpsinfo.com/unlimited-access/
https://www.dumpsinfo.com/exam/pam-cde-recert
A. Credentials stored in the Vault for the target machine
B. Shadowuser
C. PSMConnect
D. PSMAdminConnect
Answer: C
3.What is the purpose of the Immediate Interval setting in a CPM policy?
A. To control how often the CPM looks for System Initiated CPM work.
B. To control how often the CPM looks for User Initiated CPM work.
C. To control how often the CPM rests between password changes.
D. To Control the maximum amount of time the CPM will wait for a password change to complete.
Answer: B
Explanation:
When the Master Policy enforces check-in/check-out exclusive access, passwords are changed when
the user clicks the Release button and releases the account. This is based on the ImmediateInterval
parameter in the applied platform. If the user forgets to release the account, it is automatically
released and changed by the CPM after a predetermined number of minutes, defined in the
MinValidityPeriod parameter specified in the platform
4.Users can be resulted to using certain CyberArk interfaces (e.g.PVWA or PACLI).
A. TRUE
B. FALS
Answer: A
5.When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a
specific safe, which permission/s are required on that safe to show complete account inventory
information?
A. List Accounts, View Safe Members
B. Manage Safe Owners
C. List Accounts, Access Safe without confirmation
D. Manage Safe, View Audit
Answer: A
Explanation:
Reference: https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/ReportsInPVWA.htm?TocPath=End U
ser%7CReports and Audits%7C_____1
6.What is the name of the Platform parameters that controls how long a password will stay valid when
One Time Passwords are enabled via the Master Policy?
A. Min Validity Period
B. Interval
C. Immediate Interval
D. Timeout
Answer: A
Explanation:
Min Validity Period -The number of minutes to wait from the last retrieval of the password until it is
replaced. This gives the user a minimum period to be able to use the password before it is replaced.
Use -1 to ignore this property. This parameter is also used to release exclusive accounts
 2 / 8
https://www.dumpsinfo.com/
automatically Interval C“The number of minutes that the Central Policy Manager waits between
running periodic searches for the platform. Note: It is recommended to leave the default value of
1440. If a change/verify policy has been configured, the Central Policy Manager will automatically
align the periodic searches with the start of the defined timeframes.”
7.Which of the following Privileged Session Management solutions provide a detailed audit log of
session activities?
A. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
B. PSM for Windows (previously known as RDP Proxy)
C. PSM for SSH (previously known as PSM SSH Proxy)
D. All of the above
Answer: A
8.What is the purpose of the Interval setting in a CPM policy?
A. To control how often the CPM looks for System Initiated CPM work.
B. To control how often the CPM looks for User Initiated CPM work.
C. To control how long the CPM rests between password changes.
D. To control the maximum amount of time the CPM will wait for a password change to complete.
Answer: A
9.When onboarding multiple accounts from the Pending Accounts list, which associated setting must
be the same across the selected accounts?
A. Platform
B. Connection Component
C. CPM
D. Vault
Answer: A
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Onbo
arding-Accounts-and-SSH-Keys.htm?Highlight=safe does not support properties
10.DRAG DROP
Match each component to its respective Log File location.
Answer:
 3 / 8
https://www.dumpsinfo.com/
11.The vault supports Subnet Based Access Control.
A. TRUE
B. FALSE
Answer: A
12.What is the purpose of the PrivateArk Server service?
A. Executes password changes
B. Maintains Vault metadata
C. Makes Vault data accessible to components
D. Sends email alerts from the Vault
Answer: C
13.Which keys are required to be present in order to start the PrivateArk Server service?
A. Recovery public key
B. Recovery private key
C. Server key
D. Safe key
Answer: A,C
14.What is the easiest way to duplicate an existing platform?
A. From PrivateArk, copy/paste the appropriate Policy.ini file: then rename it.
B. from the PVWA, navigate to the platforms page, select the existing platform that is similar to the
new target account platform and click Duplicate, name the new platform.
C. From PrivateArk, cop/paste the appropriate setting in the PVConfiguration.xml then update the
policName variable.
D. From the PVWA, navigate to the platforms page, select existing platform that is similar to the new
target account platform, manually update the platform settings and click "Save as" instead of save to
duplicate and rename the platform.
Answer: B
15.Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need
to be changed.
A. HeadStartInterval
B. Interval
C. ImmediateInterval
D. The CPM does not change the password under this circumstance
Answer: C
 4 / 8
https://www.dumpsinfo.com/
16.Which of the following are secure options for storing the contents of the Operator CD, while still
allowing the contents to be accessible upon a planned Vault restart? (Choose three.)
A. Store the CD in a physical safe and mount the CD every time Vault maintenance is performed
B. Copy the entire contents of the CD to the system Safe on the Vault
C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS
permissions
D. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD
to a folder on the Vault Server and secure it with NTFS permissions
Answer: A,C,D
17.It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur
A. TRUE
B. FALSE
Answer: A
Explanation:
Password verification can be restricted to specific days. This means that the CPM will only verify
passwords on the days of the week specified in the VFExecutionDays parameter. The days of the
week are represented by the first 3 letters of the name of the day. Sunday is represented by Sun,
Monday by Mon, etc.
18.You are helping a customer prepare a Windows server for PSM installation.
What is required for a successful installation?
A. Window 2012 KB4558843
B. Remote Desktop services (RDS) Session Host Roles
C. Windows 2016 KB4558843
D. Remote Desktop services (RDS) Session Broker
Answer: B
19.When Dual Control is enabled a user must first submit a request inthe Password Vault Web
Access (PVWA) and receive approval before being able to launch a secure connection via PSM for
Windows (previously known as RDP Proxy).
A. True
B. False, a user can submit the request after the connection has already been initiated via the PSM
for Windows
Answer: B
20.As long as you are a member of the Vault Admins group, you can grant any permission on any
safe that you have access to.
A. TRUE
B. FALSE
Answer: B
Explanation:
Being in Vault admins group only give you access to safes which are created during installation (safe
created in installation process) -This is clearly mentioned in documents.
 5 / 8
https://www.dumpsinfo.com/
21.A customer is deploying PVWAs in the Amazon Web Services Public Cloud.
Which load balancing option does CyberArk recommend?
A. Network Load Balancer
B. Classic Load Balancer
C. HTTPS load balancer
D. Public standard load balancer
Answer: B
22.Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
A. Auditors
B. Vault Admin
C. DR Users
D. Operators
Answer: A
Explanation:
Reference: https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Monitoring-Privileged-Sessions.htm?TocPath=End
User%7CMonitor Sessions%7CClassic Interface %7C_____1
23. CyberArk recommends implementing object level access control on all Safes.
A. True
B. False
Answer: B
24.Which Cyber Are components or products can be used to discover Windows Services or
Scheduled Tasks that use privileged accounts? Select all that apply.
A. Discovery and Audit (DMA)
B. Auto Detection (AD)
C. Export Vault Data (EVD)
D. On Demand Privileges Manager (OPM)
E. Accounts Discovery
Answer: A,B,E
25.In addition to disabling Windows services or features not needed for PVWA operations, which
tasks does PVWA Hardening.ps1 perform when run?
A. Performs IIS hardening: Imports the CyberArk INF configuration
B. Performs IIS hardening: Configures all group policy settings
C. Performs IIS hardening: Renames the local Administrator Account
D. Configures Windows Firewall: Removes all installation files.
Answer: B
26.Assuming a safe has been configured to be accessible during certain hours of the day, a Vault
Admin may still access that safe outside of those hours.
A. TRUE
B. FALSE
Answer: B
 6 / 8
https://www.dumpsinfo.com/
27.An auditor needs to login to the PSM in order to live monitor an active session.
Which user ID is used to establish the RDP connection to the PSM server?
A. PSMConnect
B. PSMMaster
C. PSMGwUser
D. PSMAdminConnect
Answer: D
28.It is possible to control the hours of the day during which a user may log into the vault.
A. TRUE
B. FALSE
Answer: A
29.Which of the following logs contains information about errors related to PTA?
A. ITAlog.log
B. diamond.log
C. pm_error.log
D. WebApplication.log
Answer: B
30.A new domain controller has been added to your domain. You need to ensure the CyberArk
infrastructure can use the new domain controller for authentication.
Which locations must you update?
A. on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under
Administration > LDAP Integration > Directories > Hosts
B. on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in
Windows\System32\Etc\Hosts
C. in the Private Ark client under Tools > Administrative Tools > Directory Mapping
D. on the Vault server in the certificate store and on the PVWA server in the certificate store
Answer: C
Explanation:
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/Landing
Pages/LPLDAPIntegration.htm?TocPath=Administration%7CUser Management%7CTransparent user
management using LDAP%7C_____2
31.Within the Vault each password is encrypted by:
A. the server key
B. the recovery public key
C. the recovery private key
D. its own unique key
Answer: D
32.A logon account can be specified in the platform settings.
A. True
B. False
Answer: A
 7 / 8
https://www.dumpsinfo.com/
 8 / 8
https://www.dumpsinfo.com/