PAM-DEF Exam Questions

The Accounts Feed contains:

PSM for Windows (previously known as "RDP Proxy") supports connections to the following target systems

What is the primary purpose of One Time Passwords?

Users who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

When a group is granted the 'Authorize Account Requests' permission on a safe Dual Control requests must be approved by

When managing SSH keys, the CPM stored the Private Key

When managing SSH keys, the CPM stores the Public Key

Accounts Discovery allows secure connections to domain controllers.

Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

What is the primary purpose of Dual Control?

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

According to the DEFAULT Web Options settings, which group grants access to the REPORTS page?

Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

The password upload utility must run from the CPM server

For a safe with Object Level Access enabled you can turn off Object Level Access Control when it no longer needed on the safe.

The vault supports Subnet Based Access Control.

When creating an onboarding rule, it will be executed upon .

How does the Vault administrator apply a new license file?

When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM...

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client's machine makes an RDP connection to the PSM se...

Which report shows the accounts that are accessible to each user?

The Vault administrator can change the Vault license by uploading the new license to the system Safe.

A Vault administrator have associated a logon account to one of their Unix root accounts in the vault. When attempting to verify the root account's password the Central Policy Mana...

Which is the primary purpose of exclusive accounts?

What is the chief benefit of PSM?

A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and facilitating workflow processes, such as Dual Control.

CyberArk recommends implementing object level access control on all Safes.

Which of the following logs contains information about errors related to PTA?

An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When the auditor's machine makes an RDP connection the PSM server, which user will be...

Which keys are required to be present in order to start the PrivateArk Server service?

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

Within the Vault each password is encrypted by:

When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

Which user(s) can access all passwords in the Vault?

Which report could show all accounts that are past their expiration dates?

Which values are acceptable in the address field of an Account?

tsparm.ini is the main configuration file for the Vault.

Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

A logon account can be specified in the platform settings.

Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?

dbparm.ini is the main configuration file for the Vault.

A user has successfully conducted a short PSM session and logged off. However, the user cannot access the Monitoring tab to view the recordings. What is the issue?

Which of the following components can be used to create a tape backup of the Vault?

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose thre...

Which of these accounts onboarding methods is considered proactive?