PAM-DEF Exam Questions

When a DR Vault Server becomes an active vault, it will automatically fail back to the original state once the Primary Vault comes back online.

What is the purpose of the password change process?

What is the purpose of the CyberArk Event Notification Engine service?

PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

Which service should NOT be running on the DR Vault when the primary Production Vault is up?

Which user is automatically added to all Safes and cannot be removed?

What is the purpose of the PrivateArk Database service?

A user is receiving the error message "ITATS006E Station is suspended for User jsmith" when attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vaul...

What is the purpose of the PrivateArk Server service?

Select the best practice for storing the Master CD.

An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is used to establish the RDP connection to the PSM server?

Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and makes configuration changes. Which configuration is correct?

Which certificate type do you need to configure the vault for LDAP over SSL?

You are onboarding an account that is not supported out of the box. What should you do first to obtain a platform to import?

You have been asked to identify the up or down status of Vault services. Which CyberArk utility can you use to accomplish this task?

You are logging into CyberArk as the Master user to recover an orphaned safe. Which items are required to log in as Master?

Your organization requires all passwords be rotated every 90 days. Where can you set this regulatory requirement?

To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pend...

You have been asked to turn off the time access restrictions for a safe. Where is this setting found?

What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an a...

In your organization the "click to connect" button is not active by default. How can this feature be activated?

In the screenshot displayed, you just configured the usage in CyberArk and want to update its password. What is the least intrusive way to accomplish this?

A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights. Where can you check to verify that the Vault Admins directory mappin...

A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens. Which piece of the platform is missing?

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Which PTA sensors are required to detect suspected credential theft?

When running a "Privileged Accounts Inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inv...

Which usage can be added as a service account platform?

You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1. What do you need to recover and decrypt the object? (Choose three.)

What is the easiest way to duplicate an existing platform?

The Privileged Access Management solution provides an out-of-the-box target platform to manage SSH keys, called UNIX Via SSH Keys. How are these keys managed?

You want to generate a license capacity report. Which tool accomplishes this?

You need to enable the PSM for all platforms. Where do you perform this task?

How much disk space do you need on the server for a PAReplicate?

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?

A user requested access to view a password secured by dual-control and is unsure who to contact to expedite the approval process. The Vault Admin has been asked to look at the acco...

You are creating a Dual Control workflow for a team's safe. Which safe permissions must you grant to the Approvers group?

You receive this error: "Error in changepass to user domain\user on domain server(\domain.(winRc=5) Access is denied." Which root cause should you investigate?

You are creating a shared safe for the help desk. What must be considered regarding the naming convention?

Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the...

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

A new HTML5 Gateway has been deployed in your organization. Where do you configure the PSM to use the HTML5 Gateway?

Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?

In a default CyberArk installation, which group must a user be a member of to view the "reports" page in PVWA?

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary a...