[New-2023] CyberArk PAM-CDE-RECERT Exam Dumps With Free Questions

Jonnie Karnath2023-06-13T06:15:00+00:00

Are you preparing for the CyberArk PAM-CDE-RECERT Exam? Do you want to test your knowledge and skills before the actual exam? Certspots is here to help you! We offer CyberArk PAM-CDE-RECERT Exam Dumps with free questions to practice online. Our PAM-CDE-RECERT exam dumps are designed by CyberArk professionals and experts who have years of experience in the field. They cover all the topics and concepts that are required to pass the CyberArk PAM-CDE-RECERT Exam. Our PAM-CDE-RECERT exam dumps come with free questions that you can practice online. These questions are updated regularly to match the latest exam pattern and syllabus. At Certspots, we understand the importance of passing the CyberArk PAM-CDE-RECERT Exam. That’s why we offer high-quality PAM-CDE-RECERT exam dumps at an affordable price. With our exam dumps, you can prepare for the exam in a short time and pass it with ease.

So, what are you waiting for? Visit Certspots now and get CyberArk PAM-CDE-RECERT Exam Dumps with free questions to practice online.

Page 1 of 7

1. A Reconcile Account can be specified in the Master Policy.

TRUE

FALSE

2. PSM captures a record of each command that was executed in Unix.

TRIE

FALSE

3. Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

They are added to the Pending Accounts list and can be reviewed and manually uploaded.

They cannot be onboarded to the Password Vault.

They must be uploaded using third party tools.

They are not part of the Discovery Process.

4. You are installing multiple PVWAs behind a load balancer.

Which statement is correct?

Port 1858 must be opened between the load balancer and the PVWAs

The load balancer must be configured in DNS round robin.

The load balancer must support "sticky sessions".

The Load Balancer Client Address Header parameter in the PVw

ini file must be set.

5. A user with administrative privileges to the vault can only grant other users privileges that he himself has.

TRUE

FALSE

6. What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Log on to the PrivateArk Client, display the user properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

In the RADIUS server, define the CyberArk Vault as RADIUS client/agent.

In the Vault Installation folder, run CAVaultManger as Administrator with the SecureSecretFiles command.

Navigate to /Server/Conf and open DBParms.ini and set the RadiusServersInfo parameter.

7. Which certificate type do you need to configure the vault for LDAP over SSL?

the CA Certificate that signed the certificate used by the External Directory

a CA signed Certificate for the Vault server

a CA signed Certificate for the PVWA server

a self-signed Certificate for the Vault

8. tsparm.ini is the main configuration file for the Vault.

True

False

9. To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

10. A Vault administrator have associated a logon account to one of their Unix root accounts in the vault.

When attempting to verify the root account’s password the Central Policy Manager (CPM) will:

ignore the logon account and attempt to log in as root

prompt the end user with a dialog box asking for the login account to use

none of these

Page 2 of 7

11. A customer is deploying PVWAs in the Amazon Web Services Public Cloud.

Which load balancing option does CyberArk recommend?

Network Load Balancer

Classic Load Balancer

HTTPS load balancer

Public standard load balancer

12. You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

Recovery Private Key

Recover.exe

Vault data

Recovery Public Key

Server Key

Master Password

13. What is the purpose of the Immediate Interval setting in a CPM policy?

To control how often the CPM looks for System Initiated CPM work.

To control how often the CPM looks for User Initiated CPM work.

To control how often the CPM rests between password changes.

To Control the maximum amount of time the CPM will wait for a password change to complete.

14. A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign into the Password Vault Web Access (PVWA).

Which utility would a Vault administrator use to correct this problem?

createcredfile.exe

cavaultmanager.exe

PrivateArk

PVWA

15. Which tools are used during a CPM renaming process?

APIKeyManager Utility

CreateCredFile Utility

CPMinDomain_Hardening.ps1

PMTerminal.exe

Data Execution Prevention

16. To manage automated onboarding rules, a CyberArk user must be a member of which group?

Vault Admins

CPM User

Auditors

Administrators

17. Which of the following options is not set in the Master Policy?

Password Expiration Time

Enabling and Disabling of the Connection Through the PSM

Password Complexity

The use of “One-Time-Passwords”

18. All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.

Which safe permission do you need to grant Operations Staff? Check all that apply.

Use Accounts

Retrieve Accounts

Authorize Password Requests

Access Safe without Authorization

19. You need to enable the PSM for all platforms.

Where do you perform this task?

Platform Management > (Platform) > UI & Workflows

Master Policy > Session Management

Master Policy > Privileged Access Workflows

Administration > Options > Connection Components

20. DRAG DROP

Match each key to its recommended storage location.

Page 3 of 7

21. Which of the following PTA detections are included in the Core PAS offering?

Suspected Credential Theft

Over-Pass-The Hash

Golden Ticket

Unmanaged Privileged Access

22. When creating an onboarding rule, it will be executed upon .

All accounts in the pending accounts list

Any future accounts discovered by a discovery process

Both “All accounts in the pending accounts list” and “Any future accounts discovered by a discovery process”

23. When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.

True; this is the default behavior

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the padr.ini file

True, if the AllowFailback setting is set to “yes” in the padr.ini file

False, the Vault administrator must manually set the DR Vault to DR mode by setting “FailoverMode=no” in the dbparm.ini file

24. The Password upload utility can be used to create safes.

TRUE

FALS

25. Which permissions are needed for the Active Directory user required by the Windows Discovery process?

Domain Admin

LDAP Admin

Read/Write

Read

26. Ad-Hoc Access (formerly Secure Connect) provides the following features. Choose all that apply.

PSM connections to target devices that are not managed by CyberArk.

Session Recording.

Real-time live session monitoring.

PSM connections from a terminal without the need to login to the PVW

27. What is the purpose of the PrivateArk Database service?

Communicates with components

Sends email alerts from the Vault

Executes password changes

Maintains Vault metadata

28. Which component must be installed on the Vault if Distributed Vaults is used with PSM?

RabbitMQ

Disaster Recovery

Remote Control Client

Distributed Vault Server

29. Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

PSM for Windows (previously known as RDP Proxy)

PSM for SSH (previously known as PSM-SSH Proxy)

All of the above

30. Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

Operating System Username

Host IP Address

Client Hostname

Operating System Type (Linux/Windows/HP-UX)

Vault IP Address

Time Frame

Page 4 of 7

31. Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be changed.

HeadStartInterval

Interval

ImmediateInterval

The CPM does not change the password under this circumstance

32. In the Private Ark client, how do you add an LDAP group to a CyberArk group?

Select Update on the CyberArk group, and then click Add > LDAP Group

Select Update on the LDAP Group, and then click Add > LDAP Group

Select Member Of on the CyberArk group, and then click Add > LDAP Group

Select Member Of on the LDAP group, and then click Add > LDAP Group

33. A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault Admin rights.

Where can you check to verify that the Vault Admins directory mapping points to the correct AD group?

PVWA > User Provisioning > LDAP Integration > Mapping Criteria

PVWA > User Provisioning > LDAP Integration > Map Name

PVWA > Administration > LDAP Integration > Mappings

PVWA > Administration > LDAP Integration > AD Groups

34. Which Master Policy Setting must be active in order to have an account checked-out by one user for a pre-determined amount of time?

Require dual control password access Approval

Enforce check-in/check-out exclusive access

Enforce one-time password access

Enforce check-in/check-out exclusive access & Enforce one-time password access

35. DRAG DROP

Match the built-in Vault User with the correct definition.

36. Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

The Master Policy

The Platform settings

The Safe settings

The Account Details

37. PTA can automatically suspend sessions if suspicious activities are detected in a privileged session, but only if the session is made via the CyberArk PSM.

True

False, the PTA can suspend sessions whether the session is made via the PSM or not

38. In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system.

What is the BEST way to allow CPM to manage root accounts?

Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server’s root account.

Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server’s root account.

Configure the Unix system to allow SSH logins.

Configure the CPM to allow SSH logins.

39. In your organization the “click to connect” button is not active by default.

How can this feature be activated?

Policies > Master Policy > Allow EPV transparent connections > Inactive

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

Policies > Master Policy > Allow EPV transparent connections > Active

Policies > Master Policy > Password Management

40. Secure Connect provides the following. Choose all that apply.

PSM connections to target devices that are not managed by CyberArk.

Session Recording

Real-time live session monitoring.

PSM connections from a terminal without the need to login to the PVWA

Page 5 of 7

41. As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

TRUE

FALSE

42. Which option in the PrivateArk client is used to update users' Vault group memberships?

Update > General tab

Update > Authorizations tab

Update > Member Of tab

Update > Group tab

43. It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

TRUE

FALSE

44. For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Create an exception to the Master Policy to exclude the group from the workflow process.

Edith the master policy rule and modify the advanced’ Access safe without approval’ rule to include the group.

On the safe in which the account is stored grant the group the’ Access safe without audit’ authorization.

On the safe in which the account is stored grant the group the’ Access safe without confirmation’ authorization.

45. Which command configures email alerts within PTA if settings need to be changed post install?

/opt/tomcat/utility/emailConfiguration.sh

/opt/PTA/emailConfiguration.sh

/opt/PTA/utility/emailConfig.sh

/opt/tomcat/utility/emailSetup.sh

46. Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

Export Vault Data

Export Vault Information

PrivateArk Client

Privileged Threat Analytics

47. Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

HeadStartInterval

Interval

ImmediateInterval

The CPM does not change the password under this circumstance

48. A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.

Which piece of the platform is missing?

PSM-SSH Connection Component

UnixPrompts.ini

UnixProcess.ini

PSM-RDP Connection Component

49. Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Auditors

Vault Admin

DR Users

Operators

50. SAFE Authorizations may be granted to____________.

Select all that apply.

Vault Users

Vault Group

LDAP Users

LDAP Groups

Page 6 of 7

51. Which components can connect to a satellite Vault in distributed Vault architecture?

CPM, EPM, PTA

PVWA, PSM

CPM, PVWA, PSM

CPM, PSM

52. Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.

PAR Agent

PrivateArk Server Central Administration

Edit DBParm.ini in a text editor.

Setup.exe

53. DRAG DROP

Match each component to its respective Log File location.

54. In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

True.

False. Because the user can also enter credentials manually using Secure Connect.

False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSM Connect.

False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

55. A customer installed multiple PVWAs in the production environment behind a load balancer VIP. They subsequently observed that all incoming traffic from the load balancer VIP goes to only one PVWA, even though all the PVWAs are up and running.

What could be the likely cause of this situation?

The load balancing algorithm is the least connections algorithm.

The Certificate of the load balancer is not a wild card cert

The load balancing pool only has one PVWA server

SSL passthrough is not configured on the load balancer.

56. Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

TRUE

FALSE

57. Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp.

When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

Credentials stored in the Vault for the target machine

Shadowuser

PSMConnect

PSMAdminConnect

58. What is the purpose of the CyberArk Event Notification Engine service?

It sends email messages from the Central Policy Manager (CPM)

It sends email messages from the Vault

It processes audit report messages

It makes Vault data available to components

59. In a rule using “Privileged Session Analysis and Response” in PTA, which session options are available to configure as responses to activities?

Suspend, Terminate, None

Suspend, Terminate, Lock Account

Pause, Terminate, None

Suspend, Terminate

60. Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

TRUE

FALSE

Page 7 of 7

61. What is the easiest way to duplicate an existing platform?

From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform and then click Duplicate; name the new platform.

From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the policyName variable.

From the PVWA, navigate to the platforms page, select an existing platform that is similar to the new target account platform, manually update the platform settings and click “Save as” INSTEAD of save to duplicate and rename the platform.

62. You need to enable the PSM for all platforms. Where do you perform this task?

Platform Management > (Platform) > UI & Workflows

Master Policy > Session Management

Master Policy > Privileged Access Workflows

Administration > Options > Connection Components

63. Which usage can be added as a service account platform?

Kerberos Tokens

IIS Application Pools

PowerShell Libraries

Loosely Connected Devices

Facebook Twitter LinkedIn Google + Email

[New-2023] CyberArk PAM-CDE-RECERT Exam Dumps With Free Questions

[New-2023] CyberArk PAM-CDE-RECERT Exam Dumps With Free Questions

Author

LEAVE A COMMENT Cancel reply

Related Posts

CyberArk PAM-DEF-SEN Practice Exam Questions For Best Preparation

Latest CyberArk EPM-DEF Dumps Questions – Pass Exam With Ease [2023]

PAM-SEN CyberArk Sentry – PAM Exam Dumps 2023

PAM-DEF CyberArk Defender – PAM Free Dumps