CyberArk Defender

CyberArc CAU201
CyberArk Defender
Version: 4.0
CyberArc CAU201 Exam
QUESTION NO: 1
If a user is a member of more than one group that has authorizations on a safe, by default that
user is granted____________________.
A.
the vault will not allow this situation to occur.
B.
only those permissions that exist on the group added to the safe first.
C.
only those permissions that exist in all groups to which the user belongs.
D.
the cumulative permissions of all the groups to which that user belongs.
Answer: B
Explanation:
The correct answer is D
QUESTION NO: 2
It is possible to control the hours of the day during which a user may long into the vault.
A.
TRUE
B.
FALSE
Answer: A
Reference:
https://isecurenet.net/wp-content/uploads/2016/06/user-sb-cyberark_privileged_threat_analytics-
030916-final-en-web.pdf
QUESTION NO: 3
"Pass Any Exam. Any Time." - www.actualtests.com 2

VAULT authorizations may be granted to ____________________. (Choose all that apply.)
A.
Vault Users
B.
Vault Groups
C.
LDAP Users
D.
LDAP Groups
Answer: C
Explanation:
The correct answer is A,C
QUESTION NO: 4
What is the purpose of the Interval setting in a CPM policy?
A.
To control how often the CPM looks for System Initiated CPM work.
B.
To control how often the CPM looks for User Initiated CPM work.
C.
To control how long the CPM rests between password changes.
D.
To control the maximum amount of time the CPM will wait for a password change to complete.
Answer: A
Explanation:
QUESTION NO: 5
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some
of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the
show, copy, and connect buttons on those passwords at any time without confirmation. The
members of the AD group OperationsStaff need to be able to use the show, copy and connect
buttons on those passwords on an emergency basis, but only with the approval of a member of
OperationsManagers. The members of OperationsManagers never need to be able to use the
show, copy or connect buttons themselves.
Which safe permissions do you need to grant to OperationsStaff? (Choose all that apply.)
A.
Use Accounts
B.
Retrieve Accounts
C.
List Accounts
D.
Authorize Password Requests
E.
Access Safe without Authorization
Answer: A
Explanation:
The correct answer is A,B,C
QUESTION NO: 6
What is the purpose of the Immediate Interval setting in a CPM policy?
A.
To control how often the CPM looks for System Initiated CPM work.
B.
To control how often the CPM looks for User Initiated CPM work.
C.
To control how long the CPM rests between password changes.
D.
To control the maximum amount of time the CPM will wait for a password change to complete.
Answer: C
Explanation:
The correct answer is B.
QUESTION NO: 7
Which utilities could you use to change debugging levels on the vault without having to restart the
vault? (Choose all that apply.)
A.
PAR Agent
B.
PrivateArk Server Central Administration
C.
Edit DBParm.ini in a text editor.
D.
Setup.exe
Answer: A
Explanation:
The correct answer is A,B
QUESTION NO: 8
A Logon Account can be specified in the Master Policy.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 9
For an account attached to a platform that requires Dual Control based on a Master Policy
exception, how would you configure a group of users to access a password without approval?
A.
Create an exception to the Master Policy to exclude the group from the workflow process.
B.
Edit the master policy rule and modify the advanced ‘Access safe without approval’ rule to include
the group.
C.
On the safe in which the account is stored grant the group the ‘Access safe without audit’
authorization.
D.
On the safe in which the account is stored grant the group the ‘Access safe without confirmation’
authorization.
Answer: A
Reference:
https://www.reddit.com/r/CyberARk/comments/6270zr/dual_control_on_specific_accounts/
The correct answer is D.
QUESTION NO: 10
As long as you are a member of the Vault Admins group, you can grant any permission on any
safe that you have access to.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 11

Which report provides a list of accounts stored in the vault?
A.
Privileged Accounts Inventory
B.
Privileged Accounts Compliance Status
C.
Entitlement Report
D.
Activity Log
Answer: A
Reference:
https://techinsight.com.vn/language/en/privileged-account-security-solution-part-2/
QUESTION NO: 12
When on-boarding account using Accounts Feed, which of the following is true?
A.
You must specify an existing Safe where the account will be stored when it is on-boarded to the
Vault.
B.
You can specify the name of a new safe that will be created where the account will be stored when
it is on-boarded to the Vault.
C.
You can specify the name of a new Platform that will be created and associated with the account.
D.
Any account that is on-boarded can be automatically reconciled regardless of the platform it is
associated with.
Answer: C
Reference:
https://www.cyberark.com/resource/automating-privileged-account-onboarding/

QUESTION NO: 13
Target account platforms can be restricted to accounts that are stored in specific Safes using the
AllowedSafes property.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 14
Which one of the following reports is NOT generated by using the PVWA?
A.
Account Inventory
B.
Application Inventory
C.
Safes List
D.
Compliance Status
Answer: C
Reference:
https://techinsight.com.vn/language/en/privileged-account-security-solution-part-2/
QUESTION NO: 15

PSM captures a record of each command that was executed in Unix.
A.
TRUE
B.
FALSE
Answer: A
Explanation:
QUESTION NO: 16
Platform settings are applied to______________.
A.
The entire vault.
B.
Network Areas
C.
Safes
D.
Individual Accounts
Answer: C The correct answer is D.

Reference:
https://www.reddit.com/r/CyberARk/comments/avxnxz/safes_and_platform_association/
QUESTION NO: 17
Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where
accounts are configured for Dual control, still need to request approval to use the account.
A.

TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 18
What is the name of the Platform parameter that controls how long a password will stay valid when
One Time Passwords are enabled via the Master Policy?
A.
MinValidityPeriod
B.
Interval
C.
ImmediateInterval
D.
Timeout
Answer: D
Explanation:
The correct answer is A.
QUESTION NO: 19
It is possible to leverage DNA to provide discovery functions that are not available with auto-
detection.
A.
TRUE
B.
FALSE

Answer: A
Explanation:
QUESTION NO: 20
Which of the following files must be created or configured in order to run Password Upload Utility?
(Choose all that apply.)
A.
PACli.ini
B.
Vault.ini
C.
conf.ini
D.
A comma delimited upload file
Answer: C
Reference:
https://www.reddit.com/r/CyberARk/comments/84gfsb/password_upload_utility_error/
The correct answer is BCD
QUESTION NO: 21
Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI).
A.
TRUE
B.
FALSE
Answer: A
Explanation:

QUESTION NO: 22
What is the purpose of the HeadStartInterval setting in a platform?
A.
It determines how far in advance audit data is collected for reports.
B.
It instructs the CPM to initiate the password change process X number of days before expiration.
C.
It instructs the AIM Provider to ‘skip the cache’ during the defined time period.
D.
It alerts users of upcoming password changes x number of days before expiration.
Answer: B
Reference:
https://www.reddit.com/r/CyberARk/comments/6als67/can_someone_explain_what_the_headstart
_interval_is/
QUESTION NO: 23
It is possible to restrict the time of day, or day of week that a reconcile process can occur.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 24

Which of the following options is not set in the Master Policy?
A.
Password Expiration Time
B.
Enabling and Disabling of the Connection Through the PSM
C.
Password Complexity
D.
The use of “One-Time-Passwords”
Answer: C
Explanation:
QUESTION NO: 25
The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).
A.
TRUE
B.
FALSE
Answer: A
Explanation:
QUESTION NO: 26
The System safe allows access to the Vault configuration files.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 27
You have associated a logon account to one of your UNIX root accounts in the vault. When
attempting to change the root account’s password the CPM will…
A.
Log in to the system as root, then change root’s password.
B.
Log in to the system as the logon account, then change root’s password
C.
Log in to the system as the logon account, run the su command to log in as root, and then change
root’s password.
D.
None of these.
Answer: A
Explanation:
The correct answer is C.
QUESTION NO: 28
It is possible to restrict the time of day, or day of week that a verify process can occur.
A.
TRUE
B.
FALSE
Answer: B
Explanation:

QUESTION NO: 29
Which of the Following can be configured in the Master Policy? (Choose all that apply.)
A.
Dual Control
B.
One Time Passwords
C.
Exclusive Passwords
D.
Password Reconciliation
E.
Ticketing Integration
F.
Required Properties
G.
Custom Connection Components
H.
Password Aging Rules
Answer: A,B,D,H
Explanation:
The correct answer is ABCH
QUESTION NO: 30
If a password is changed manually on a server, bypassing the CPM, how would you configure the
account so that the CPM could resume management automatically?
A.
Configure the Provider to change the password to match the Vault’s Password
B.
Associate a reconcile account and configure the platform to reconcile automatically.
C.
Associate a logon account and configure the platform to reconcile automatically.
D.
Run the correct auto detection process to rediscover the password.
Answer: B
Explanation:
QUESTION NO: 31
What is the maximum number of levels of authorizations you can set up in Dual Control?
A.
1
B.
2
C.
3
D.
4
Answer: B
Explanation:
QUESTION NO: 32
As long as you are a member of the Vault Admins group you can grant any permission on any
safe.
A.
TRUE
B.
FALSE
Answer: B

Explanation:
QUESTION NO: 33
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?
A.
Create a privileged account on the target server. Allow this account the ability to SSH directly from
the CPM machine. Configure this account of the target server’s root account.
B.
Create a non-privileged account on the target server. Allow this account the ability to SSH directly
from the CPM machine. Configure this account as the Logon account of the target server’s root
account.
C.
Configure the Unix system to allow SSH logins.
D.
Configure the CPM to allow SSH logins.
Answer: B
Explanation:
QUESTION NO: 34
Which of the following statements are NOT true when enabling PSM recording for a target
Windows server? (Choose all that apply.)
A.
The PSM software must be installed on the target server.
B.
PSM must be enabled in the Master Policy (either directly, or through exception).
C.
PSMConnect must be added as a local user on the target server.

D.
RDP must be enabled on the target server.
Answer: C
Explanation:
The correct answer is AB.
QUESTION NO: 35
The Password upload utility can be used to create safes.
A.
TRUE
B.
FALSE
Answer: A
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Password-
Upload-Utility.htm
QUESTION NO: 36
Which CyberArk components products can be used to discover Windows Services or Scheduled
Tasks that use privileged accounts? (Choose all that apply.)
A.
Discovery and Audit (DNA)
B.
Auto Detection (AD)
C.
Export Vault Data (EVD)
D.
On Demand Privileges manager (OPM)

E.
Accounts Discovery
Answer: A,E
Explanation:
The correct answer is ABE.
QUESTION NO: 37
A Reconcile Account can be specified in the Master Policy.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 38
In order to connect to a target device through PSM, the account credentials used for the
connection must be stored in the vault?
A.
True.
B.
False. Because the user can also enter credentials manually using Secure Connect.
C.
False. Because if credentials are not stored in the vault, the PSM will log into the target device as
PSMConnect.
D.
False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.
Answer: B

Explanation:
QUESTION NO: 39
SAFE Authorizations may be granted to _________________. (Choose all that apply.)
A.
Vault Users
B.
Vault Groups
C.
LDAP Users
D.
LDAP Groups
Answer: A
Explanation:
The correct answer is ABCD
QUESTION NO: 40
Secure Connect provides the following features. (Choose all that apply.)
A.
PSM connections to target devices that are not managed by CyberArk.
B.
Session Recording.
C.
real-time live session monitoring.
D.
PSM connections from a terminal without the need to login to the PVWA.
Answer: A,B,C
Reference: https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Connecting-with-Secure-Connect.htm
QUESTION NO: 41
Which onboarding method would you use to integrate CyberArk with your accounts provisioning
process?
A.
Accounts Discovery
B.
Auto Detection
C.
Onboarding RestAPI functions
D.
PTA Rules
Answer: B
Explanation:
QUESTION NO: 42
What is the purpose of a linked account?
A.
To ensure that a particular collection of accounts all have the same password.
B.
To ensure a particular set of accounts all change at the same time.
C.
To connect the CPNI to a target system.
D.
To allow more than one account to work together as part of a password management process.
Answer: D
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Linked-
Accounts.htm
QUESTION NO: 43
Which of the following PTA detections are included in the Core PAS offering?
A.
Suspected Credential Theft
B.
Over-Pass-The Hash
C.
Golden Ticket
D.
Unmanaged Privileged Access
Answer: D
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/What-Does-PTA-
Detect.htm
The correct answer is AD.
QUESTION NO: 44
One can create exceptions to the Master Policy based on ____________________.
A.
Safes
B.
Platforms
C.
Policies
D.
Accounts
Answer: D The correct answer is B.

Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/The-Master-
Policy.htm
QUESTION NO: 45
The vault supports Role Based Access Control.
A.
TRUE
B.
FALSE
Answer: B
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Object-Level-
Access-Control.htm
QUESTION NO: 46 DRAG DROP
Match the log file name with the CyberArk Component that generates the log.
Answer:

Explanation:
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/PVWA-
Logging.htm
QUESTION NO: 47
Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when
SSH access for root is denied?
A.
Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses
the root SSH restriction.
B.
Yes, only if a logon account is associated with the root account and the user connects through the
PSM-SSH connection component.
C.
Yes, if a logon account is associated with the root account.
D.
No, it is not possible.
Answer: B
Reference:
https://www.reddit.com/r/CyberARk/comments/7zx8w5/ssh_connection/
QUESTION NO: 48
A user with administrative privileges to the vault can only grant other users privileges that he
himself has.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
QUESTION NO: 49
By default, members of which built-in groups will be able to view and configure Automatic
Remediation and Session Analysis and Response in the PVWA?
A.
Vault Admins
B.
Security Admins
C.
Security Operators
D.
Auditors

Answer: B
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/Security-
Configuration.htm
The correct answer is AB.
QUESTION NO: 50
CyberArk implements license limits by controlling the number and types of users that can be
provisioned in the vault.
A.
TRUE
B.
FALSE
Answer: A
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Managing-
the-CyberArk-License.htm
QUESTION NO: 51
Assuming a safe has been configured to be accessible during certain hours of the day, a Vault
Admin may still access that safe outside of those hours.
A.
TRUE
B.
FALSE
Answer: B
Reference:
https://www.freshers360.com/wp-content/uploads/2019/05/Privileged-Account-Security-
Implementation-Guide.pdf
QUESTION NO: 52
The Accounts Feed contains:
A.
Accounts that were discovered by CyberArk in the last 30 days
B.
Accounts that were discovered by CyberArk that have not yet been onboarded
C.
All accounts added to the vault in the last 30 days
D.
All users added to CyberArk in the last 30 days
Answer: A
Explanation:
QUESTION NO: 53
PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target
systems
A.
Windows
B.
UNIX
C.
Oracle
D.
All of the above
Answer: A The correct answer is D.

Reference:
https://knowhow.tajco-group.com/knowledge-base/using-a-standard-rdp-client-application/
QUESTION NO: 54
What is the primary purpose of One Time Passwords?
A.
Reduced risk of credential theft
B.
More frequent password changes
C.
Non-repudiation (individual accountability)
D.
To force a 'collusion to commit' fraud ensuring no single actor may use a password without
authorization.
Answer: A
Explanation:
QUESTION NO: 55
The vault supports Subnet Based Access Control.
A.
TRUE
B.
FALSE
Answer: A
Explanation:

QUESTION NO: 56
Ad-Hoc Access (formerly Secure Connect) provides the following features. (Choose all that apply.)
A.
PSM connections to target devices that are not managed by CyberArk.
B.
Session Recording.
C.
Real-time live session monitoring.
D.
PSM connections from a terminal without the need to login to the PVWA.
Answer: A,B,C
Explanation:
QUESTION NO: 57
When a group is granted the ‘Authorize Account Requests’ permission on a safe Dual Control
requests must be approved by
A.
Any one person from that group
B.
Every person from that group
C.
The number of persons specified by the Master Policy
D.
That access cannot be granted to groups
Answer: C
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Dual-
Control.htm#Confirmi

QUESTION NO: 58
When managing SSH keys, the CPM stores the Private Key
A.
In the Vault
B.
On the target server
C.
A&B
D.
Nowhere because the private key can always be generated from the public key.
Answer: A
Reference:
https://docs.cyberark.com/Product-
Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Managing%20SSH%20Keys.htm
QUESTION NO: 59
When managing SSH keys, the CPM stores the Public Key
A.
In the Vault
B.
On the target server
C.
A&B
D.
Nowhere because the public key can always be generated from the private key.
Answer: B
Reference:
Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Managing%20SSH%20Keys.htm
QUESTION NO: 60
Accounts Discovery allows secure connections to domain controllers.
A.
TRUE
B.
FALSE
Answer: B
Explanation:
The correct Answer is A.
QUESTION NO: 61
Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need
to be changed?
A.
HeadStartInterval
B.
Interval
C.
ImmediateInterval
D.
The CPM does not change the password under this circumstance
Answer: C
Explanation:

QUESTION NO: 62
Vault admins must manually add the auditors group to newly created safes so auditors will have
sufficient access to run reports.
A.
TRUE
B.
FALSE
Answer: B
Reference:
Doc/OnlineHelp/PAS/Latest/en/Content/MESSAGES/Password%20Vault%20Web%20Access%20
Messages-%20General.htm
QUESTION NO: 63
Which of the following Privileged Session Management solutions provide a detailed audit log of
session activities?
A.
PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
B.
PSM for Windows (previously known as RDP Proxy)
C.
PSM for SSH (previously known as PSM SSH Proxy)
D.
All of the above
Answer: A
Explanation:
QUESTION NO: 64
What is the primary purpose of Dual Control?
A.
B.
C.
D.
To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without
authorization.
Answer: D
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Dual-
Control.htm
QUESTION NO: 65
Time of day or day of week restrictions on when password verifications can occur configured in
____________________.
A.
The Master Policy
B.
The Platform settings
C.
The Safe settings
D.
The Account Details
Answer: B
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Verifying-
Passwords.htm

QUESTION NO: 66
Which parameter controls how often the CPM looks for accounts that need to be changed from
recently completed Dual control requests?
A.
HeadStartInterval
B.
Interval
C.
ImmediateInterval
D.
The CPM does not change the password under this circumstance
Answer: B
Explanation:
the correct answer is D.
QUESTION NO: 67
According to the DEFAULT Web Options settings, which group grants access to the REPORTS
page?
A.
PVWAUsers
B.
Vault Admins
C.
Auditors
D.
PVWAMonitor
Answer: D
Reference:
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/ReportsInPVWA.htm
QUESTION NO: 68
Which Master Policy Setting must be active in order to have an account checked-out by one user
for a pre-determined amount of time?
A.
Require dual control password access Approval
B.
Enforce check-in/check-out exclusive access
C.
Enforce one-time password access
D.
Enforce check-in/check-out exclusive access & Enforce one-time password access
Answer: B
Reference:
Doc/OnlineHelp/PrivCloud/Latest/en/Content/Privilege%20Cloud/privCloud-master-policy-
rules.htm
QUESTION NO: 69
The password upload utility must run from the CPM server
A.
TRUE
B.
FALSE
Answer: B
Reference:

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Password-
Upload-Utility.htm
QUESTION NO: 70
For a safe with Object Level Access enabled you can turn off Object Level Access Control when it
no longer needed on the safe.
A.
TRUE
B.
FALSE
Answer: B
Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Object-Level-
Access-Control.htm
QUESTION NO: 71
When creating an onboarding rule, it will be executed upon ___________________.
A.
All accounts in the pending accounts list
B.
Any future accounts discovered by a discovery process
C.
Both “All accounts in the pending accounts list” and “Any future accounts discovered by a
discovery process”
Answer: B
Explanation:

QUESTION NO: 72
How does the Vault administrator apply a new license file?
A.
Upload the license.xml file to the system Safe and restart the PrivateArk Server service
B.
Upload the license.xml file to the system Safe
C.
Upload the license.xml file to the Vault Internal Safe and restart the PrivateArk Server service
D.
Upload the license.xml file to the Vault Internal Safe
Answer: B
Explanation:
QUESTION NO: 73
When Dual Control is enabled a user must first submit a request in the Password Vault Web
Access (PVWA) and receive approval before being able to launch a secure connection via PSM
for Windows (previously known as RDP Proxy).
A.
True
B.
False, a user can submit the request after the connection has already been initiated via the PSM
for Windows
Answer: B
Explanation:
QUESTION NO: 74

Which of the following PTA detections require the deployment of a Network Sensor or installing
the PTA Agent on the domain controller?
A.
Suspected credential theft
B.
Over-Pass-The-Hash
C.
Golden Ticket
D.
Unmanaged privileged access
Answer: C
Explanation:
The correct is BC.
QUESTION NO: 75
Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux
machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM
server, which user will be utilized?
A.
Credentials stored in the Vault for the target machine
B.
Shadowuser
C.
PSMConnect
D.
PSMAdminConnect
Answer: C
Explanation:
QUESTION NO: 76

Which report shows the accounts that are accessible to each user?
A.
Activity report
B.
Entitlement report
C.
Privileged Accounts Compliance Status report
D.
Applications Inventory report
Answer: B
Explanation:
QUESTION NO: 77
The Vault administrator can change the Vault license by uploading the new license to the system
Safe.
A.
True
B.
False
Answer: A
Explanation:
QUESTION NO: 78
A Vault administrator have associated a logon account to one of their Unix root accounts in the
vault. When attempting to verify the root account’s password the Central Policy Manager (CPM)
will:
A.
ignore the logon account and attempt to log in as root
B.
prompt the end user with a dialog box asking for the login account to use
C.
log in first with the logon account, then run the SU command to log in as root using the password
in the Vault
D.
none of these
Answer: B
Explanation:
QUESTION NO: 79
Which is the primary purpose of exclusive accounts?
A.
B.
C.
D.
To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without
authorization
Answer: C
Explanation:
QUESTION NO: 80
What is the chief benefit of PSM?
A.
Privileged session isolation

B.
Automatic password management
C.
Privileged session recording
D.
‘Privileged session isolation’ and ‘Privileged session recording’
Answer: C
Explanation:
QUESTION NO: 81
A Simple Mail Transfer Protocol (SMTP) integration is critical for monitoring Vault activity and
facilitating workflow processes, such as Dual Control.
A.
True
B.
False
Answer: B
Explanation:
QUESTION NO: 82
CyberArk recommends implementing object level access control on all Safes.
A.
True
B.
False
Answer: B

Explanation:
QUESTION NO: 83
Which of the following logs contains information about errors related to PTA?
A.
ITAlog.log
B.
diamond.log
C.
pm_error.log
D.
WebApplication.log
Answer: B
Explanation:
QUESTION NO: 84
An auditor initiates a live monitoring session to PSM server to view an ongoing live session. When
the auditor’s machine makes an RDP connection the PSM server, which user will be used?
A.
PSMAdminConnect
B.
Shadowuser
C.
PSMConnect
D.
Credentials stored in the Vault for the target machine
Answer: A

Explanation:
QUESTION NO: 85
Which keys are required to be present in order to start the PrivateArk Server service?
A.
Recovery public key
B.
Recovery private key
C.
Server key
D.
Safe key
Answer: A,C
Explanation:
QUESTION NO: 86
Which of the following Privileged Session Management (PSM) solutions support live monitoring of
active sessions?
A.
PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web
Access (PVWA)
B.
PSM for Windows (previously known as RDP Proxy)
C.
PSM for SSH (previously known as PSM-SSH Proxy)
D.
All of the above
Answer: D
Explanation:
QUESTION NO: 87
Within the Vault each password is encrypted by:
A.
the server key
B.
the recovery public key
C.
the recovery private key
D.
its own unique key
Answer: D
Explanation:
QUESTION NO: 88
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode
once the Primary Vault comes back online.
A.
True; this is the default behavior
B.
False, the Vault administrator must manually set the DR Vault to DR mode by setting
“FailoverMode=no” in the padr.ini file
C.
True, if the AllowFailback setting is set to “yes” in the padr.ini file
D.
False, the Vault administrator must manually set the DR Vault to DR mode by setting
“FailoverMode=no” in the dbparm.ini file

Answer: B
Explanation:
QUESTION NO: 89
Which user(s) can access all passwords in the Vault?
A.
Administrator
B.
Any member of Vault administrators
C.
Any member of auditors
D.
Master
Answer: D
Explanation:
QUESTION NO: 90
Which report could show all accounts that are past their expiration dates?
A.
Privileged Account Compliance Status report
B.
Activity log
C.
Privileged Account Inventory report
D.
Application Inventory report
Answer: A

Explanation:
QUESTION NO: 91
Which values are acceptable in the address field of an Account?
A.
It must be a Fully Qualified Domain Name (FQDN)
B.
It must be an IP address
C.
It must be NetBIOS name
D.
Any name that is resolvable on the Central Policy Manager (CPM) server is acceptable
Answer: D
Explanation:
QUESTION NO: 92
tsparm.ini is the main configuration file for the Vault.
A.
True
B.
False
Answer: B
Explanation:
QUESTION NO: 93

Which combination of Safe member permissions will allow end users to log in to a remote machine
transparently but NOT show or copy the password?
A.
Use Accounts, Retrieve Accounts, List Accounts
B.
Use Accounts, List Accounts
C.
Use Accounts
D.
List Accounts, Retrieve Accounts
Answer: D
Explanation:
QUESTION NO: 94
A logon account can be specified in the platform settings.
A.
True
B.
False
Answer: A
Explanation:
QUESTION NO: 95
Which type of automatic remediation can be performed by the PTA in case of a suspected
credential theft security event?
A.
Password change

B.
Password reconciliation
C.
Session suspension
D.
Session termination
Answer: A
Explanation:
QUESTION NO: 96
dbparm.ini is the main configuration file for the Vault.
A.
True
B.
False
Answer: A
Explanation:
QUESTION NO: 97
A user has successfully conducted a short PSM session and logged off. However, the user cannot
access the Monitoring tab to view the recordings.
What is the issue?
A.
The user must login as PSMAdminConnect
B.
The PSM service is not running
C.
The user is not a member of the PVWAMonitor group
D.
The user is not a member of the Auditors group
Answer: D
Explanation:
QUESTION NO: 98
Which of the following components can be used to create a tape backup of the Vault?
A.
Disaster Recovery
B.
Distributed Vaults
C.
Replicate
D.
High Availability
Answer: C
Explanation:
QUESTION NO: 99
Which of the following are secure options for storing the contents of the Operator CD, while still
allowing the contents to be accessible upon a planned Vault restart? (Choose three.)
A.
Store the CD in a physical safe and mount the CD every time Vault maintenance is performed
B.
Copy the entire contents of the CD to the system Safe on the Vault
C.
Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS
permissions
D.
Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the
CD to a folder on the Vault Server and secure it with NTFS permissions
Answer: A,C,D
Explanation:
QUESTION NO: 100
Which of these accounts onboarding methods is considered proactive?
A.
Accounts Discovery
B.
Detecting accounts with PTA
C.
A Rest API integration with account provisioning software
D.
A DNA scan
Answer: B
Explanation:
the correct answer is C.
QUESTION NO: 101
When a DR Vault Server becomes an active vault, it will automatically fail back to the original state
once the Primary Vault comes back online.
A.
True; this is the default behavior
B.
False; this is not possible
C.
True, if the AllowFailback setting is set to “yes” in the padr.ini file
D.
True, if the AllowFailback setting is set to “yes” in the dbparm.ini file
Answer: B
Explanation:
QUESTION NO: 102
What is the purpose of the password change process?
A.
To test that CyberArk is storing accurate credentials for accounts
B.
To change the password of an account according to organizationally defined password rules
C.
To allow CyberArk to manage unknown or lost credentials
D.
To generate a new complex password
Answer: B
Explanation:
QUESTION NO: 103
What is the purpose of the CyberArk Event Notification Engine service?
A.
It sends email messages from the Central Policy Manager (CPM)
B.
It sends email messages from the Vault
C.
It processes audit report messages

D.
It makes Vault data available to components
Answer: D
Explanation:
QUESTION NO: 104
PTA can automatically suspend sessions if suspicious activities are detected in a privileged
session, but only if the session is made via the CyberArk PSM.
A.
True
B.
False, the PTA can suspend sessions whether the session is made via the PSM or not
Answer: B
Explanation:
QUESTION NO: 105
Which service should NOT be running on the DR Vault when the primary Production Vault is up?
A.
PrivateArk Database
B.
PrivateArk Server
C.
CyberArk Vault Disaster Recovery (DR) service
D.
CyberArk Logical Container
Answer: B

Explanation:
QUESTION NO: 106
Which user is automatically added to all Safes and cannot be removed?
A.
Auditor
B.
Administrator
C.
Master
D.
Operator
Answer: C
Explanation:
QUESTION NO: 107
What is the purpose of the PrivateArk Database service?
A.
Communicates with components
B.
Sends email alerts from the Vault
C.
Executes password changes
D.
Maintains Vault metadata
Answer: D
Explanation:

QUESTION NO: 108
A user is receiving the error message “ITATS006E Station is suspended for User jsmith” when
attempting to sign into the Password Vault Web Access (PVWA). Which utility would a Vault
administrator use to correct this problem?
A.
createcredfile.exe
B.
cavaultmanager.exe
C.
PrivateArk
D.
PVWA
Answer: C
Explanation:
QUESTION NO: 109
What is the purpose of the PrivateArk Server service?
A.
Executes password changes
B.
Maintains Vault metadata
C.
Makes Vault data accessible to components
D.
Sends email alerts from the Vault
Answer: C
Explanation:

QUESTION NO: 110
Select the best practice for storing the Master CD.
A.
Copy the files to the Vault server and discard the CD
B.
Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD
C.
Store the CD in a secure location, such as a physical safe
D.
Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a
folder secured with NTFS permissions on the Vault
Answer: D
Explanation:
QUESTION NO: 111
An auditor needs to login to the PSM in order to live monitor an active session. Which user ID is
used to establish the RDP connection to the PSM server?
A.
PSMConnect
B.
PSMMaster
C.
PSMGwUser
D.
PSMAdminConnect
Answer: D
Explanation:

QUESTION NO: 112
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
A.
Auditors
B.
Vault Admin
C.
DR Users
D.
Operators
Answer: A
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Monitoring-Privileged-
Sessions.htm?TocPath=End%20User%7CMonitor%20Sessions%7CClassic%20Interface%7C___
__1
Arrange the steps to restore a Vault using PARestore for a Backup in the correct sequence.
The correct ordered answer is:
1. BackupFilesDeletion=No
2. PARestore vault.ini operator /FullVaultRestore
3. CAVaultManager RecoverBackupFiles
3. CAVaultManager RestoreDB
4. BackupFilesDeletion=Yes,24,1,5,7d

Answer:
Explanation:
QUESTION NO: 114
To ensure all sessions are being recorded, a CyberArk administrator goes to the master policy and
makes configuration changes.
Which configuration is correct?
A.
Require privileged session monitoring and isolation = inactive; Record and save session activity =
active.
B.
Require privileged session monitoring and isolation = inactive; Record and save session activity =
inactive.
C.
Require privileged session monitoring and isolation = active; Record and save session activity =
active.
D.
Require privileged session monitoring and isolation = active; Record and save session activity =
inactive.
Answer: C
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-Recordings-and-Audits-in-PSM.htm
QUESTION NO: 115
Which certificate type do you need to configure the vault for LDAP over SSL?
A.
the CA Certificate that signed the certificate used by the External Directory
B.
a CA signed Certificate for the Vault server
C.
a CA signed Certificate for the PVWA server
D.
a self-signed Certificate for the Vault
Answer: A
Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Configuring-Transparent-User-
Management.htm#ConfigureLDAPoverSSLconnectionsrecommended
Match the built-in Vault User with the correct definition.

Answer:
Explanation:

Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Predefined-
Users-and-Groups.htm?TocPath=Administration%7CUser%20Management%7C_____7
QUESTION NO: 117
You are onboarding an account that is not supported out of the box.
What should you do first to obtain a platform to import?
A.
Create a service ticket in the customer portal explaining the requirements of the custom platform.
B.
Search common community portals like stackoverflow, reddit, github for an existing platform.
C.
From the platforms page, uncheck the “Hide non-supported platforms” checkbox and see if a
platform meeting your needs appears.
D.
Visit the CyberArk marketplace and search for a platform that meets your needs.

Answer: A
Explanation:
QUESTION NO: 118
You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?
A.
Vault Replicator
B.
PAS Reporter
C.
Remote Control Agent
D.
Syslog
Answer: C
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Remote-Administration-for-the-Vault-DR-
Vault.htm?tocpath=Administrator%7CComponents%7CDigital%20Vault%7COperate%20the%20C
yberArk%20Vault%7CMonitor%20the%20Vault%7C_____1
QUESTION NO: 119
You are logging into CyberArk as the Master user to recover an orphaned safe.
Which items are required to log in as Master?
A.
Master CD, Master Password, console access to the Vault server, Private Ark Client
B.

Operator CD, Master Password, console access to the PVWA server, PVWA access
C.
Operator CD, Master Password, console access to the Vault server, Recover.exe
D.
Master CD, Master Password, console access to the PVWA server, Recover.exe
Answer: A
Reference: https://cyberark-customers.force.com/s/article/How-to-log-in-as-the-Master-user
QUESTION NO: 120
Your organization requires all passwords be rotated every 90 days.
Where can you set this regulatory requirement?
A.
Master Policy
B.
Safe Templates
C.
PVWAConfig.xml
D.
Platform Configuration
Answer: A
Doc/OnlineHelp/PrivCloud/Latest/en/Content/Privilege%20Cloud/privCloud-master-policy-
rules.htm
QUESTION NO: 121
To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are
found, what are the minimum permissions required by PTAUser for the
PasswordManager_pending safe?
A.
List Accounts, View Safe members, Add accounts (includes update properties), Update Account
content, Update Account properties
B.
List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe
C.
Add accounts (includes update properties), Update Account content, Update Account properties,
View Audit
D.
View Accounts, Update Account content, Update Account properties, Access Safe without
confirmation, Manage Safe, View Audit
Answer: A
Explanation:
QUESTION NO: 122
You have been asked to turn off the time access restrictions for a safe.
Where is this setting found?
A.
PrivateArk
B.
RestAPI
C.
Password Vault Web Access (PVWA)
D.
Vault
Answer: A
Doc/OnlineHelp/PAS/11.2/en/Content/PASIMP/Advanced-Safe-Management.htm

QUESTION NO: 123
What is the configuration file used by the CPM scanner when scanning UNIX/Linux devices?
A.
UnixPrompts.ini
B.
plink.exe
C.
dbparm.ini
D.
PVConfig.xml
Answer: A
Doc/OnlineHelp/PrivCloud/Latest/en/Content/PASIMP/PVWA-Accounts-
Feed.htm#:~:text=When%20scanning%20Unix%2FLinux%20devices,ini%20configuration%20file
QUESTION NO: 124
You have been asked to secure a set of shared accounts in CyberArk whose passwords will need
to be used by end users. The account owner wants to be able to track who was using an account
at any given moment.
Which security configuration should you recommend?
A.
Configure one-time passwords for the appropriate platform in Master Policy.
B.
Configure shared account mode on the appropriate safe.
C.
Configure both one-time passwords and exclusive access for the appropriate platform in Master
Policy.
D.
Configure object level access control on the appropriate safe.
Answer: D
Explanation:
QUESTION NO: 125
In your organization the “click to connect” button is not active by default.
How can this feature be activated?
A.
Policies > Master Policy > Allow EPV transparent connections > Inactive
B.
Policies > Master Policy > Session Management > Require privileged session monitoring and
isolation > Add Exception
C.
Policies > Master Policy > Allow EPV transparent connections > Active
D.
Policies > Master Policy > Password Management
Answer: C
Doc/OnlineHelp/PAS/11.1/en/Content/TranparentConnections_Web.htm
QUESTION NO: 126
In the screenshot displayed, you just configured the usage in CyberArk and want to update its
password.
What is the least intrusive way to accomplish this?

A.
Use the “change” button on the usage’s details page.
B.
Use the “change” button on the parent account’s details page.
C.
Use the “sync” button on the usage’s details page.
D.
Use the “reconcile” button on the parent account’s details page.
Answer: B
Explanation:
QUESTION NO: 127
A Vault Administrator team member can log in to CyberArk, but for some reason, is not given Vault
Admin rights.
Where can you check to verify that the Vault Admins directory mapping points to the correct AD
group?

A.
PVWA > User Provisioning > LDAP Integration > Mapping Criteria
B.
PVWA > User Provisioning > LDAP Integration > Map Name
C.
PVWA > Administration > LDAP Integration > Mappings
D.
PVWA > Administration > LDAP Integration > AD Groups
Answer: C
Doc/OnlineHelp/PAS/Latest/en/Content/Landing%20Pages/LPLDAPIntegration.htm?TocPath=Ad
ministration%7CUser%20Management%7CTransparent%20user%20management%20using%20L
DAP%7C_____2
QUESTION NO: 128
A newly created platform allows users to access a Linux endpoint. When users click to connect,
nothing happens.
Which piece of the platform is missing?
A.
PSM-SSH Connection Component
B.
UnixPrompts.ini
C.
UnixProcess.ini
D.
PSM-RDP Connection Component
Answer: A
Explanation:

QUESTION NO: 129
Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for
output to text files or MSSQL databases?
A.
Export Vault Data
B.
Export Vault Information
C.
PrivateArk Client
D.
Privileged Threat Analytics
Answer: A
Doc/OnlineHelp/PAS/Latest/en/Content/EVD/Exporting-Data-to-Files.htm?Highlight=evd%20italog
QUESTION NO: 130
Which PTA sensors are required to detect suspected credential theft?
A.
Logs, Vault Logs
B.
Logs, Network Sensor, Vault Logs
C.
Logs, PSM Logs, CPM Logs
D.
Logs, Network Sensor, EPM
Answer: A
Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/10.10/en/Content/PTA/What-
Does-PTA-Detect.htm

QUESTION NO: 131
When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a
specific safe, which permission/s are required on that safe to show complete account inventory
information?
A.
List Accounts, View Safe Members
B.
Manage Safe Owners
C.
List Accounts, Access Safe without confirmation
D.
Manage Safe, View Audit
Answer: A
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/ReportsInPVWA.htm?TocPath=End%20User%7
CReports%20and%20Audits%7C_____1
QUESTION NO: 132
Which usage can be added as a service account platform?
A.
Kerberos Tokens
B.
IIS Application Pools
C.
PowerShell Libraries
D.
Loosely Connected Devices

Answer: D
Doc/OnlineHelp/PAS/11.3/en/Content/PASIMP/LooselyConnectedDevices.htm
Match each key to its recommended storage location.
Answer:
Explanation:
Explanation:

Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Server-
Keys.htm
QUESTION NO: 134
You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.
What do you need to recover and decrypt the object? (Choose three.)
A.
Recovery Private Key
B.
Recover.exe
C.
Vault data
D.
Recovery Public Key
E.
Server Key
F.
Master Password
Answer: A,D,E

Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Server-
Keys.htm?TocPath=Administration%7CComponents%7CDigital%20Vault%7CAdvanced%20Digit
al%20Vault%20Environment%7CCyberArk%20Vault%20Structure%7C_____3
QUESTION NO: 135
What is the easiest way to duplicate an existing platform?
A.
From PrivateArk, copy/paste the appropriate Policy.ini file; then rename it.
B.
From the PVWA, navigate to the platforms page, select an existing platform that is similar to the
new target account platform and then click Duplicate; name the new platform.
C.
From PrivateArk, copy/paste the appropriate settings in PVConfiguration.xml; then update the
policyName variable.
D.
From the PVWA, navigate to the platforms page, select an existing platform that is similar to the
new target account platform, manually update the platform settings and click “Save as” INSTEAD
of save to duplicate and rename the platform.
Answer: D
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Adding-New-
Platforms.htm#:~:text=Click%20ADMINISTRATION%20to%20display%20the,the%20Duplicate%2
0Platform%20window%20appears
Match the connection component to the corresponding OS/Function.

Answer:
Explanation:

Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/PSMConnectionComponents.htm
QUESTION NO: 137
The Privileged Access Management solution provides an out-of-the-box target platform to manage
SSH keys, called UNIX Via SSH Keys.
How are these keys managed?
A.
CyberArk stores Private keys in the Vault and updates Public keys on target systems.
B.
CyberArk stores Public keys in the Vault and updates Private keys on target systems.
C.
CyberArk does not store Public or Private keys and instead uses a reconcile account to create
keys on demand.
D.
CyberArk stores both Private and Public keys and can update target systems with either key.
Answer: A
Doc/OnlineHelp/PAS/11.4/en/Content/SSHKM/Using%20SSH%20Keys.htm

QUESTION NO: 138
You want to generate a license capacity report.
Which tool accomplishes this?
A.
Password Vault Web Access
B.
PrivateArk Client
C.
DiagnoseDB Report
D.
RestAPI
Answer: B
Doc/OnlineHelp/PAS/11.1/en/Content/PASIMP/Reporting-License-Usage.htm
Match the Status of Service on a DR Vault to what is displayed when it is operating normally in
Replication mode.

Running
Running
Stopped
Running
Stopped
Answer:
Explanation:

QUESTION NO: 140
You need to enable the PSM for all platforms.
Where do you perform this task?
A.
Platform Management > (Platform) > UI & Workflows
B.
Master Policy > Session Management
C.
Master Policy > Privileged Access Workflows
D.
Administration > Options > Connection Components
Answer: A
Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Customizing-PSM-for-Specific-
Platforms.htm?TocPath=Administration%7CComponents%7CPrivileged%20Session%20Manager
%7CConfiguration%7C_____8
I think the correct answer is B. If there is a requirement of enabling on only one

platform then the answer will be A.

CyberArk Defender

Uploaded by

Copyright:

Available Formats

CyberArk Defender

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CyberArk Defender

Uploaded by

Copyright:

Available Formats

What are the main topics covered in the document?

What are the main topics covered in the document?

What is the purpose of the Privileged Session Manager (PSM)?

What is the purpose of the Privileged Session Manager (PSM)?

CyberArc CAU201

The correct answer is D

"Pass Any Exam. Any Time." - www.actualtests.com 2

The correct answer is A,C

What is the purpose of the Interval setting in a CPM policy?

The correct answer is A,B,C

What is the purpose of the Immediate Interval setting in a CPM policy?

The correct answer is B.

A Logon Account can be specified in the Master Policy.

The correct answer is D.

"Pass Any Exam. Any Time." - www.actualtests.com 6

"Pass Any Exam. Any Time." - www.actualtests.com 7

"Pass Any Exam. Any Time." - www.actualtests.com 8

Platform settings are applied to______________.

Answer: C The correct answer is D.

"Pass Any Exam. Any Time." - www.actualtests.com 9

"Pass Any Exam. Any Time." - www.actualtests.com 10

The correct answer is BCD

"Pass Any Exam. Any Time." - www.actualtests.com 11

What is the purpose of the HeadStartInterval setting in a platform?

The correct answer is A.

"Pass Any Exam. Any Time." - www.actualtests.com 12

The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).

The System safe allows access to the Vault configuration files.

The correct answer is C.

"Pass Any Exam. Any Time." - www.actualtests.com 14

The correct answer is ABCH

"Pass Any Exam. Any Time." - www.actualtests.com 16

What is the BEST way to allow CPM to manage root accounts?

"Pass Any Exam. Any Time." - www.actualtests.com 17

The correct answer is AB.

The Password upload utility can be used to create safes.

"Pass Any Exam. Any Time." - www.actualtests.com 18

The correct answer is ABE.

A Reconcile Account can be specified in the Master Policy.

"Pass Any Exam. Any Time." - www.actualtests.com 19

SAFE Authorizations may be granted to _________________. (Choose all that apply.)

The correct answer is ABCD

What is the purpose of a linked account?

One can create exceptions to the Master Policy based on ____________________.

Answer: D The correct answer is B.

The vault supports Role Based Access Control.

QUESTION NO: 46 DRAG DROP

"Pass Any Exam. Any Time." - www.actualtests.com 23

"Pass Any Exam. Any Time." - www.actualtests.com 25

The Accounts Feed contains:

Answer: A The correct answer is D.

"Pass Any Exam. Any Time." - www.actualtests.com 27

What is the primary purpose of One Time Passwords?

The vault supports Subnet Based Access Control.

"Pass Any Exam. Any Time." - www.actualtests.com 28

"Pass Any Exam. Any Time." - www.actualtests.com 29

Accounts Discovery allows secure connections to domain controllers.

The correct Answer is A.

"Pass Any Exam. Any Time." - www.actualtests.com 31

"Pass Any Exam. Any Time." - www.actualtests.com 33