1 / 10

CAU302 Updated Exam Questions from Killtest V10.02

Use the updated CAU302 exam questions from Killtest to pass the test easily.

Killtest2021
Download Presentation

CAU302 Updated Exam Questions from Killtest V10.02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The safer , easier way to help you pass any IT exams. 1.To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers need to be configured to communicate with the Primary Vault and Satellite Vaults. What file needs to be changed on the PVWA to enable this setup? A. Vault.ini B. dbparm.ini C. pvwa.ini D. Satellite.ini Answer: A 2.Auto-Detection can be configured to leverage LDAP/S. A. TRUE B. FALSE Answer: A 3.Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports. A. TRUE B. FALSE Answer: B 4.When a group is granted the ‘Authorize Account Requests’ permission on a safe Dual Control requests must be approved by: A. Any one person from that group B. Every person from that group C. The number of persons specified by the Master Policy D. That access cannot be granted to groups Answer: C 5.When creating an onboarding rule, it will be executed upon. A. All accounts in the pending accounts list. B. Any future accounts discovered by a discovery process. C. All accounts in the pending accounts list and any future accounts discovered by a discovery process. Answer: B Explanation: Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Managing-Discovery -Processes.htm 6.You are successfully managing passwords in the alpha.cyberark com domain; however when you attempt to manage a password in the beta.cyberark.com domain, you receive the 'network path not found* error. What should you check first? A. That the username and password are correct. B. That the CPM can successfully resolve addresses in the beta cyberark com domain CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 2 / 9

  2. The safer , easier way to help you pass any IT exams. C. That the end user has the correct permissions on the safe D. That an appropriate trust relationship exists between alphaxyberark.com and beta.cyberark.com Answer: B 7.Which service should NOT be running on the DR Vault when the primary production Vault is up? A. PrivateArk Database B. PrivateArk Server C. CyberArk Vault Disaster Recovery Service D. CyberArk Logical Container Answer: B CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 8.Which of the following statements are NOT true when enabling PSM recording for a target Windows server? Choose all that apply A. The PSM software must be installed on the target server B. PSM must be enabled in the Master Policy {either directly, or through exception). C. PSMConnect must be added as a local user on the target server D. RDP must be enabled on the target server Answer: A 9.What is the primary purpose of Exclusive Accounts? A. Reduced risk of credential theft B. More frequent password changes C. Non-repudiation (individual accountability) D. To force a ‘collusion to commit’ fraud ensuring no single actor may use a password without authorization Answer: C 10.Which of the following are prerequisites for installing PVWA Check all that Apply A. Web Services Role B. NET 4.5.1 Framework Feature C. Remote Desktop Services Role D. Windows BitLocker Answer: A 11.To support a fault tolerant and high-availability architecture, the Password Vault Web Access (PVWA) servers must to be configured to communicate with the Primary Vault and Satellite Vaults. Which file needs to be changed on the PVWA to enable this setup? A. Vault.ini B. dbparm.ini C. pvwa.ini D. Satellite.ini Answer: A Explanation: Reference: 3 / 9

  3. The safer , easier way to help you pass any IT exams. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/11.1/en/Content/PAS%20INST/Password-Vault- Web-Access-Installation.htm 12.PSM captures a record of each command that was issues in SQL Plus. A. TRUE B. FALSE Answer: A 13.In Accounts Discovery, you can configure a Windows discovery to scan______________. A. as many OUs as you wish B. up to three OUs. C. only one OU. D. a number of OUs determined by the OUstoScan setting under the Accounts Feed section in the Administration tab Answer: C 14.One of your users is receiving the error message “ITATS006E Station is suspended for User jsmith” when attempting to sign in to the pvwa. Which utility would you use to correct this problem? A. createcredfile.exe B. cavaultmanager.exe C. PrivateArk D. PVWA Answer: C 15.Which of the following is NOT a use case for installing multiple CPMS? A. A single CPM cannot accommodate the total number of accounts managed B. Accounts are managed in multiple sites or VLANs protected by firewall C. Reduce network traffic across WAN links D. Provide load balancing capabilities when managing passwords on target devices Answer: D 16.Which service should NOT be running on the DR Vault when the primary Production Vault is up? A. PrivateArk Database B. PrivateArk Server C. CyberArk Vault Disaster Recovery (DR) service D. CyberArk Logical Container Answer: B 17.Where does the Vault administrator configure in Password Vault Web Access (PVWA) the Fully Qualified Domain Name (FQDN) of the domain controller during LDAP/S integration? A. PVWA > Platform Management > LDAP Integration B. PVWA > Administration > LDAP Integration C. PVWA > Administration > Options > LDAP Integration CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 4 / 9

  4. The safer , easier way to help you pass any IT exams. D. PVWA > LDAP Integration Answer: B Explanation: Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/Landing%20Pages/LPLDAPI ntegration.htm 18.What is the purpose of the password Change process? A. To test that CyberArk is storing accurate credentials for accounts B. To change the password of an account according to organizationally defined password rules C. To allow CyberArk to manage unknown or lost credentials D. To generate a new complex password Answer: B 19.Which keys are required to be present in order to start the PrivateArk Server Service? Select all that apply. A. Server Key B. Recovery Public Key C. Recovery Private Key D. Safe Key Answer: A Explanation: Reference: https://www.reddit.com/r/CyberARk/comments/8s96n8/certificat_problem_with_ my_vault/ 20.Which utilities could you use to change debugging levels on the vault without having to restart the vault Select all that apply. A. PAR Agent B. PrivateArk Server Central Administration C. Edit DBParm.ini in a text editor. D. Setup exe Answer: A,B 21.What is the purpose of the CyberArk Event Notification Engine service. A. It sends email messages from the CPM B. It sends email messages from the Vault. C. It processes audit report messages D. It makes vault data available to components. Answer: B 22.The Vault does not support dual factor authentication. A. True B. False Answer: B Explanation: CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 5 / 9

  5. The safer , easier way to help you pass any IT exams. Reference: https://duo.com/docs/cyberark 23.Any user can monitor live sessions in real time when users initiate RDP connection via Secure Connect through PSM? A. TRUE B. FALSE Answer: B 24.A safe was recently created by a user who is a member of the LDAP Vault Administrators group. Which of the following users does not have access to the newly created safe by default? A. Master B. Administrator C. Auditor D. Backup Answer: D 25.Which file is used to configure the ENE service? A. ENE.ini B. ENEConfig.ini C. dbparm.ini D. paragent.ini Answer: C 26.All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe The members of the AD group UnixAdmms need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to UnixAdmins? Check all that apply A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization Answer: A,B,C,E 27.The Application Inventory report is related to AIM. A. TRUE B. FALSE Answer: A 28.When managing SSH keys, the CPM stores the Public Key ________________. A. In the Vault CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 6 / 9

  6. The safer , easier way to help you pass any IT exams. B. On the target server C. A & B D. Nowhere because the public key can always be generated from the private key Answer: B 29.The ACME Company has been a CyberArk customer for many years. ACME Management has asked you to perform a “Health Check" review of the CyberArk deployment. During your analysis you discover that the PSM Component server is fully functional. The RDP SSL certificate is self-signed and the CyberArk Privileged Session Management Service is running under the Local Service. SSL 3.0 is enabled in the Registry. A. The PSM Component Server is configured as defined in PAS Installation Guide. B. The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed and must be rebuilt. C. The PSM Component Server has been installed correctly but PSM Hardening procedures have not been followed. Hardening procedures must be applied manually to the existing configuration. D. The PSM Component Server has been installed correctly but PVWA Hardening procedures have not been followed. Hardening procedures can be applied via the Installation Automation script or manually to the existing configuration. Answer: A 30.All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.) A. Use Accounts B. Retrieve Accounts C. List Accounts D. Authorize Password Requests E. Access Safe without Authorization Answer: A,B,C 31.tsparm.ini is the main configuration file for the vault. A. TRUE B. FALSE Answer: B 32.What is the proper way to allow the Vault to resolve host names? A. Define a DNS server. B. Define a WINS server. C. Define the local hosts file. D. The Vault cannot resolve host names due to security standards. CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 7 / 9

  7. The safer , easier way to help you pass any IT exams. Answer: A Explanation: Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Configuring-Tr ansparent-User-Management.htm 33.Which one of the following reports is NOT generated by using the PVWA? A. Accounts Inventory B. Application Inventory C. Active/Non-Active Users D. Compliance Status Answer: C 34.When working with the CyberArk Disaster Recovery (DR) solution, which services should be running on the DR Vault? A. CyberArk Vault Disaster Recovery (DR), PrivateArk Database B. CyberArk Vault Disaster Recovery C. CyberArk Vault Disaster Recovery, PrivateArk Database, PrivateArk Server D. CyberArk Vault Disaster Recovery, PrivateArk Database, CyberArk Event Notification Engine Answer: D 35.Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests? A. HeadStartInterval B. Interval C. ImmediateInterval D. The CPM does not change the password under this circumstance Answer: C 36.Which of the following PTA detections are included in the Core PAS offering? (Choose all that apply.) A. Suspected Credential Theft B. Over-Pass-The-Hash C. Golden Ticket D. Unmanaged Privileged Access Answer: A,B 37.Name two ways of viewing the ITAlog: A. Log into the vault locally and navigate to the Server folder under the PrivateArk install location. B. Log into the PVWA and go to the Reports tab. C. Access the System Safe from the PrivateArk client. D. Go to the Thirdpary log directory on the CPM Answer: A,C 38.Which utility can be used to copy a server key to an HSM? CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 8 / 9

  8. The safer , easier way to help you pass any IT exams. A. PrivateArk Client B. A proprietary utility provided by the HSM Vendor C. ChangeServerKeys.exe D. CAVaultManager.exe Answer: B Explanation: Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Distributed-Vault-HS M.htm 39.What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy? A. MinValidityPeriod B. Interval C. Immediatelnterval D. Timeout Answer: A 40.Which combination of safe member permissions will allow End Users to log in to a remote machine transparently but NOT show or copy the password? A. Use Accounts, Retrieve Accounts, List Accounts B. Use Accounts, List Accounts C. Use Accounts D. List Accounts, Retrieve Accounts Answer: D CAU302 CyberArk Certified Delivery Engineer (CDE) CyberArk Questions Killtest 9 / 9

More Related