New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

PAM-SEN CyberArk Sentry PAM Questions and Answers

Questions 4

A customer is moving from an on-premises to a public cloud deployment.

What is the best and most cost-effective option to secure the server key?

Options:

A.

Install the Vault in the cloud the same way you would in an on-premises environment. Place the server key in a password protected folder on the operating system.

B.

Install the Vault in the cloud the same way you would in an on-premises environment. Purchase a Hardware Security Module to secure the server key.

C.

Install the Vault using the native cloud images and secure the server key using native cloud Key Management Systems.

D.

Install the Vault using the native cloud images and secure the server key with a Hardware Security Module.

Buy Now
Questions 5

What are the basic network requirements to deploy a CPM server?

Options:

A.

Port 1858 to Vault and Port 443 to PVWA

B.

Port 1858 only

C.

all ports to the Vault

D.

Port UDP/1858 to Vault and all required ports to targets and Port 389 to the PSM

Buy Now
Questions 6

Which component must be installed before the first CPM installation?

Options:

A.

PTA

B.

PSM

C.

PVWA

D.

EPM

Buy Now
Questions 7

A customer has five main data centers with one PVWA in each center under different URLs.

How can you make this setup fault tolerant?

Options:

A.

This setup is already fault tolerant.

B.

Install more PVWAs in each data center.

C.

Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered.

D.

Load balance all PVWAs under same URL.

Buy Now
Questions 8

Name two ways of viewing the ITAlog

Options:

A.

Log into the vault locally and navigate to the Server folder under the PrivateArk install location.

B.

Log into the PVWA and go to the Reports tab.

C.

Access the System Safe from the PrivateArk client.

D.

Go to the Thirdpary log directory on the CPM

Buy Now
Questions 9

Which statement is correct about CPM behavior in a distributed Vault environment?

Options:

A.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until another Vault is promoted as the new primary Vault.

B.

CPMs should access only the satellite Vaults.

C.

CPMs should only access the primary Vault. When it is unavailable, CPM cannot access any Vault until the original primary Vault is operational again.

D.

CPM should access all Vaults - primary and the satellite.

Buy Now
Questions 10

What is the name of the account used to establish the initial RDP session from the end user client machine to the PSM server?

Options:

A.

PSMConnect

B.

PSMAdminConnect

C.

PSM

D.

The credentials the end user retrieved from the vault

Buy Now
Questions 11

In order to retrieve data from the vault a user MUST use an interface provided by CyberArk.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 12

Which utility should be used to register the Vault in Amazon Web Services?

Options:

A.

CAVaultManager Most Voted

B.

StorageManager

C.

CloudVaultManager

D.

CACert

Buy Now
Questions 13

Which of the following are supported authentication methods for CyberArk? Check all that apply

Options:

A.

CyberArk Password (SRP)

B.

LDAP

C.

SAML

D.

PKI

E.

RADIUS

F.

OracleSSO

G.

Biometric

Buy Now
Questions 14

Which file would you modify to configure the vault to send SNMP traps to your monitoring solution?

Options:

A.

dbparm ini

B.

paragent.ini

C.

ENEConf.ini I

D.

padr ini

Buy Now
Questions 15

You are installing a CPM.

In addition to Add Safes, Add/Update Users, Reset Users’ Passwords and Manage Server File Categories, which Vault authorization(s) does a CyberArk user need to install the CPM?

Options:

A.

Manage Directory Mapping

B.

Activate Users

C.

Backup All Safes, Restore All Safes

D.

Audit Users, Add Network Areas

Buy Now
Questions 16

Which configuration file and Vault utility are used to migrate the server key to an HSM?

Options:

A.

DBparm.ini and CAVaultManager.exe

B.

VaultKeys.ini and CAVaultManager.exe

C.

DBparm.ini and ChangeServerKeys.exe

D.

VaultKeys.ini and ChangeServerKeys.exe

Buy Now
Questions 17

When integrating a Vault with HSM, which file is uploaded to the HSM device?

Options:

A.

server.key

B.

recpub.key

C.

recprv.key

D.

mdbase.dat

Buy Now
Questions 18

What would be a good use case for the Replicate module?

Options:

A.

Recovery Time Objectives or Recovery Point Objectives are at or near zero

B.

Integration with an Enterprise Backup Solution is required.

C.

Off site replication is required.

D.

PSM is used

Buy Now
Questions 19

After a PSM session is complete, the PSM server uploads the recording to the Vault for long-term storage.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 20

In addition to bit rate and estimated total duration of recordings per day, what is needed to determine the amount of storage required for PSM recordings?

Options:

A.

retention period

B.

number of PSMs

C.

number of users

D.

number of targets

Buy Now
Questions 21

Which authentication methods does PSM for SSH support?

Options:

A.

CyberArk password LDAP, RADIUS, SAML

B.

LDAP, Windows Authentication, SSH keys

C.

RADIUS, Oracle SSO, CyberArk Password

D.

CyberArk Password, LDAP, RADIUS

Buy Now
Questions 22

What is the purpose of the PSM health check hardening?

Options:

A.

Remove IIS settings which can be considered security vulnerabilities.

B.

Validate that the PSM is ready to be placed behind a load balancer.

C.

Confirm that the Windows Services for PSM are running on the server.

D.

Ensure that the AppLocker script does not have any syntax errors.

Buy Now
Questions 23

Which is the correct order of installation for PAS components?

Options:

A.

Vault, CPM. PVWA, PSM

B.

CPM, Vault. PSM, PVWA

C.

Vault, CPM. PSM, PVWA

D.

PVWA, Vault, CPM, PSM

Buy Now
Questions 24

Which component should be installed on the Vault if Distributed Vaults are used with PSM?

Options:

A.

RabbitMQ

B.

Disaster Recovery

C.

Remote Control Client

D.

Distributed Vault Server

Buy Now
Questions 25

If a transparent user matches two different directory mappings, how does the system determine which user template to use?

Options:

A.

The system will use the template for the mapping listed first.

B.

The system will use the template for the mapping listed last.

C.

The system will grant all of the vault authorizations from the two templates.

D.

The system will grant only the vault authorizations that are listed in both templates

Buy Now
Questions 26

The vault server uses a modified version of the Microsoft Windows firewall.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 27

Which parameter must be identical for both the Identity Provider (IdP) and the PVWA?

Options:

A.

IdP “EntityID” and “PartnerIdentityProvider Name” in PVWA saml.config file

B.

IdP “User name” and “SingleSignOnServiceUrl” in PVWA saml.config file

C.

IdP “Audience” and “ServiceProviderName” in the PVWA saml.config file

D.

IdP “Secure hash algorithm” and “Certificate” in the PVWA saml.config file

Buy Now
Questions 28

Which of the following are prerequisites for installing PVWA Check all that Apply.

Options:

A.

Web Services Role

B.

NET 4.5.1 Framework Feature

C.

Remote Desktop Services Role

D.

Windows BitLocker

Buy Now
Questions 29

A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.

Which locations must you update?

Options:

A.

on the Vault server in C:\Windows\System32\drivers\etc\hosts and in the PVWAApplication under Administration > LDAP Integration > Directories > Hosts

B.

on both the Vault and the PVWA servers in C:\Windows\System32\drivers\etc\hosts

C.

in the Private Ark client under Tools > Administrative Tools > Directory Mapping

D.

on the Vault server in the certificate store and on the PVWA server in the certificate store

Buy Now
Questions 30

What is a requirement for setting fault tolerance for PSMs?

Options:

A.

Use a load balancer

B.

Use a backup solution

C.

CPM must be in all data centers

D.

Install the Vault in an HA cluster

Buy Now
Questions 31

Your customer wants to store the Safes Data on Vault Drive D instead of Drive C.

Which file should you edit?

Options:

A.

TSparm.ini Most Voted

B.

Vault.ini

C.

DBparm.ini

D.

user.ini

Buy Now
Questions 32

Which file must you edit to ensure the PSM for SSH server is not hardened automatically after installation?

Options:

A.

vault.ini

B.

user.cred

C.

psmpparms

D.

psmgw.config

Buy Now
Questions 33

After installing the first PSM server and before installing additional PSM servers, you must ensure the user performing the installation is not a direct owner of which safe?

Options:

A.

PSMUnmanagedSessionAccounts Safe

B.

PSMRecordingsSessionAccounts Safe

C.

PSMUnmanagedApplicationAccounts Safe

D.

PSMSessionBackupAccounts Safe

Buy Now
Questions 34

A first PSM server has been installed.

What should you confirm before installing any additional PSM servers?

Options:

A.

The PSM ID of the first installed PSM server was changed and the additional PSM server can use the same PSM ID.

B.

The user performing the installation is a direct owner in the PSMUnmanagedSessionAccounts Safe, PSM safe and member of PVWAMonitor group.

C.

The user performing the installation is not a direct owner in the PSMUnmanagedSessionAccounts Safe. Most Voted

D.

The path of the Recordings Folder must be different on all PSM installations.

Buy Now
Questions 35

You are designing the number of PVWAs a customer must deploy. The customer has three data centers with a distributed Vault in each, requires high availability, and wants to use all Vaults at all times.

How many PVWAs does the customer need?

Options:

A.

six or more

B.

four

C.

two or less

D.

three

Buy Now
Questions 36

The PrivateArk clients allows a user to view the contents of the vault like a filesystem.

Options:

A.

TRUE

B.

FALSE

Buy Now
Questions 37

When performing “In Domain” hardening of a PSM server, which steps must be performed? (Choose two.)

Options:

A.

Import CyberArk policy settings from the provided file into a new GPO. Most Voted

B.

Apply advanced audit on the PSM server.

C.

Link GPO to a dedicated OU containing CyberArk PSM servers. Most Voted

D.

Import an INF file to the local machine.

E.

Configure AppLocker rules to block running unknown executables.

Buy Now
Questions 38

Which command should be executed to harden a Vault after registering it to Azure?

Options:

A.

HardenAzureFW.ps1 Most Voted

B.

ExecuteStage ./Hardening/HardeningConf.xml

C.

HardenVaultFW.ps1

D.

ExecuteStage ./PostInstallation/PostInstallation.xml

Buy Now
Questions 39

To apply a new license file you must:

Options:

A.

Upload the license.xml file to the System Safe

B.

Upload the license.xml file to the Vaultlnternal Safe.

C.

Upload the license.xml file to the System Safe and restart the PrivateArk Server service.

D.

Upload the license.xml file to the Vaultlnternal Safe and restart the PrivateArk Server service.

Buy Now
Questions 40

What is determined by the "MaxConcurrentConnections" setting within a platform?

Options:

A.

maximum number of concurrent connections that can be opened between the CPM and the remote machines for the platform

B.

maximum number of concurrent connections that can be between the PSM and the remote machines for the platform

C.

maximum number of concurrent connections allowed for a specific account on the platform through the PSM

D.

maximum number of concurrent connections to the Vault allowed for sending audit activities relating to the platform

Buy Now

Sentry |

Exam Code: PAM-SEN
Exam Name: CyberArk Sentry PAM
Last Update: Dec 26, 2024
Questions: 136
PAM-SEN pdf

PAM-SEN PDF

$25.5  $84.99
 Add to Cart
PAM-SEN Engine

PAM-SEN Testing Engine

$30  $99.99
 Add to Cart
PAM-SEN PDF + Engine

PAM-SEN PDF + Testing Engine

$40.5  $134.99
 Add to Cart