[Apr 13, 2023] Download Free CyberArk PAM-DEF Real Exam Questions [Q87-Q106]

Share

[Apr 13, 2023] Download Free CyberArk PAM-DEF Real Exam Questions

Pass Your Exam With 100% Verified PAM-DEF Exam Questions

NEW QUESTION 87
A new domain controller has been added to your domain. You need to ensure the CyberArk infrastructure can use the new domain controller for authentication.
Which locations must you update?

  • A. in the Private Ark client under Tools > Administrative Tools > Directory Mapping
  • B. on the Vault server in Windows\System32\Etc\Hosts and in the PVWA Application under Administration > LDAP Integration > Directories > Hosts
  • C. on the Vault server in Windows\System32\Etc\Hosts and on the PVWA server in Windows\System32\Etc\Hosts
  • D. on the Vault server in the certificate store and on the PVWA server in the certificate store

Answer: A

 

NEW QUESTION 88
It is possible to restrict the time of day, or day of week that a [b]verify[/b] process can occur

  • A. TRUE
  • B. FALSE

Answer: A

Explanation:
Explanation
Password verification can be restricted to specific days. This means that the CPM will only verify passwords on the days of the week specified in the VFExecutionDays parameter. The days of the week are represented by the first 3 letters of the name of the day. Sunday is represented by Sun, Monday by Mon, etc.

 

NEW QUESTION 89
The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).

  • A. TRUE
  • B. FALS

Answer: A

 

NEW QUESTION 90
Which usage can be added as a service account platform?

  • A. PowerShell Libraries
  • B. IIS Application Pools
  • C. Loosely Connected Devices
  • D. Kerberos Tokens

Answer: C

 

NEW QUESTION 91
Which of these accounts onboarding methods is considered proactive?

  • A. A DNA scan
  • B. Accounts Discovery
  • C. Detecting accounts with PTA
  • D. A Rest API integration with account provisioning software

Answer: C

 

NEW QUESTION 92
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?

  • A. True.
  • B. False. Because the user can also enter credentials manually using Secure Connect.
  • C. False. Because if credentials are not stored in the vault, the PSM will log into the target device as PSM Connect.
  • D. False. Because if credentials are not stored in the vault, the PSM will prompt for credentials.

Answer: B

 

NEW QUESTION 93
It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

  • A. TRUE
  • B. FALS

Answer: A

 

NEW QUESTION 94
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

  • A. the vault will not allow this situation to occur.
  • B. only those permissions that exist in all groups to which the user belongs.
  • C. only those permissions that exist on the group added to the safe first.
  • D. the cumulative permissions of all groups to which that user belongs.

Answer: C

 

NEW QUESTION 95
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).

  • A. True
  • B. False, a user can submit the request after the connection has already been initiated via the PSM for Windows

Answer: B

 

NEW QUESTION 96
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?

  • A. Use Accounts
  • B. Use Accounts, List Accounts
  • C. List Accounts, Retrieve Accounts
  • D. Use Accounts, Retrieve Accounts, List Accounts

Answer: C

 

NEW QUESTION 97
You have been asked to identify the up or down status of Vault services.
Which CyberArk utility can you use to accomplish this task?

  • A. Syslog
  • B. Vault Replicator
  • C. Remote Control Agent
  • D. PAS Reporter

Answer: C

 

NEW QUESTION 98
DRAG DROP
Match the log file name with the CyberArk Component that generates the log.

Answer:

Explanation:
PTA diamond.log
Vault ITALog
CPM pm.log
PVWA CyberArk.WebApplication.log

 

NEW QUESTION 99
Which of the following options is not set in the Master Policy?

  • A. Password Expiration Time
  • B. The use of "One-Time-Passwords"
  • C. Enabling and Disabling of the Connection Through the PSM
  • D. Password Complexity

Answer: D

 

NEW QUESTION 100
Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

  • A. Golden Ticket
  • B. Suspected credential theft
  • C. Over-Pass-The-Hash
  • D. Unmanaged privileged access

Answer: A

 

NEW QUESTION 101
What is the purpose of the PrivateArk Database service?

  • A. Executes password changes
  • B. Sends email alerts from the Vault
  • C. Communicates with components
  • D. Maintains Vault metadata

Answer: D

 

NEW QUESTION 102
Match each component to its respective Log File location.

Answer:

Explanation:

 

NEW QUESTION 103
dbparm.ini is the main configuration file for the Vault.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 104
Which of the following PTA detections are included in the Core PAS offering?

  • A. Suspected Credential Theft
  • B. Over-Pass-The Hash
  • C. Golden Ticket
  • D. Unmanaged Privileged Access

Answer: D

 

NEW QUESTION 105
Which certificate type do you need to configure the vault for LDAP over SSL?

  • A. a CA signed Certificate for the Vault server
  • B. the CA Certificate that signed the certificate used by the External Directory
  • C. a CA signed Certificate for the PVWA server
  • D. a self-signed Certificate for the Vault

Answer: B

 

NEW QUESTION 106
......

PAM-DEF Dumps 100 Pass Guarantee With Latest Demo: https://www.itexamreview.com/PAM-DEF-exam-dumps.html

PAM-DEF Dumps PDF - PAM-DEF Real Exam Questions Answers: https://drive.google.com/open?id=1JEPtKsddmvfrTOwe0sgqUdWxoY1_XkCp