PAM-DEF Online Practice Questions and Answers

Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?

A. PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)

B. PSM for Windows (previously known as RDP Proxy)

C. PSM for SSH (previously known as PSM SSH Proxy)

D. All of the above

Assuming a safe has been configured to be accessible during certain hours of the day, a Vault Admin may still access that safe outside of those hours.

A. TRUE

B. FALSE

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to [b]change [/b] the root account's password the CPM will.....

A. Log in to the system as root, then change root's password

B. Log in to the system as the logon account, then change roofs password

C. Log in to the system as the logon account, run the su command to log in as root, and then change root's password.

D. None of these

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.

Which security configuration should you recommend?

A. Configure one-time passwords for the appropriate platform in Master Policy.

B. Configure shared account mode on the appropriate safe.

C. Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

D. Configure object level access control on the appropriate safe.

PSM captures a record of each command that was executed in Unix.

A. TRIE

B. FALSE

By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

A. Vault Admins

B. Security Admins

C. Security Operators

D. Auditors

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

A. The heartbeat s no longer detected on the private network.

B. The shared storage array is offline.

C. An alert is generated in the Windows Event log.

D. The Digital Vault Cluster does not detect a node failure.

Accounts Discovery allows secure connections to domain controllers.

A. TRUE

B. FALSE

The vault supports Subnet Based Access Control.

A. TRUE

B. FALSE

Your customer, ACME Corp, wants to store the Safes Data in Drive D instead of Drive C. Which file should you edit?

A. TSparm.ini

B. Vault.ini

C. DBparm.ini

D. user.ini