PAM-DEF Online Practice Questions and Answers

DRAG DROP

Match each key to its recommended storage location.

Select and Place:

To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?

A. List Accounts, Use Accounts

B. List Accounts, Use Accounts, Retrieve Accounts

C. Use Accounts

D. List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation

Which of these accounts onboarding methods is considered proactive?

A. Accounts Discovery

B. Detecting accounts with PTA

C. A Rest API integration with account provisioning software

D. A DNA scan

Select the best practice for storing the Master CD.

A. Copy the files to the Vault server and discard the CD

B. Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD

C. Store the CD in a secure location, such as a physical safe

D. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with NTFS permissions on the Vault

You have been given the requirement that certain accounts cannot have their passwords updated during business hours.

How can you set up a configuration to meet this requirement?

A. Change settings on the CPM configuration safe so that access is permitted after business hours only.

B. Update the password change parameters of the platform to match the permitted time frame.

C. Disable automatic CPM management for all accounts that are assigned to this platform.

D. Add an exception to the Master Policy to allow the action for this platform during the permitted time.

What are the mandatory fields when onboarding from Pending Accounts? (Choose two.)

A. Address

B. Safe

C. Account Description

D. Platform

E. CPM

Which methods can you use to add a user directly to the Vault Admin Group? (Choose three.)

A. REST API

B. PrivateArk Client

C. PACLI

D. PVWA

E. Active Directory

F. Sailpoint

Which processes reduce the risk of credential theft? (Choose two.)

A. require dual control password access approval

B. require password change every X days

C. enforce check-in/check-out exclusive access

D. enforce one-time password access

It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.

A. TRUE

B. FALS

Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

A. TRUE

B. FALSE