PAM-CDE-RECERT無料問題集「CyberArk CDE Recertification」

質問 1

Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)

（A）Client Hostname

（B）Operating System Type (Linux/Windows/HP-UX)

（C）Time Frame

（D）Host IP Address

（E）Operating System Username

（F）Vault IP Address

正解：A、D、E 解答を投票する

質問 2

Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?

（A）Suspected credential theft

（B）Over-Pass-The-Hash

（C）Unmanaged privileged access

（D）Golden Ticket

正解：D 解答を投票する

質問 3

Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

（A）The Master Policy

（B）The Platform settings

（C）The Safe settings

（D）The Account Details

正解：B 解答を投票する

質問 4

Match each key to its recommended storage location.

正解：

質問 5

You have been asked to secure a set of shared accounts in CyberArk whose passwords will need to be used by end users. The account owner wants to be able to track who was using an account at any given moment.
Which security configuration should you recommend?

（A）Configure object level access control on the appropriate safe.

（B）Configure one-time passwords for the appropriate platform in Master Policy.

（C）Configure shared account mode on the appropriate safe.

（D）Configure both one-time passwords and exclusive access for the appropriate platform in Master Policy.

正解：D 解答を投票する

質問 6

Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

（A）PSM for Windows (previously known as RDP Proxy)

（B）PSM for SSH (previously known as PSM-SSH Proxy)

（C）PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

（D）All of the above

正解：D 解答を投票する

質問 7

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

（A）Configure the Unix system to allow SSH logins.

（B）Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account.

（C）Configure the CPM to allow SSH logins.

（D）Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server's root account.

正解：B 解答を投票する

質問 8

Match the built-in Vault User with the correct definition.

正解：

Reference:
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Predefined-Users-and-Groups.htm?TocPath=Administration%7CUser%20Management%7C_____7

質問 9

When creating an onboarding rule, it will be executed upon .

（A）All accounts in the pending accounts list

（B）Any future accounts discovered by a discovery process

（C）Both "All accounts in the pending accounts list" and "Any future accounts discovered by a discovery process"

正解：B 解答を投票する

質問 10

To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

（A）List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

（B）View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

（C）List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

（D）Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

正解：C 解答を投票する

質問 11

What is the purpose of the HeadStartlnterval setting m a platform?

（A）It alerts users of upcoming password changes x number of days before expiration.

（B）It instructs the AIM Provider to 'skip the cache' during the defined time period

（C）It instructs the CPM to initiate the password change process X number of days before expiration.

（D）It determines how far in advance audit data is collected tor reports

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

What is the purpose of the password change process?

（A）To allow CyberArk to manage unknown or lost credentials

（B）To change the password of an account according to organizationally defined password rules

（C）To test that CyberArk is storing accurate credentials for accounts

（D）To generate a new complex password

正解：B 解答を投票する

質問 13

Customers who have the 'Access Safe without confirmation' safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

（A）FALSE

（B）TRUE

正解：A 解答を投票する

PAM-CDE-RECERT 無料問題集「CyberArk CDE Recertification」

弊社を連絡する

関連リンク

トップ試験