Quiz For Cyberark's Cau302: Defender + Sentry (Over 230 Questions In Quiz Engine)
This quiz engine has be developed by CyberArk Engineers who have PASSED CyberArk's CAU302 (v10) certification exam. Real questions from the CyberArk CAU302 certification exam are developed into this quiz engine so you will be well prepared for the official CyberArk CAU302: Defender + Sentry certification exam.
Each quiz attempt includes 80 questions, drawing from 230+ questions in the quiz engine, giving you 180 minutes to complete just like the official certification exam.
With OVER 230 questions in the quiz engine, this is the MOST comprehensive quiz to prepare you for CyberArk's CAU302 Defender + Sentry certification exam. You can Read moretake this quiz an UNLIMITED number of times, in order to help better prepare you for the official CyberArk CAU302: Defender + Sentry certification exam hosted by Pearson VUE.
After each attempt of this quiz you will be able to review your results, and many of the questions provide explanations for the correct answer making you feel as though you are being taught by a certified CyberArk instructor.
If you prefer to first attempt the FREE sample quiz, please click here.
- 1.
What is the purpose of the Allowed Safes parameter in a CPM policy? (select all that apply)
- A.
To improve performance by reducing CPM workload.
- B.
To prevent accidental use of a policy in the wrong safe.
- C.
To allow users to access only the passwords they should be able to access.
- D.
To enforce Least Privilege in CyberArk.
Correct Answer(s)
A. To improve performance by reducing CPM workload.
B. To prevent accidental use of a policy in the wrong safe. -
- 2.
VAULT authorizations may be granted to ________________. (select all that apply.)
- A.
Vault Users
- B.
Vault Groups
- C.
LDAP Users
- D.
LDAP Groups
Correct Answer(s)
A. Vault Users
C. LDAP Users -
- 3.
Which of the following statements are NOT true when enabling PSM recording for a target Windows server? (select all that apply)
- A.
The PSM software must be installed on the target server.
- B.
PSM must be enabled in the Master Policy (either directly, or through exception).
- C.
PSMConnect must be added as a local user on the target server.
- D.
RDP must be enabled on the target server.
Correct Answer(s)
A. The PSM software must be installed on the target server.
C. PSMConnect must be added as a local user on the target server. -
- 4.
Which Built-In group grants access to the ADMINISTRATION page?
- A.
PVWAMonitor
- B.
PVWAUsers
- C.
Auditors
- D.
Vault Admins
Correct Answer
D. Vault Admins -
- 5.
As long as you are a member of the Vault Admins group you can grant any permission on any safe?
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
EXPLANATION for Answer: Being in Vault admins group only give you access to safes which are created during installation (safe created during installation process ) - This is clearly mentioned in documents.Rate this question:
-
- 6.
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to verify the root account’s password the CPM will…
- A.
Ignore the logon account and attempt to log in as root.
- B.
Prompt the end user with a dialog box asking for the login account to use.
- C.
Log in first with the logon account, then run the su command to log in as root using the password in the vault.
- D.
None of these.
Correct Answer
C. Log in first with the logon account, then run the su command to log in as root using the password in the vault. -
- 7.
Ad-Hoc Access (formerly Secure Connect) provides the following features. (select all that apply)
- A.
PSM connections to target devices that are not managed by CyberArk.
- B.
Session Recording.
- C.
Real-time live session monitoring.
- D.
PSM connections from a terminal without the need to login to the PVWA.
Correct Answer(s)
A. PSM connections to target devices that are not managed by CyberArk.
B. Session Recording.
C. Real-time live session monitoring. -
- 8.
What is the maximum number of levels of authorizations you can set up in Dual Control?
- A.
1
- B.
2
- C.
3
- D.
4
Correct Answer
B. 2 -
- 9.
One can create exceptions to the Master Policy based on _____________.
- A.
Safes
- B.
Platforms
- C.
Policies
- D.
Accounts
Correct Answer
B. Platforms -
- 10.
Which utilities could you use to change debugging levels on the vault without having to restart the vault. (select all that apply)
- A.
PAR Agent
- B.
PrivateArk Server Central Administration
- C.
Edit DBParm.ini in a text editor
- D.
Setup.exe
Correct Answer(s)
A. PAR Agent
B. PrivateArk Server Central AdministrationExplanation
EXPLANATION for Answer: PAR-Private Ark Remote Control Agent allows you to perform several Vault admin tasks (without restarting the Vault) and view machine statistics.Rate this question:
-
- 11.
What conditions must be met in order to log into the vault as the Master user? (select all that apply)
- A.
Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini
- B.
User must provide the correct master password
- C.
Logon requires the Recovery Private Key to be accessible to the vault
- D.
Logon must satisfy a challenge response request
Correct Answer(s)
A. Logon must be originated from the console of the Vault server or an EmergencyStation defined in DBParm.ini
B. User must provide the correct master password
C. Logon requires the Recovery Private Key to be accessible to the vault -
- 12.
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted _______________.
- A.
The vault will not allow this situation to occur.
- B.
Only those permissions that exist on the group added to the safe first.
- C.
Only those permissions that exist in all groups to which the user belongs.
- D.
The cumulative permissions of all the groups to which that user belongs.
Correct Answer
D. The cumulative permissions of all the groups to which that user belongs. -
- 13.
Using the SSH Key Manager it is possible to allow CPM to manage SSH Keys similarly to passwords.
- A.
True
- B.
False
Correct Answer
A. True -
- 14.
Which of the following can be configured in the Master Policy? (select all that apply)
- A.
Dual Control
- B.
Exclusive Passwords
- C.
Ticketing Integration
- D.
Custom Connection Components
- E.
Password Complexity Rules
- F.
One Time Passwords
- G.
Password Reconciliation
- H.
Required Properties
- I.
Password Aging Rules
Correct Answer(s)
A. Dual Control
B. Exclusive Passwords
F. One Time Passwords
I. Password Aging Rules -
- 15.
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?
- A.
TRUE.
- B.
FALSE. Because the user can also enter credentials manually using Secure Connect.
- C.
FALSE. Because if credentials are not stored in the vault, the PSM will log into the target device as PSMConnect.
- D.
FALSE. Because if credentials are not stored in the vault, the PSM will prompt for credentials.
Correct Answer
B. FALSE. Because the user can also enter credentials manually using Secure Connect. -
- 16.
What is the purpose of the HeadStartInterval setting in a platform?
- A.
It determines how far in advance audit data is collected for reports.
- B.
It instructs the CPM to initiate the password change process X number of days before expiration.
- C.
It instructs that AIM Provider to ‘skip the cache’ during the defined time period.
- D.
It alerts users of upcoming password changes x number of days before expiration.
Correct Answer
B. It instructs the CPM to initiate the password change process X number of days before expiration.Explanation
EXPLANATION for Answer: The number of days before the password expires (according to the ExpirationPeriod parameter) that the CPM will initiate a password change process. This parameter is not relevant if the policy will be applied to a member of the account group.Rate this question:
-
- 17.
Platform settings are applied to _______________.
- A.
The entire vault.
- B.
Network Areas
- C.
Safes
- D.
Individual Accounts
Correct Answer
D. Individual Accounts -
- 18.
A Logon Account can be specified in the Master Policy.
- A.
True
- B.
False
Correct Answer
B. False -
- 19.
The System safe allows access to the Vault configuration files.
- A.
True
- B.
False
Correct Answer
A. True -
- 20.
Which report could show all audit data in the vault?
- A.
Privileged Account Compliance Status
- B.
Activity Log
- C.
Privileged Accounts Inventory
- D.
Applications Inventory
Correct Answer
B. Activity Log -
- 21.
Which one of the following reports is NOT generated by using PVWA?
- A.
Privileged Accounts Inventory
- B.
Applications Inventory
- C.
Safes List
- D.
Privileged Accounts Compliance Status
Correct Answer
C. Safes List -
- 22.
PSM captures a record of each command that was executed in Unix.
- A.
True
- B.
False
Correct Answer
A. True -
- 23.
PSM captures a record of each command that was issued in SQL Plus.
- A.
True
- B.
False
Correct Answer
A. True -
- 24.
It is possible to leverage DNA to provide discovery functions that are not available with auto-detection.
- A.
True
- B.
False
Correct Answer
A. True -
- 25.
Reports can be scheduled to run on a periodic basis.
- A.
True
- B.
False
Correct Answer
A. True -
- 26.
The Password upload utility can be used to create safes.
- A.
True
- B.
False
Correct Answer
A. True -
- 27.
Which report provides a list of accounts stored in the vault?
- A.
Privileged Account Inventory
- B.
Privileged Accounts Compliance Status
- C.
Entitlement Report
- D.
Activity Log
Correct Answer
A. Privileged Account Inventory -
- 28.
When managing SSH keys, CPM automatically pushes the Public Key to the target system.
- A.
True
- B.
False
Correct Answer
A. TrueExplanation
EXPLANATION for Answer: CPM automatically pushes the Public Key to the target system. CPM automatically pushes the Private Key to the vault. Please, read from CyberArk's website: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Introduction.htm. Also, see video created by SSH Communications Security, https://youtu.be/ke_M3t_L3iY?t=49.Rate this question:
-
- 29.
When managing SSH keys, CPM automatically pushes the Private Key to all target systems that use it.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
EXPLANATION for Answer: FALSE, because even though CPM automatically pushes the Private Key it is NEVER to the target system. Rather, the CPM automatically pushes the Private Key to the vault. Please, read from CyberArk's website: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/SSHKM/Introduction.htm. Also, see video created by SSH Communications Security, https://youtu.be/ke_M3t_L3iY?t=49.Rate this question:
-
- 30.
Which CyberArk components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts?
- A.
Discovery and Audit (DNA)
- B.
Auto Detection (AD)
- C.
Export Vault Data (EVD)
- D.
On Demand Privileges Manager (OPM)
- E.
Accounts Discovery
Correct Answer(s)
A. Discovery and Audit (DNA)
B. Auto Detection (AD)
E. Accounts Discovery -
- 31.
Which of the following options is NOT set in the Master Policy?
- A.
Password Expiration Time
- B.
Enabling and Disabling of the Connection Through the PSM
- C.
Password Complexity
- D.
The use of “One-Time-Passwords”
Correct Answer
C. Password Complexity -
- 32.
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.
- A.
Create an exception to the Master Policy to exclude the group from the work-flow process.
- B.
Edit the master policy rule and modify the advanced ‘Access safe without approval’ rule to include the group.
- C.
On the safe in which the account is stored grant the group the ‘Access safe with audit’ authorization.
- D.
On the safe in which the account is stored grant the group the ‘Access safe without confirmation’ authorization.
Correct Answer
D. On the safe in which the account is stored grant the group the ‘Access safe without confirmation’ authorization. -
- 33.
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?
- A.
Configure the Provider to change the password to match the Vault’s Password.
- B.
Associate a reconcile account and configure the platform to reconcile automatically.
- C.
Associate a logon account and configure the platform to reconcile automatically.
- D.
Run the correct auto detection process to rediscover the password.
Correct Answer
B. Associate a reconcile account and configure the platform to reconcile automatically. -
- 34.
Users who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual Control, still need to request approval to use the account.
- A.
True
- B.
False
Correct Answer
B. False -
- 35.
In Accounts Discovery, you can configure a Windows discovery to scan ______________.
- A.
As many OUs as you wish.
- B.
Up to three OUs.
- C.
Only one OU.
- D.
A number of OUs determined by the OUstoScan setting under the Account Feed section in the Administration tab.
Correct Answer
C. Only one OU. -
- 36.
Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.
- A.
True
- B.
False
Correct Answer
A. True -
- 37.
What is the purpose of the Immediate Interval setting in a CPM policy?
- A.
To control how often the CPM looks for System Initiated CPM work.
- B.
To control how often the CPM looks for User Initiated CPM work.
- C.
To control how long the CPM rests between password changes.
- D.
To control the maximum amount of time the CPM will wait for a password change to complete.
Correct Answer
B. To control how often the CPM looks for User Initiated CPM work.Explanation
EXPLANATION for Answer: When the Master Policy enforces check-in/check-out exclusive access, passwords are changed when the user clicks the Release button and releases the account. This is based on the ImmediateInterval parameter in the applied platform. If the user forgets to release the account, it is automatically released and changed by the CPM after a predetermined number of minutes, defined in the MinValidityPeriod parameter specified in the platformRate this question:
-
- 38.
When on-boarding accounts using Account Feed, which of the following is true?
- A.
You must specify an existing Safe where the account will be stored when it is on-boarded to the Vault.
- B.
You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault.
- C.
You can specify the name of a new Platform that will be created and associated with the account.
- D.
Any account that is on-boarded can be automatically reconciled regardless of the platform it is associated with.
Correct Answer
B. You can specify the name of a new safe that will be created where the account will be stored when it is on-boarded to the Vault. -
- 39.
A Reconcile Account can be specified in the platform settings.
- A.
True
- B.
False
Correct Answer
A. True -
- 40.
A Reconcile Account can be specified in the Master Policy.
- A.
True
- B.
False
Correct Answer
B. False -
- 41.
It is possible to disable the Show and Copy buttons without removing the Retrieve permission on a safe.
- A.
True
- B.
False
Correct Answer
A. True -
- 42.
The Application Inventory report is related to AIM.
- A.
True
- B.
False
Correct Answer
A. True -
- 43.
The vault does NOT support Role Based Access Control.
- A.
True
- B.
False
Correct Answer
B. False -
- 44.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UNIXAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy, and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to OperationsStaff. Check all that apply.
- A.
Use accounts
- B.
List accounts
- C.
Access Safe without Authorization
- D.
Retrieve Accounts
- E.
Authorize Password Requests
Correct Answer(s)
A. Use accounts
B. List accounts
D. Retrieve Accounts -
- 45.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UNIXAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy, and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to OperationsManager. Check all that apply.
- A.
Use accounts
- B.
List accounts
- C.
Access Safe without Authorization
- D.
Retrieve Accounts
- E.
Authorize Password Requests
Correct Answer(s)
B. List accounts
E. Authorize Password Requests -
- 46.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UNIXAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy, and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves. Which safe permissions do you need to grant to UNIXAdmins. Check all that apply.
- A.
Use accounts
- B.
List accounts
- C.
Access Safe without Authorization
- D.
Retrieve Accounts
- E.
Authorize Password Requests
Correct Answer(s)
A. Use accounts
B. List accounts
C. Access Safe without Authorization
D. Retrieve Accounts -
- 47.
What is the purpose of the Interval setting in a CPM policy?
- A.
To control how often the CPM looks for System Initiated CPM work.
- B.
To control how often the CPM looks for User Initiated CPM work.
- C.
To control how long the CPM rests between password changes.
- D.
To control the maximum amount of time the CPM will wait for a password change to complete.
Correct Answer
A. To control how often the CPM looks for System Initiated CPM work. -
- 48.
Auto-Detection can be configured to leverage LDAP/S.
- A.
True
- B.
False
Correct Answer
A. True -
- 49.
It is impossible to override Master Policy settings for a Platform.
- A.
True
- B.
False
Correct Answer
B. FalseExplanation
EXPLANATION of Answer: It is possible to override the Master Policy through an exception.Rate this question:
-
- 50.
Users can be restricted to using certain CyberArk interfaces (e.g. PVWA or PACLI)
- A.
True
- B.
False
Correct Answer
A. True -
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 19, 2022Quiz Edited by
ProProfs Editorial Team -
Aug 19, 2019Quiz Created by
Nathan Roberts
Related Topics
Recent Quizzes
Featured Quizzes
Back to top
Back to top