CyberArk Sentry - Privilege Cloud v1.0

Page:    1 / 4   
Exam contains 48 questions
Expand All

Which statement is correct about using the AllowedSafes platform parameter?

  • A. It allows users to access accounts in specific safes.
  • B. It prevents the CPM from scanning all safes, restricting it to scan only safes that match the AllowedSafes configuration.
  • C. It allows the CPM to access PSM safes to monitor platform configuration and connection component changes.
  • D. It prevents the CPM from processing pending items in the Discovery safes enforcing manual intervention to complete the onboarding process.


Answer : A

Which browser is supported for PSM Web Connectors developed using the CyberArk Plugin Generator Utility (PGU)?

  • A. Internet Explorer
  • B. Google Chrome
  • C. Opera
  • D. Firefox


Answer : B

After correctly configuring reconciliation parameters in the Prod-AIX-Root-Accounts Piatform, this error message appears in the CPM log: CACPM410E Ending password policy Prod-AIX-Root-Accounts since the reconciliation task is active but the AllowedSafes parameter was not updated.
What caused this situation?

  • A. The reconciliation account defined in the Platform is in a locked state and is not accessible.
  • B. The CPM is currently configured to use to an unsigned engine.
  • C. The AllowedSafes parameter does not include the safe containing the reconciliation account defined in the Platform.
  • D. A second CPM is incorrectly configured to manage the reconciliation account's safe which is causing a deadlock situation between the two CPM.


Answer : C

A support team has asked you to provide the previous password for an account that had its password recently changed by the CPM.
In which tab within the account’s overview page can you retrieve this information?

  • A. Overview
  • B. Activities
  • C. Details
  • D. Versions


Answer : D

You are deploying a CyberArk Identity Connector to integrate Privilege Cloud Shared Service with an Active Directory environment.
Which requirement must be met?

  • A. The Identity Connector Server must be joined to the Active Directory.
  • B. The Server must be a member of the root domain of the Active Directory forest.
  • C. The Identity Connector must be installed on a Domain Controller.
  • D. The Identity Connector must be installed using Domain Administrator credentials.


Answer : B

Which option correctly describes the authentication differences between CyberArk Privilege Cloud and CyberArk PAM Self-Hosted?

  • A. CyberArk Privilege Cloud only provides a username and password authentication without third-party IdP integration; CyberArk PAM Self-Hosted uses traditional on-premises methods such as Windows and LDAP, but lacks modern protocols such as SAML or OIDC.
  • B. CyberArk Privilege Cloud uses cloud-based methods, integrating with CyberArk Identity for MFA, and supports SAML and OIDC; CyberArk PAM Self-Hosted depends on on-premises methods such as RADIUS and LDAP, but can adopt SAML or OIDC with additional setups.
  • C. CyberArk Privilege Cloud requires on-premises components for all authentication and does not support other cloud-based authentication protocols; CyberArk PAM Self-Hosted offers a wide array of methods, including support for SAML, OIDC, and other modern protocols, without needing on-premises components.
  • D. Both use the same authentication methods.


Answer : B

Refer to the exhibit.
You set up your LDAP Directory in CyberArk Identity, but encountered an error during the connection test.
Which scenarios could represent a valid misconfiguration? (Choose two.)

  • A. TCP Port 636 could be blocked by a network firewall, preventing communication between the CyberArk Identity Connector and the LDAP Server.
  • B. Al required CA Certificates have been installed on the CyberArk Identity Connector but the LDAP Bind credentials provided are incorrect.
  • C. ‘Verity Server Certificate’ is activated but the provided hostname is not listed as a Subject Alternative Name (SAN) in the LDAP server’s certificate.
  • D. TCP Port 636 could be blocked by a network firewall, preventing communication between the Secure Tunnel and the LDAP Server.


Answer : AC

CyberArk User Neil is trying to connect to the Target Linux server 192.168.1.164 using a domain user ACME\linuxuser01 on domain acme.corp using PSM for SSH server 192.168.65.145.
What is the correct syntax?



Answer : C

How can a platform be configured to work with load-balanced PSMs?

  • A. Remove all entries from configured PSM Servers except for the ID of the PSMs with load balancing.
  • B. Create a new PSM definition that targets the load balancer IP address and assign to the platform.
  • C. Include details of the PSMs with load balancing in the Basic_psm.ini file on each PSM server.
  • D. Use the Privilege Cloud Portal to update the Session Management settings for the platform in the Master Policy.


Answer : C

On Privilege Cloud, what can you use to update users’ Permissions on Safes? (Choose two.)

  • A. Privilege Cloud Portal
  • B. PrivateArk Client
  • C. REST API
  • D. PACLI
  • E. PTA


Answer : AC

Which statement best describes a PSM server’s network requirements?

  • A. It must reach the target system using its native protocols.
  • B. It requires limited outbound connectivity to Ports 1858 and 443 only.
  • C. It requires direct access to the internet.
  • D. It requires broad inbound firewall rules and outbound traffic should be limited to Port 1858.


Answer : A

When installing the PSM and CPM components on the same Privilege Cloud Connector, what should you consider when hardening?

  • A. PSM settings override the CPM settings when referring to the same parameter.
  • B. CPM settings override the PSM settings when referring to the same parameter.
  • C. They can only be installed on the same Privilege Cloud Connector when installed ‘in Domain’.
  • D. They can only be installed on the same Privilege Cloud Connector when installed ‘out of Domain’.


Answer : A

What is a default authentication profile to access CyberArk Identity?

  • A. Default New User Login Profile
  • B. Default New Device Login Profile
  • C. Default New Authenticator Profile
  • D. Default New Password Profile


Answer : B

In the directory lookup order, which directory service is always looked up first for the CyberArk Privilege Cloud solution?

  • A. Active Directory
  • B. LDAP
  • C. Federated Directory
  • D. CyberArk Cloud Directory


Answer : D

Your customer recently merged with a smaller organization. The customer's connector has no network connectivity to the smaller organization’s infrastructure. You need to map LDAP users from both your customer and the smaller organization.
How is this achieved?

  • A. Create the required users in one directory and configure the Identity Connector to read that directory, as there can only be one Identity Connector.
  • B. Create mappings for both directories from the original Identity Connector.
  • C. Deploy Identity Connectors in the newly acquired infrastructure and create user mappings.
  • D. Switch all users to SAML authentication as there can only be one Identity Connector.


Answer : C

Page:    1 / 4   
Exam contains 48 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy