CyberArk Sentry - Secrets Manager v1.0

Page:    1 / 4   
Exam contains 60 questions
Expand All

In the event of a failover of the Vault server from the primary to the DR, which configuration option ensures that a CP will continue being able to refresh its cache?

  • A. Add the DR Vault IP address to the “Address” parameter in the file main_appprovider.conf. <platform>.<version> found in the AppProviderConf safe.
  • B. Add the IP address of the DR vault to the “Address” parameter in the file Vault.ini.file on the machine on which the CP is installed.
  • C. In the Password Vault Web Access UI, add the IP address of the DR Vault in the Disaster Recovery section under Applications > Options.
  • D. In the Conjur UI, add the IP address of the DR Vault in the Disaster Recovery section under Cluster Config > Credential Provider > Options.


Answer : B

Refer to the exhibit.

How can you confirm that the Follower has a current copy of the database?

  • A. Compare the pgcurrentxlog_location from the Leader to the Follower you need to validate against.
  • B. Count the number of components in pgstartreplication and compare this to the total number of Followers in the deployment.
  • C. Validate that the Follower container ID matches the node in the info endpoint on the Leader.
  • D. Retrieve the credential from a test application on the Leader cluster; then retrieve against the Follower and compare if they are accurate.


Answer : A

When attempting to configure a Follower, you receive the error:

Which port is the problem?

  • A. 5432
  • B. 1999
  • C. 443
  • D. 1858


Answer : A

When installing the CCP and configuring it for use behind a load balancer, which authentication methods may be affected? (Choose two.)

  • A. Allowed Machines authentication
  • B. Client Certificate authentication
  • C. OS User
  • D. Path
  • E. Hash


Answer : AB

A customer has 100 .NET applications and wants to use Summon to invoke the application and inject secrets at run time.
Which change to the NET application code might be necessary to enable this?

  • A. It must be changed to include the REST API calls necessary to retrieve the needed secrets from the CCP.
  • B. It must be changed to access secrets from a configuration file or environment variable.
  • C. No changes are needed as Summon brokers the connection between the application and the backend data source through impersonation.
  • D. It must be changed to include the host API key necessary for Summon to retrieve the needed secrets from a Follower.


Answer : B

You have a request to protect all the properties around a credential object. When configuring the credential in the Vault, you specified the address, user and password for the credential.
How do you configure the Vault Conjur Synchronizer to properly sync all properties?

  • A. Modify VaultConjurSynchronizer.exe.config, uncomment SYNCALLPROPERTIES and update its value to true.
  • B. Modify SynchronizerReplication.config, uncomment SYNCALLPROPERTIES and update its value to true.
  • C. Modify Vault.ini, uncomment SYNCALLPROPERTIES and update its value to true.
  • D. In the Conjur UI under Cluster > Synchronizer > Config, change SYNCALLPROPERTIES and update its value to true.


Answer : A

During the configuration of Conjur, what is a possible deployment scenario?

  • A. The Leader and Followers are deployed outside of a Kubernetes environment; Slandbys can run inside a Kubernetes environment.
  • B. The Conjur Leader cluster is deployed outside of a Kubernetes environment; Followers can run inside or outside the environment,
  • C. The Leader cluster is deployed outside a Kubernetes environment; Followers and Standbys can run inside or outside the environment.
  • D. The Conjur Leader cluster and Followers are deployed inside a Kubernetes environment.


Answer : C

If you rename an account or Safe, the Vault Conjur Synchronizer recreates these accounts and safes with their new name and deletes the old accounts or safes.
What does this mean?

  • A. Their permissions in Conjur must also be recreated to access them.
  • B. Their permissions in Conjur remain the same.
  • C. You can not rename an account or safe.
  • D. The Vault-Conjur Synchronizer will recreate these accounts and safes with their exact same names.


Answer : A

Which statement is true for the Conjur Command Line Interface (CLI)?

  • A. It is supported on Windows, Red Hat Enterprise Linux, and macOS.
  • B. It can only be run from the Conjur Leader node.
  • C. It is required for working with the Conjur REST API.
  • D. It does not implement the Conjur REST API for managing Conjur resources.


Answer : A

When attempting to retrieve a credential managed by the Synchronizer, you receive this error:

What is the cause of the issue?

  • A. The Conjur Leader has lost upstream connectivity to the Vault Conjur Synchronizer.
  • B. The host does not have access to the credential.
  • C. The path to the credential was not properly encoded.
  • D. The Vault Conjur Synchronizer has crashed and needs to be restarted.


Answer : B

A customer wants to ensure applications can retrieve secrets from Conjur in three different data centers if the Conjur Leader becomes unavailable. Conjur Followers are already deployed in each of these data centers.
How should you architect the solution to support this requirement?

  • A. No changes are required.
  • B. Deploy a Standby in each data center that can be promoted to the role of Leader.
  • C. Extend the auto failover cluster to include Standbys in each data center and allow for automatic recovery should the Leader become unavailable.
  • D. Deploy a CP provider on the Follower server to provide offline caching capabilities for the Follower.


Answer : B

Which statement is correct about this message?
Message: “[number-of-deleted-rows] rows has successfully deleted “CEADBR009D Finished vacuum”?

  • A. It notes the number of records deleted from the database and does not require any action.
  • B. The user specified for Conjur does not have the appropriate permissions to retrieve the audit database (audit.db).
  • C. When audit retention was performed, the query on the UI audit database (audit.db) generated an error.
  • D. The Vault Conjur Synchronizer successfully deleted the password objects that were marked for deletion in the PVWA.


Answer : A

What does “Line of business (LOB)” represent?

  • A. a business group requiring access to secrets from the Vault/Privilege Claud to facilitate syncing accounts to Conjur
  • B. the services that Conjur offers and typically refers to a group of application identities in Conjur
  • C. a business group that meets a certain set of Conjur policies for entitlements and policy management
  • D. the services that Conjur offers and typically refers to the list of configured and enabled authenticators in Conjur


Answer : A

An application owner reports that their application is suddenly receiving an incorrect password. CPM logs show the password was recently changed, but the value currently being retrieved by the application is a different value. The Vault Conjur Synchronizer service is running.
What is the most likely cause of this issue?

  • A. The Vault Conjur Synchronizer is not configured with the DR Vault IP address and there has been a failover event.
  • B. Dual Accounts are in use, but after the CPM changed the password for the Inactive account, it accidentally updated the password for the Active account instead.
  • C. The CPM is writing password changes to the Primary Vault while the Vault Conjur Synchronizer is configured to replicate from the DR Vault.
  • D. The application has been configured to retrieve the wrong password.


Answer : C

What is a main advantage of using dual accounts in password management?

  • A. Since passwords are cached for both rotation accounts, it ensures the password for an application will not be changed, reducing the amount of blackout dates when a password expires.
  • B. It ensures passwords are rotated every 90 days, which respects the expected downtime for a system, database, or application
  • C. It ensures no delays are incurred when the application needs credentials because a password that is currently used by an application will never be changed
  • D. Since there are two active accounts, it doubles the probability that a system, database, or application will successfully authenticate.


Answer : C

Page:    1 / 4   
Exam contains 60 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy