CAU201 Online Practice Questions and Answers

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.

Which safe permissions do you need to grant to OperationsStaff? Check all that apply.

A. Use Accounts

B. Retrieve Accounts

C. List Accounts

D. Authorize Password Requests

E. Access Safe without Authorization

For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

A. Create an exception to the Master Policy to exclude the group from the workflow process.

B. Edit the master policy rule and modify the advanced `Access safe without approval' rule to include the group.

C. On the safe in which the account is stored grant the group the `Access safe without audit' authorization.

D. On the safe in which the account is stored grant the group the `Access safe without confirmation' authorization.

Target account platforms can be restricted to accounts that are stored in specific Safes using the AllowedSafes property.

A. TRUE

B. FALSE

Platform settings are applied to______________.

A. The entire vault.

B. Network Areas

C. Safes

D. Individual Accounts

Users can be restricted through certain CyberArk interfaces (e.g. PVWA or PACLI).

A. TRUE

B. FALSE

Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

A. Accounts Discovery

B. Auto Detection

C. Onboarding RestAPI functions

D. PTA Rules

Which of the following logs contains information about errors related to PTA?

A. ITAlog.log

B. diamond.log

C. pm_error.log

D. WebApplication.log

Which report could show all accounts that are past their expiration dates?

A. Privileged Account Compliance Status report

B. Activity log

C. Privileged Account Inventory report

D. Application Inventory report

What is the purpose of the PrivateArk Server service?

A. Executes password changes

B. Maintains Vault metadata

C. Makes Vault data accessible to components

D. Sends email alerts from the Vault

To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

In your organization the “click to connect” button is not active by default. How can this feature be activated?

A. Policies > Master Policy > Allow EPV transparent connections > Inactive

B. Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

C. Policies > Master Policy > Allow EPV transparent connections > Active

D. Policies > Master Policy > Password Management

Which CyberArk utility allows you to create lists of Master Policy Settings, owners and safes for output to text files or MSSQL databases?

A. Export Vault Data

B. Export Vault Information

C. PrivateArk Client

D. Privileged Threat Analytics

You need to recover an account localadmin02 for target server 10.0.123.73 stored in Safe Team1.

What do you need to recover and decrypt the object? (Choose three.)

A. Recovery Private Key

B. Recover.exe

C. Vault data

D. Recovery Public Key

E. Server Key

F. Master Password

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

A. Select Update on the CyberArk group, and then click Add > LDAP Group

B. Select Update on the LDAP Group, and then click Add > LDAP Group

C. Select Member Of on the CyberArk group, and then click Add > LDAP Group

D. Select Member Of on the LDAP group, and then click Add > LDAP Group

Which statement is correct concerning accounts that are discovered, but cannot be added to the Vault by an automated onboarding rule?

A. They are added to the Pending Accounts list and can be reviewed and manually uploaded.

B. They cannot be onboarded to the Password Vault.

C. They must be uploaded using third party tools.

D. They are not part of the Discovery Process.