Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.
How do you accomplish this?
Correct Answer:
D
To disable session monitoring and recording for a large number of accounts due to storage constraints, you would navigate to the Administration section of the CyberArk Privileged Access Security (PAS) solution, specifically to the Configuration Options. From there, you would select the Privilege Session Management (PSM) options and disable the Session Monitoring and Recording policies. This action would apply the changes to the specified accounts, thus disabling the session monitoring and recording features for them1. References: The answer is based on general knowledge of CyberArk PAS and best practices for managing session policies within the system. For specific steps and detailed procedures, please refer to the official CyberArk Defender PAM course materials and documentation
The Password upload utility can be used to create safes.
Correct Answer:
A
The Password Upload utility can be used to create safes, as well as password objects, folders, and platforms. The Password Upload utility works with the CyberArk Password Vault to create password objects from a passwords list and store them in the Vault. This enables you to upload large numbers of passwords automatically and makes the Vault implementation process quicker and more automatic. The Password Upload utility initiates the Vault environment required to store passwords in the safe and start working with them. This includes creating new safes, adding the CPM user as a safe owner, and sharing the safe with the Password Vault Web Access1. References:
✑ 1: Password Upload Utility
The Vault administrator can change the Vault license by uploading the new license to the system Safe.
Correct Answer:
A
According to the web search results, the Vault administrator can change the Vault license by uploading the new license to the system Safe123. This can be done either from the Vault machine or from a remote machine using the PrivateArk client. The new license file should be named license.xml and replace the current one in the system Safe. This can be done without having to reinstall the Vault or restart the service.
Which dependent accounts does the CPM support out-of-the-box? (Choose three.)
Correct Answer:
BCE
Dependent accounts are accounts that represent resources such as Windows Services, Windows Scheduled Tasks, and others, which are accessed from a target machine and require the same credentials as the target machine. The CyberArk Privileged Account Security Solution’s Central Policy Manager (CPM) supports out-of-the- box dependent accounts for Windows Services, Windows Scheduled Tasks, and Windows Registry. When changing a password, the CPM synchronizes the target account password with all other occurrences of that password in any related dependent accounts. This ensures that all dependent accounts are updated simultaneously to maintain security and functionality12. References:
✑ CyberArk Docs: Manage dependent accounts1
✑ CyberArk Docs: Supported dependent accounts
In the Private Ark client, how do you add an LDAP group to a CyberArk group?
Correct Answer:
C
To add an LDAP group to a CyberArk group, you need to use the Private Ark client and follow these steps1:
✑ In the Users and Groups tree, select the CyberArk group that you want to add the
LDAP group to.
✑ In the Properties pane, click Member Of.
✑ Click Add > LDAP Group.
✑ In the LDAP Group dialog box, enter the name of the LDAP group and click OK. References: Add an LDAP group to a Vault group
