CyberArk Defender CAU201 Practice Test Engine: Try These 179 Exam Questions
Guaranteed Success in CyberArk Defender CAU201 Exam Dumps
NEW QUESTION # 81
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the root account's password the CPM will...
- A. Log in to the system as the logon account, run the su command to log in as root, and then change root's password.
- B. Log in to the system as root, then change root's password.
- C. None of these.
- D. Log in to the system as the logon account, then change root's password
Answer: B
NEW QUESTION # 82
You are creating a new Rest API user that utilizes CyberArk Authentication.
What is a correct process to provision this user?
- A. PVWA > User Provisioning > Users and Groups > New > User
- B. Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add
- C. PVWA > User Provisioning > LDAP Integration > Add Mapping
- D. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
Answer: B
NEW QUESTION # 83
Which permissions are needed for the Active Directory user required by the Windows Discovery process?
- A. Read
- B. Domain Admin
- C. LDAP Admin
- D. Read/Write
Answer: A
NEW QUESTION # 84
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the root account's password the CPM will...
- A. Log in to the system as the logon account, run the su command to log in as root, and then change root's password.
- B. Log in to the system as root, then change root's password.
- C. None of these.
- D. Log in to the system as the logon account, then change root's password
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION # 85
SAFE Authorizations may be granted to____________.
Select all that apply.
- A. Vault Users
- B. Vault Group
- C. LDAP Users
- D. LDAP Groups
Answer: A,B,C,D
NEW QUESTION # 86
Which report could show all accounts that are past their expiration dates?
- A. Activity log
- B. Application Inventory report
- C. Privileged Account Inventory report
- D. Privileged Account Compliance Status report
Answer: D
NEW QUESTION # 87
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?
- A. Security Operators
- B. Auditors
- C. Vault Admins
- D. Security Admins
Answer: D
NEW QUESTION # 88
For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?
- A. The shared storage array is offline.
- B. The Digital Vault Cluster does not detect a node failure.
- C. An alert is generated in the Windows Event log.
- D. The heartbeat s no longer detected on the private network.
Answer: D
NEW QUESTION # 89
The vault supports Role Based Access Control.
- A. FALSE
- B. TRUE
Answer: A
Explanation:
Explanation/Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Object-Level- Access-Control.htm
NEW QUESTION # 90
Which parameters can be used to harden the Credential Files (CredFiles) while using CreateCredFile Utility? (Choose three.)
- A. Time Frame
- B. Operating System Type (Linux/Windows/HP-UX)
- C. Operating System Username
- D. Host IP Address
- E. Client Hostname
- F. Vault IP Address
Answer: C,D,E
NEW QUESTION # 91
Which of the Following can be configured in the Master Poky? Choose all that apply.
- A. Exclusive Passwords
- B. Dual Control
- C. Required Properties
- D. One Time Passwords
- E. Password Aging Rules
- F. Password Reconciliation
- G. Ticketing Integration
- H. Custom Connection Components
Answer: A,C,E,F
NEW QUESTION # 92
Accounts Discovery allows secure connections to domain controllers.
- A. FALSE
- B. TRUE
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION # 93
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
- A. FALSE
- B. TRUE
Answer: A
Explanation:
Explanation
Being in Vault admins group only give you access to safes which are created during installation (safe created in installation process ) -This is clearly mentioned in documents .
NEW QUESTION # 94
The Password upload utility can be used to create safes.
- A. TRUE
- B. FALS
Answer: A
NEW QUESTION # 95
When Dual Control is enabled a user must first submit a request in the Password Vault Web Access (PVWA) and receive approval before being able to launch a secure connection via PSM for Windows (previously known as RDP Proxy).
- A. False, a user can submit the request after the connection has already been initiated via the PSM for Windows
- B. True
Answer: A
NEW QUESTION # 96
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted____________________.
- A. the cumulative permissions of all the groups to which that user belongs.
- B. the vault will not allow this situation to occur.
- C. only those permissions that exist on the group added to the safe first.
- D. only those permissions that exist in all groups to which the user belongs.
Answer: C
NEW QUESTION # 97
When a DR Vault Server becomes an active vault, it will automatically revert back to DR mode once the Primary Vault comes back online.
- A. False, the Vault administrator must manually set the DR Vault to DR mode by setting "FailoverMode=no" in the dbparm.ini file
- B. True, if the AllowFailback setting is set to "yes" in the padr.ini file
- C. False, the Vault administrator must manually set the DR Vault to DR mode by setting "FailoverMode=no" in the padr.ini file
- D. True; this is the default behavior
Answer: C
NEW QUESTION # 98
It is possible to control the hours of the day during which a user may log into the vault.
- A. FALSE
- B. TRUE
Answer: B
NEW QUESTION # 99
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?
- A. Use Accounts
- B. List Accounts, Retrieve Accounts
- C. Use Accounts, Retrieve Accounts, List Accounts
- D. Use Accounts, List Accounts
Answer: B
NEW QUESTION # 100
The Accounts Feed contains:
- A. Accounts that were discovered by CyberArk in the last 30 days
- B. All users added to CyberArk in the last 30 days
- C. Accounts that were discovered by CyberArk that have not yet been onboarded
- D. All accounts added to the vault in the last 30 days
Answer: A
NEW QUESTION # 101
A Logon Account can be specified in the Master Policy.
- A. FALSE
- B. TRUE
Answer: B
NEW QUESTION # 102
Which of the following statements are NOT true when enabling PSM recording for a target Windows server?
Choose all that apply.
- A. The PSM software must be installed on the target server.
- B. PSM must be enabled in the Master Policy (either directly, or through exception).
- C. PSMConnect must be added as a local user on the target server.
- D. RDP must be enabled on the target server.
Answer: C
NEW QUESTION # 103
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so
that the CPM could resume management automatically?
- A. Run the correct auto detection process to rediscover the password.
- B. Associate a reconcile account and configure the platform to reconcile automatically.
- C. Associate a logon account and configure the platform to reconcile automatically.
- D. Configure the Provider to change the password to match the Vault's Password
Answer: B
NEW QUESTION # 104
Which certificate type do you need to configure the vault for LDAP over SSL?
- A. a CA signed Certificate for the Vault server
- B. a CA signed Certificate for the PVWA server
- C. the CA Certificate that signed the certificate used by the External Directory
- D. a self-signed Certificate for the Vault
Answer: C
NEW QUESTION # 105
......
Test Engine to Practice CAU201 Test Questions: https://pass4sure.prep4cram.com/CAU201-exam-cram.html
