Pass the CyberArk Sentry CPC-CDE-RECERT Questions and answers with CertsForce

CyberArk’s Safe permission definitions state:

List accounts allows the user to view the Accounts/Files list (so they can see the account to connect to).

Use Accounts explicitly enables the user to log on through PSM by clicking the “Connect” / “Connect with account” button from the Accounts List or Account Details.

Therefore, the minimum Safe rights to allow “Connect only” are List accounts (C) + Use Accounts (A).

CyberArk’s platform configuration guidance explicitly shows the navigation path to this parameter:

Edit the platform → Expand “Automatic Password Management” → select “General” → set “AllowedSafes”.

In other words, AllowedSafes is located under Automatic Password Management > General, which matches option C.

To map LDAP users from both your customer and the smaller organization they have merged with, especially when there is no network connectivity between the two infrastructures, the best approach is to:

Deploy Identity Connectors in the newly acquired infrastructure and create user mappings (Option C). This involves setting up additional Identity Connectors within the smaller organization’s network. These connectors will facilitate the integration of user directories from both organizations into the customer’s Privilege Cloud environment.

CyberArk states that users can authenticate to the Vault through PSM for SSH using:

CyberArk password authentication (i.e., CyberArk authentication),

LDAP, and

RADIUS (including challenge-response).

Windows, SAML, and OIDC are not listed as direct PSM for SSH authentication methods in the PSM for SSH authentication configuration (Privilege Cloud / PSM for SSH uses the configured PSM for SSH authentication methods such as Password/LDAP/RADIUS)

The correct description of the authentication differences between CyberArk Privilege Cloud and CyberArk PAM Self-Hosted is that CyberArk Privilege Cloud uses cloud-based methods, integrating with CyberArk Identity for Multi-Factor Authentication (MFA), and supports SAML and OIDC, while CyberArk PAM Self-Hosted relies on on-premises methods such as RADIUS and LDAP, but can adopt SAML or OIDC with additional setups. CyberArk Privilege Cloud is designed to leverage modern cloud-based authentication protocols to enhance security and ease of use, particularly in distributed and diverse IT environments. In contrast, CyberArk PAM Self-Hosted offers flexibility to use traditional on-premises authentication methods but also supports modern protocols if configured to do so.

CyberArk’s Safe creation documentation explains that when you choose “Save the last <number> account versions” (also shown as “Save latest account versions” in some UIs), the Safe retains the most recent password versions indefinitely by keeping a fixed number of versions and rolling off the oldest. It also states that by default, the last five password versions are stored.

After the successful scripted installation of the Privileged Session Manager (PSM), one of the post-installation tasks is to disable the screen saver for the PSM local users. This is done to ensure that the PSMConnect and PSMAdminConnect users, which are created during the installation process, do not have a screen saver activated that could interfere with the operation of the PSM.

When implementing LDAPS Integration for a standard Privilege Cloud environment, certain information is crucial and must be provided to the CyberArk Privilege Cloud support team through a Service Request. The necessary details include:

LDAPS certificate chain for all domain controllers to be integrated (Option A): This information is critical to establishing a trusted secure connection between the Privilege Cloud and the domain controllers using LDAP over SSL (LDAPS).

Fully Qualified Domain Name and IP Address of the domain controllers to be integrated (Option D): This information is essential for accurately identifying and configuring the network connections to each domain controller that will be integrated with the Privilege Cloud.

https://docs.cyberark.com/privilege-cloud-standard/latest/en/content/privilege%20cloud/privcloud-app-users.htm