1. Home
  2. CyberArk
  3. Sentry
  4. PAM-SEN
  5. CyberArk Sentry PAM Questions and Answers

Pass the CyberArk Sentry PAM-SEN Questions and answers with CertsForce

 CyberArk Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions
Questions # 1:

What is a prerequisite step before CyberArk can be configured to support RADIUS authentication?

Options:
A.

Log on to the PrivateArk Client, display the User properties of the user to configure, run the Authentication method drop-down list, and select RADIUS authentication.

B.

In the RADIUS server, define the CyberArk Vault as a RADIUS client/agent. Most Voted

C.

In the Vault installation folder, run CAVaultManager as administrator with the SecureSecretFiles command.

D.

Navigate to /Server/Conf and open DBParm.ini and set the RadiusServersInfo parameter.

Expert Solution
Questions # 2:

What is the best practice for storing the Master CD?

Options:
A.

Copy the files to the Vault server and discard the CD.

B.

Copy the contents of the CD to a Hardware Security Module and discard the CD.

C.

Store the CD in a secure location, such as a physical safe.

D.

Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder (secured with NTFS permissions} on the vault.

Expert Solution
Questions # 3:

What is the name of the account used to establish the initial RDP session from the end user client machine to the PSM server?

Options:
A.

PSMConnect

B.

PSMAdminConnect

C.

PSM

D.

The credentials the end user retrieved from the vault

Expert Solution
Questions # 4:

Which statement is correct about a post-install hardening?

Options:
A.

The Vault must be hardened during the Vault installation process. Most Voted

B.

After the Vault server is installed, you must join the server to the Enterprise Domain and reboot the host.

C.

It is executed after Vault installation by running CAVaultHarden.exe and hardening options can be edited by changing the Hardening.ini file. Most Voted

D.

If it is mandated by an organization’s IT governance, you do not have to execute Vault hardening; however, server hardening cannot be reversed.

Expert Solution
Questions # 5:

After installing the Vault, you need to allow Firewall Access for Windows Time service to sync with NTP servers 10.1.1.1 and 10.2.2.2.

What should you do?

Options:
A.

Edit DBParm.ini to add: AllowNonStandardFWAddresses=[10.1.1.1,10.2.2.2],Yes,123:outbound/udp. Most Voted

B.

Edit DBParm.ini to add: NTPServer=[10.1.1.1:123/UDP,10.2.2.2:123/UDP].

C.

Edit DBParm.ini to add: AllowNonStandardFWAddresses=[10.1.1.1,10.2.2.2],Yes,123:outbound/udp,123:inbound/udp.

D.

Edit the Windows Firewall configuration to add a rule for Port 123/udp outbound to 10.1.1.1 and 10.2.2.2.

Expert Solution
Questions # 6:

Which component must be installed before the first CPM installation?

Options:
A.

PTA

B.

PSM

C.

PVWA

D.

EPM

Expert Solution
Questions # 7:

What must you do to synchronize a new Vault server with an organization’s NTP server?

Options:
A.

Configure an AllowNonStandardFWAddresses rule for the organization’s NTP server in DBParm.ini on the Vault server.

B.

Use the Windows Firewall console to configure a rule on the Vault server which allows communication with the organization’s NTP server.

C.

Ensure the organization’s NTP server is installed in the same location as the Vault server requiring synchronization.

D.

Update the AutoSyncExternalObjects configuration in DBParm.ini on the Vault server to schedule regular synchronization.

Expert Solution
Questions # 8:

A customer has five PVWA servers. Three are located at the primary data center and the remaining two are at a satellite data center.

What is important to consider about the load balancer? (Choose two.)

Options:
A.

It must not alter page content, or should include a mechanism to prevent pages from being altered. Most Voted

B.

It must support “sticky sessions”. Most Voted

C.

It must be able to digitally sign and issue certificates for PVWA servers.

D.

It must be able to connect to all Vault and PVWA servers through Port TCP 443.

E.

It must be configured with high-availability (HA) enabled.

Expert Solution
Questions # 9:

Your customer wants to store the Safes Data on Vault Drive D instead of Drive C.

Which file should you edit?

Options:
A.

TSparm.ini Most Voted

B.

Vault.ini

C.

DBparm.ini

D.

user.ini

Expert Solution
Questions # 10:

Which statements are correct about the PSM HTML5 gateway? (Choose two.)

Options:
A.

Smart card redirection is supported

B.

It does not support connections to target system where NLA is enabled on the PSM server

C.

SSH sessions cannot be established

D.

Printer redirection cannot be enabled

E.

It does not support session recording capabilities for applications that run outside a web browser

Expert Solution
Viewing page 1 out of 4 pages
Viewing questions 1-10 out of questions