What are the minimum permissions to add multiple accounts from a file when using PVWA bulk-upload? (Choose three.)
Correct Answer:ACD
When using PVWA bulk-upload to add multiple accounts from a file, the minimum permissions required are to add accounts, update account content, and update account properties. These permissions ensure that the user has the ability to create new accounts in the Vault, modify the content of the accounts, and change their properties as necessary during the bulk-upload process1.
References:
✑ CyberArk Docs - Add multiple accounts from a file in V10 Interface
What is required to manage loosely connected devices?
Correct Answer:B
To manage loosely connected devices, which are not always connected to the network, CyberArk uses the Endpoint Privilege Manager (EPM). EPM is capable of rotating credentials of accounts on Windows and macOS devices that are loosely connected to the enterprise network. It operates over the internet and can communicate with the corporate PVWA to retrieve the new password and change it on the device1. References: The information provided is based on general knowledge of CyberArk PAM
best practices and the management of loosely connected devices as outlined in CyberArk’s official documentation1.
Due to network activity, ACME Corp’s PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?
Correct Answer:B
To restore DR replication to normal after network activity caused the PrivateArk Server on the DR Vault to become active while the Primary Vault was also running, you should first shut down the PrivateArk Server on the DR Vault. This ensures that the DR Vault is no longer active and can be prepared for replication. After shutting down the server, you should then start the replication process on the DR Vault to synchronize the data from the Primary Vault1.
References:
✑ CyberArk’s official documentation on initiating a DR failback to the Production
Vault provides a detailed procedure for restoring DR replication to normal1.
✑ Additional information on monitoring backup and DR replications can be found in CyberArk’s documentation2.
✑ For further study and understanding of the CyberArk Defender PAM course objectives and documents, the official CyberArk training resources and study guides are recommended3.
What is the primary purpose of One Time Passwords?
Correct Answer:A
One Time Passwords (OTPs) are passwords that are valid for only one use or a limited time period. The primary purpose of OTPs is to reduce the risk of credential theft, which is a common attack vector for hackers and malicious insiders. By using OTPs, the exposure of the credentials is minimized, and the attacker cannot reuse the stolen password to access the target system. OTPs also enhance the security of the authentication process, as they add an extra layer of verification to the user’s identity. OTPs can be generated by various methods, such as SMS, email, hardware tokens, software tokens, etc1.
The other options are not the primary purpose of OTPs, because:
✑ B. More frequent password changes. This is not the primary purpose of OTPs, but a consequence of using them. OTPs require more frequent password changes, as they expire after one use or a limited time period. However, this is not the main goal of using OTPs, but rather a means to achieve the goal of reducing the risk of credential theft.
✑ C. Non-repudiation (individual accountability). This is not the primary purpose of
OTPs, but a benefit of using them. Non-repudiation means that the user cannot deny performing an action or accessing a resource, as there is sufficient evidence to prove their identity and activity. OTPs can help achieve non-repudiation, as they are unique and personal to each user, and can be traced back to the user’s device or account. However, this is not the main goal of using OTPs, but rather an advantage of using them.
✑ D. To force a ‘collusion to commit’ fraud ensuring no single actor may use a
password without authorization. This is not the primary purpose of OTPs, but a feature of using them. OTPs can help prevent unauthorized access to privileged accounts, as they require the user to have both the OTP and the regular password to access the target system. This means that no single actor can use the password without authorization, as they would need the cooperation of another actor who has the OTP. However, this is not the main goal of using OTPs, but rather a capability of using them.
References:
✑ 1: One-time password
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
Correct Answer:A
When onboarding multiple accounts from the Pending Accounts list, all the selected accounts must be associated with the same platform. This is necessary because the platform setting determines how the accounts will be managed within CyberArk, including the policies and behaviors that apply to those accounts. If an account contains dependencies, those dependencies are automatically onboarded with the account. This ensures that all accounts and their dependencies are managed consistently and according to the correct policies1.
References:
✑ CyberArk’s official documentation on Onboarding Accounts and SSH Keys1.