Free PAM-DEF Exam Dumps

Question 41

Which processes reduce the risk of credential theft? (Choose two.)

A. require dual control password access approval
B. require password change every X days
C. enforce check-in/check-out exclusive access
D. enforce one-time password access

Correct Answer:BD

Question 42

Platform settings are applied to .

A. The entire vault.
B. Network Areas
C. Safes
D. Individual Accounts

Correct Answer:D
Platform settings are applied to individual accounts. A platform is a set of parameters that defines how the Vault manages the passwords of accounts that belong to a certain operating system or application. Each account in the Vault is attached to a platform that determines how the account password is changed, verified, reconciled, and accessed. Platform settings can be customized to meet the specific requirements of each account type. For example, you can define the password complexity, rotation frequency, verification method, and access policy for each platform. References: [Defender PAM Sample Items Study Guide], page 15; [CyberArk Privileged Access Security Documentation], Platforms Overview.

Question 43

For Digital Vault Cluster in a high availability configuration, how does the cluster determine if a node is down?

A. The heartbeat s no longer detected on the private network.
B. The shared storage array is offline.
C. An alert is generated in the Windows Event log.
D. The Digital Vault Cluster does not detect a node failure.

Correct Answer:A
In a Digital Vault Cluster environment, each node has a Cluster Vault Manager (CVM) service that monitors the local resources and the status of the other node via a private network1. The CVM service sends a heartbeat signal to the other node every few seconds to check its availability2. If the heartbeat is not detected for a certain period of time, the CVM service assumes that the other node is down and triggers a failover process3. The failover process involves shutting down the resources on the failed node and starting them on the available node4. References: Digital Vault Cluster environment, CyberArk High-Availability Vault Cluster, Manage the CyberArk Digital Cluster Vault Server, Local resources failover process

Question 44

Which change could CyberArk make to the REST API that could cause existing scripts to fail?

A. adding optional parameters in the request
B. adding additional REST methods
C. removing parameters
D. returning additional values in the response

Correct Answer:C
Changes to the REST API that could cause existing scripts to fail include removing parameters. When parameters are removed from an API, scripts that rely on those parameters being present may no longer function correctly because they expect certain data to be available. This can lead to errors or unexpected behavior in the scripts that use the API1.
References:
✑ CyberArk Docs: REST APIs1

Question 45

A Reconcile Account can be specified in the Master Policy.

A. TRUE
B. FALSE

Correct Answer:B
A Reconcile Account is not specified in the Master Policy, but in the Platform settings. The Master Policy defines the general password management settings for all the accounts in the Vault, such as the frequency of password rotation and verification. The Platform settings define the specific password management settings for each type of target system, such as the password complexity and the Reconcile Account. References:
✑ Defender PAM course, Module 2: Password Management, Lesson 2: Master Policy and Platforms, slide 8
✑ Defender PAM course, Module 2: Password Management, Lesson 3: Reconcile and Logon Accounts, slide 2
✑ Defender PAM Sample Items Study Guide, Question 37
✑ CyberArk Privileged Access Security Documentation, Password Management - Master Policy
✑ CyberArk Privileged Access Security Documentation, Password Management - Platforms