PAM-DEF CyberArk Exam Questions and Free Practice Test

Question 13

Which file must be edited on the Vault to configure it to send data to PTA?

A. dbparm.ini

B. PARAgent.ini

C. my.ini

D. padr.ini

Correct Answer:A
To configure the CyberArk Vault to send data to Privileged Threat Analytics (PTA), you must edit the dbparm.ini file on the Vault. This file contains parameters that specify how the Vault should forward syslog events to PTA, ensuring that the Vault can send secured syslog data to PTA for analysis and threat detection1. References:
✑ CyberArk Docs: Configure Vault Trusted Connection to PTA2
✑ Netenrich: CyberArk Vault via Syslog1

Question 14

A logon account can be specified in the platform settings.

A. True

B. False

Correct Answer:A
A logon account can be specified in the platform settings of CyberArk, a security software that manages privileged accounts and credentials. According to the CyberArk documentation1, "In the Account Details window, in the CPM pane, in the accounts section, you can associate either a logon account or a reconciliation account. If a default logon account has been configured for the platform that manages this account, that account is listed. You can associate another logon account or leave the default account as it is."1 A logon account is an account that is used to log on to a target system and perform password management operations on other accounts. A reconciliation account is an account that is used to restore access to a target system when the logon account fails.

Question 15

Where can a user with the appropriate permissions generate a report? (Choose two.)

A. PVWA > Reports

B. PrivateArk Client

C. Cluster Vault Manager

D. PrivateArk Server Monitor

E. PARClient

Correct Answer:AB
A user with the appropriate permissions can generate a report in the PVWA (Privileged Vault Web Access) under theReports section1. Users who belong to the group specified in the ManageReportsGroup parameter in the Reports section of the Web Access Options in the System Configuration page are able to generate reports in the PVWA. By default, this group is the PVWAMonitor group1. Additionally, reports can be generated using the PrivateArk Client, which is a desktop application that provides a direct interface to manage the CyberArk Vault and its contents, including the generation of
reports2.
References:
✑ CyberArk Docs - Reports in PVWA1
✑ CyberArk Docs - Generate the Report2

Question 16

What is the purpose of the PrivateArk Database service?

A. Communicates with components

B. Sends email alerts from the Vault

C. Executes password changes

D. Maintains Vault metadata

Correct Answer:D
The purpose of the PrivateArk Database service is to maintain the Vault metadata, which includes the information about the Safes, accounts, policies, users, groups, and audit records that are stored in the Vault. The PrivateArk Database service is a Windows service that manages the database files that contain the Vault data. The PrivateArk Database service is responsible for creating, updating, deleting, and backing up the database files, as well as performing encryption and compression operations on the data1. The PrivateArk Database service is installed automatically as part of the Vault server installation and can be configured using the DBParm.ini file2.
The other options are not the purpose of the PrivateArk Database service, although they may be related to other services or components of the Vault. The PrivateArk Server service is the service that communicates with the components, such as the PVWA, the CPM, the PSM, and the PTA, and handles the requests from the clients and components3. The Event Notification Engine service is the service that sends email alerts from the Vault, based on predefined events and recipients4. The Central Policy Manager component is the component that executes password changes, verifications, and reconciliations for the accounts that are managed by the Vault. References:
✑ Server Components - CyberArk, section “The PrivateArk Server process (Dbmain)”
✑ DBParm.ini - CyberArk, section “Main parameters”
✑ Server Components - CyberArk, section “The PrivateArk Server process (Dbmain)”
✑ Event Notification Engine - CyberArk, section “Event Notification Engine”
✑ [Change Passwords - CyberArk], section “Change Passwords”

Question 17

In the Private Ark client, how do you add an LDAP group to a CyberArk group?

A. Select Update on the CyberArk group, and then click Add > LDAP Group

B. Select Update on the LDAP Group, and then click Add > LDAP Group

C. Select Member Of on the CyberArk group, and then click Add > LDAP Group

D. Select Member Of on the LDAP group, and then click Add > LDAP Group

Correct Answer:C
To add an LDAP group to a CyberArk group, you need to use the Private Ark client and follow these steps1:
✑ In the Users and Groups tree, select the CyberArk group that you want to add the
LDAP group to.
✑ In the Properties pane, click Member Of.
✑ Click Add > LDAP Group.
✑ In the LDAP Group dialog box, enter the name of the LDAP group and click OK. References: Add an LDAP group to a Vault group

Question 18

You are configuring a Vault HA cluster.
Which file should you check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks?

A. ClusterVault.ini

B. my.ini

C. vault.ini

D. DBParm.ini

Correct Answer:A
When configuring a Vault High Availability (HA) cluster, theClusterVault.ini file is the one you should check to confirm the correct drives have been assigned for the location of the Quorum and Safes data disks. This file contains the configuration settings for the cluster, including the drive assignments for the Quorum disk and the Vault data1. References:
✑ CyberArk Community: HA Cluster Vault - How do I configure multiple Storage Drives?

START PAM-DEF EXAM