Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

Correct Answer:C
According to the CyberArk Defender PAM documentation1, when a user initiates a PSM connection to the target Linux machine using RemoteApp via PVWA, the client’s machine makes an RDP connection to the PSM server using the PSMConnect user. The PSMConnect user is a local or domain user that starts PSM sessions on the PSM machine. The PSMConnect user has limited permissions and access rights on the PSM server, and its credentials are managed by the CPM. The PSMConnect user retrieves the credentials of the target account from the vault and uses them to establish a secure connection to the target machine. The user can then interact with the target machine through the PSM session, while the PSM server records and audits the session activity.

In your organization the “click to connect” button is not active by default. How can this feature be activated?

Correct Answer:C
The “click to connect” button is a feature that allows users to connect to target systems without entering their credentials manually. It is also known as EPV transparent connections or PSM transparent connections. To activate this feature, you need to enable the Allow EPV transparent connections parameter in the Master Policy. This parameter determines whether users can use the “click to connect” button to initiate a privileged session from the PVWA. If the parameter is set to Active, the button is enabled and users can connect to target systems with one click. If the parameter is set to Inactive, the button is disabled and users need to copy the credentials and paste them in the target system login screen. References: Connect and configure - CyberArk, How to enable/disable Connect button in PVWA console - force.com

Which option in the Private Ark client is used to update users’ Vault group memberships?

Correct Answer:C
In the Private Ark client, to update users’ Vault group memberships, you use the Update > Member Of tab. This tab allows administrators to manage which groups a user is a member of. By adding or removing groups in this tab, you can effectively update the user’s group memberships and, consequently, their access permissions within the Vault1.
References:
✑ CyberArk’s official documentation on managing users in the Private Ark client, which includes instructions on how to update users’ group memberships

Refer to the exhibit.

Why is user "EMEALevel2Support" unable to change the password for user "Operator"?

Correct Answer:D
The image description indicates that “EMEALevel2Support” has the following rights: Add/Update Users, Manage Server File Categories, Manage Directory Mapping, Backup All Files, Restore All Files. Since there is no mention of the right to reset passwords for other users, this suggests that “EMEALevel2Support” lacks the necessary permission to change the password for “Operator”.

Which of the following components can be used to create a tape backup of the Vault?

Correct Answer:C
The Replicate component can be used to create a tape backup of the Vault. The Replicate component is a utility that exports the encrypted contents of the Safes and the Vault metadata to a computer outside the Vault environment. A global backup system can then access the replicated files and copy them to a tape or any other backup media. The Replicate component is part of the CyberArk Backup Process, which provides a secure and easy method of backing up and restoring the Vault data12. The other components are not related to the tape backup of the Vault. Disaster Recovery is a feature that enables the Vault to recover from a catastrophic failure by using a standby Vault server3. Distributed Vaults is a feature that enables the Vault to synchronize data with other Vaults in different locations4. High Availability is a feature that enables the Vault to maintain continuous operation by using a primary and a secondary Vault server. References:
✑ Use the CyberArk Backup Process - CyberArk, section “Use the CyberArk Backup
Process”
✑ Install the Vault Backup Utility - CyberArk, section “Backup utilities”
✑ Disaster Recovery - CyberArk, section “Disaster Recovery”
✑ Distributed Vaults - CyberArk, section “Distributed Vaults”
✑ [High Availability - CyberArk], section “High Availability”

You need to enable the PSM for all platforms. Where do you perform this task?

Correct Answer:A
To enable PSM for specific platforms, you need to go to Platform Management, select the platform you want to configure, click Edit, expand UI & Workflows, and select Privileged Session Management. There you can customize the PSM settings for that platform, such as the PSM server ID, the connection components, the PSM connection method, and the PSM recording options. You can also disable dual control for PSM connections if needed. References: Configure PSM for Specific Platforms