• Home
  • Articles
  • [Oct 23, 2021] Free CyberArk Defender CAU201 Official Cert Guide PDF Download [Q44-Q66]

[Oct 23, 2021] Free CyberArk Defender CAU201 Official Cert Guide PDF Download [Q44-Q66]

Share

[Oct 23, 2021] Free CyberArk Defender CAU201 Official Cert Guide PDF Download

CyberArk CAU201 Official Cert Guide PDF


How much CAU201 Exam Cost

The price of the CAU201 exam is $200 USD

 

NEW QUESTION 44
Which of the following options is not set in the Master Policy?

  • A. Password Complexity
  • B. Password Expiration Time
  • C. The use of "One-Time-Passwords"
  • D. Enabling and Disabling of the Connection Through the PSM

Answer: A

 

NEW QUESTION 45
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.

  • A. only those permissions that exist in all groups to which the user belongs.
  • B. the cumulative permissions of all groups to which that user belongs.
  • C. the vault will not allow this situation to occur.
  • D. only those permissions that exist on the group added to the safe first.

Answer: D

 

NEW QUESTION 46
Which of the following Privileged Session Management (PSM) solutions support live monitoring of active sessions?

  • A. PSM for Windows (previously known as RDP Proxy)
  • B. All of the above
  • C. PSM for SSH (previously known as PSM-SSH Proxy)
  • D. PSM (i.e., launching connections by clicking on the connect button in the Password Vault Web Access (PVWA)

Answer: B

 

NEW QUESTION 47
Platform settings are applied to _________.

  • A. Network Areas
  • B. Safes
  • C. The entire vault.
  • D. Individual Accounts

Answer: D

 

NEW QUESTION 48
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.

  • A. The CPM does not change the password under this circumstance
  • B. Interval
  • C. ImmediateInterval
  • D. HeadStartInterval

Answer: B

 

NEW QUESTION 49
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the
accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and
connect buttons on those passwords at any time without confirmation. The members of the AD group
OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an
emergency basis, but only with the approval of a member of OperationsManagers. The members of
OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to OperationsStaff? Check all that apply.

  • A. Retrieve Accounts
  • B. Authorize Password Requests
  • C. List Accounts
  • D. Access Safe without Authorization
  • E. Use Accounts

Answer: E

Explanation:
Explanation/Reference:

 

NEW QUESTION 50
What is the name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?

  • A. MinValidityPeriod
  • B. ImmediateInterval
  • C. Timeout
  • D. Interval

Answer: C

 

NEW QUESTION 51
The password upload utility must run from the CPM server

  • A. FALSE
  • B. TRUE

Answer: A

Explanation:
Explanation/Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Password- Upload-Utility.htm

 

NEW QUESTION 52
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

  • A. Create an exception to the Master Policy to exclude the group from the workflow process.
  • B. On the safe in which the account is stored grant the group the' Access safe without confirmation' authorization.
  • C. Edith the master policy rule and modify the advanced' Access safe without approval' rule to include the group.
  • D. On the safe in which the account is stored grant the group the' Access safe without audit' authorization.

Answer: B

 

NEW QUESTION 53
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?

  • A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account of the target server's root account.
  • B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account.
  • C. Configure the CPM to allow SSH logins.
  • D. Configure the Unix system to allow SSH logins.

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 54
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session Analysis and Response in the PVWA?

  • A. Auditors
  • B. Vault Admins
  • C. Security Operators
  • D. Security Admins

Answer: D

Explanation:
Explanation/Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PTA/Security- Configuration.htm

 

NEW QUESTION 55
Which one of the following reports is NOT generated by using the PVWA?

  • A. Compliance Status
  • B. Account Inventory
  • C. Safes List
  • D. Application Inventory

Answer: C

Explanation:
Explanation/Reference:
Reference: https://techinsight.com.vn/language/en/privileged-account-security-solution-part-2/

 

NEW QUESTION 56
As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 57
The System safe allows access to the Vault configuration files.

  • A. FALSE
  • B. TRUE

Answer: A

 

NEW QUESTION 58
VAULT authorizations may be granted to ____________________.
Select all that apply.

  • A. Vault Groups
  • B. LDAP Users
  • C. LDAP Groups
  • D. Vault Users

Answer: B

 

NEW QUESTION 59
Match the log file name with the CyberArk Component that generates the log.

Answer:

Explanation:

 

NEW QUESTION 60
Which parameter controls how often the CPM looks for Soon-to-be-expired Passwords that need to be
changed.

  • A. ImmediateInterval
  • B. The CPM does not change the password under this circumstance
  • C. HeadStartInterval
  • D. Interval

Answer: A

 

NEW QUESTION 61
When managing SSH keys, the CPM stored the Private Key

  • A. Nowhere because the private key can always be generated from the public key.
  • B. On the target server
  • C. In the Vault
  • D. A & B

Answer: C

 

NEW QUESTION 62
Vault admins must manually add the auditors group to newly created safes so auditors will have sufficient access to run reports.

  • A. FALSE
  • B. TRUE

Answer: A

Explanation:
Explanation/Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/MESSAGES/Password
%20Vault%20Web%20Access%20Messages-%20General.htm

 

NEW QUESTION 63
What is the purpose of the Immediate Interval setting in a CPM policy?

  • A. To control how long the CPM rests between password changes.
  • B. To control how often the CPM looks for User Initiated CPM work.
  • C. To control how often the CPM looks for System Initiated CPM work.
  • D. To control the maximum amount of time the CPM will wait for a password change to complete.

Answer: A

 

NEW QUESTION 64
A Reconcile Account can be specified in the Master Policy.

  • A. FALS
  • B. TRUE

Answer: B

 

NEW QUESTION 65
In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX system. What is the BEST way to allow CPM to manage root accounts.

  • A. Configure the CPM to allow SSH logins.
  • B. Create a non-privileged account on the target server.Allow this account the ability to SSHdirectly from the CPM machine.Configure this account as the Logon account of the target server's root account.
  • C. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server's root account.
  • D. Configure the Unix system to allow SSH logins.

Answer: A

 

NEW QUESTION 66
......


Understanding functional and technical aspects of CyberArk User Management Configuration

The following will be discussed in the CAU-201 exam dumps:

  • Provision an internally authenticated user in the vault
  • Set/Reset a Vault User’s Password
  • Configure Safe Level Permissions on a User or Group
  • Describe the purpose of each Built-In Vault User
  • Add a User to a Vault Group
  • Validate Proper Function of Pre-Configured Directory Mappings
  • Configure additional LDAP hosts
  • Be able to describe the difference between safe and vault level permissions without the GUI (web or PA client)
  • Add an LDAP User/Group to a Local Group
  • Configure Vault Level Permissions on a User
  • Login as the Master user
  • Verify an LDAP Configuration is using SSL

 

Free CAU201 Exam Dumps to Improve Exam Score: https://www.prepawaypdf.com/CyberArk/CAU201-practice-exam-dumps.html

Related Articles

more
CyberArk CAU201 Certification Practice Exam