Free Access to CyberArk.PAM-DEF.v2025-05-27.q112 with Valid Practice Test (Page 13)

Question 56

You need to enable the PSM for all platforms.
Where do you perform this task?

A.Master Policy > Session Management
B.Platform Management > (Platform) > UI & Workflows
C.Master Policy > Privileged Access Workflows
D.Administration > Options > Connection Components

Question 57

What is the purpose of the Interval setting in a CPM policy?

A.To control how often the CPM looks for System Initiated CPM work.
B.To control how often the CPM looks for User Initiated CPM work.
C.To control how long the CPM rests between password changes.
D.To control the maximum amount of time the CPM will wait for a password change to complete.

Question 58

Which Cyber Are components or products can be used to discover Windows Services or Scheduled Tasks that use privileged accounts? Select all that apply.

A.Discovery and Audit (DMA)
B.Auto Detection (AD)
C.Export Vault Data (EVD)
D.On Demand Privileges Manager (OPM)
E.Accounts Discovery

Question 59

You have associated a logon account to one your UNIX cool accounts in the vault. When attempting to
[b]change [/b] the root account's password the CPM will.....

A.Log in to the system as root, then change root's password
B.Log in to the system as the logon account, then change roofs password
C.Log in to the system as the logon account, run the su command to log in as root, and then change root's password.
D.None of these

Correct Answer: C

Explanation
When attempting to change the root account's password, the CPM will log in to the system as the logon account, run the su command to log in as root, and then change root's password. This is because the logon account is used to initiate sessions to machines that do not permit direct logon, such as Unix systems that restrict root access. When a logon account is associated with a privileged account, it will be used to log onto the remote machine and then elevate itself to the role of the privileged user. As different types of machines might have different logon prompts or elevation commands, the CPM can use the AutoLogonSequenceWithLogonAccount parameter to define the logon process and the elevation to the privileged account. This parameter contains regular expression prompts and responses that define the logon process and subsequent activities. The regular expressions can include dynamic values that the CPM reads from the account properties, user parameters, or client-specific parameters1. For example, the following is a possible AutoLogonSequenceWithLogonAccount parameter for a Unix platform:

This parameter instructs the CPM to log in to the system as the logon account, enter the logon password, run the su - command to switch to the root user, enter the logon password again, run the change command to change the root password, exit the root session, and exit the logon session1.
The other options are not correct, as follows:
* A. Log in to the system as root, then change root's password. This option is not possible, because the root account cannot be used for direct logon. The logon account is associated with the root account to enable the CPM to access the system and change the password1.
* B. Log in to the system as the logon account, then change root's password. This option is not effective, because the logon account does not have the permission to change the root's password. The logon account needs to elevate itself to the root user by using the su command before changing the password1.
* D. None of these. This option is not valid, because there is a correct answer among the choices.
References:
* 1: Logon Accounts for SSH and Telnet Connections

Question 60

Which of the following statements are NOT true when enabling PSM recording for a target Windows server?
(Choose all that apply)

A.The PSM software must be instated on the target server
B.PSM must be enabled in the Master Policy (either directly, or through exception)
C.PSMConnect must be added as a local user on the target server
D.RDP must be enabled on the target server

Correct Answer: A,C

Explanation
The following statements are not true when enabling PSM recording for a target Windows server:
* A. The PSM software must be instated on the target server. This is not true, because the PSM software is installed on a dedicated server that acts as a proxy between the user and the target server. The PSM server intercepts the user's connection request, initiates the connection to the target server, and records the privileged session. The target server does not need to have the PSM software installed on it1.
* C. PSMConnect must be added as a local user on the target server. This is not true, because PSMConnect is a predefined user that is created on the PSM server during the installation. This user is used to establish the connection between the PSM server and the target server, and to run the PSM processes. The target server does not need to have a local user named PSMConnect on it2.
The following statements are true when enabling PSM recording for a target Windows server:
* B. PSM must be enabled in the Master Policy (either directly, or through exception). This is true, because the Master Policy is a centralized overview of the security and compliance policy of privileged accounts in the organization. It allows the administrator to configure compliance driven rules that are defined as the baseline for the enterprise. One of the rules in the Master Policy is the Session Isolation rule, which determines whether or not privileged sessions are isolated and recorded by PSM. This rule can be enabled either directly in the Master Policy, or through an exception for a specific scope of accounts3.
* D. RDP must be enabled on the target server. This is true, because RDP is the protocol that is used by PSM to connect to Windows servers. The target server must have RDP enabled and configured properly to allow the PSM server to access it. The PSM server must also have the RDP client installed on it4.
References:
* 1: Privileged Session Manager
* 2: PSMConnect and PSMAdminConnect
* 3: Session Isolation
* 4: Configure RDP for PSM

Question 56

Question 57

Question 58

Question 59

Question 60

Download PDF File