You want to give a newly-created group rights to review security events under the Security pane. You also want to be able to update the status of these events. Where must you update the group to allow this?
As long as you are a member of the Vault Admins group you can grant any permission on any safe.
Correct Answer: A
Question 138
You want to build a connector that connects to a website through the Web applications for PSM framework. Which default connector do you duplicate and modify?
Correct Answer: D
Explanation When building a connector to connect to a website through the Web applications for PSM framework, you would duplicate and modify the default connector PSM-WebAppSample. This sample connector serves as a template that can be customized to fit the specific requirements of the web application you are targeting. It provides a starting point with predefined settings that can be adjusted to create a new, functional connector for the desired web application12. References: * CyberArk Docs - Web applications for PSM2 * CyberArk Docs - Configure PSM to connect to Web applications1
Question 139
Which report could show all accounts that are past their expiration dates?
Correct Answer: A
Explanation The Privileged Account Compliance Status report shows the compliance status of all privileged accounts in the Vault, based on the expiration date and password change policy. This report can help identify accounts that are past their expiration dates and need to be updated or removed. References: * [Defender PAM Sample Items Study Guide], page 18, question 90 * [CyberArk Privileged Access Security Documentation], version 12.3, Reports Guide, page 27, Privileged Account Compliance Status report
Question 140
Select the best practice for storing the Master CD.
Correct Answer: C
Explanation The best practice for storing the Master CD is to store it in a secure location, such as a physical safe. The Master CD contains the server key, the public recovery key, and the private recovery key, which are essential for starting, operating, and recovering the Vault. These keys are sensitive and should be protected from unauthorized access, loss, or damage. Therefore, storing the CD in a physical safe ensures that the keys are kept in a secure location when not in use, and that they are available when needed. This is the recommended option by CyberArk1. The other options are not best practices and should be avoided, as they expose the keys to potential risks, such as theft, corruption, or deletion. Copying the files to the Vault server and discarding the CD is not secure, as it makes the keys accessible to anyone who can access the Vault server or compromise its security. Copying the contents of the CD to a Hardware Security Module (HSM) and discarding the CD is not feasible, as the HSM can only store the server key, not the recovery keys2. Storing the CD in a secure location, such as a physical safe, and copying the contents of the CD to a folder secured with NTFS permissions on the Vault is not necessary, as it creates redundant copies of the keys that may not be synchronized or updated. Moreover, NTFS permissions are not sufficient to protect the keys from malicious or accidental actions. References: * Server Keys - CyberArk, section "Server Keys" * Store the Server Key in an HSM - CyberArk, section "Store the Server Key in an HSM"
