CyberArk CAU201 Daily Practice Exam New 2023 Updated 179 Questions [Q80-Q103]

5/5 - (2 votes)

CyberArk CAU201 Daily Practice Exam New 2023 Updated 179 Questions

Use Valid CAU201 Exam – Actual Exam Question & Answer

CyberArk Defender Certification Exam (CAU201) is a professional certification that validates the skills and knowledge of individuals in implementing and managing CyberArk privileged access security solutions. CAU201 exam covers a wide range of topics that are critical to the implementation and management of CyberArk solutions. Earning the CyberArk Defender Certification is an important achievement for security professionals and IT administrators, as it validates their skills and knowledge and opens up new career opportunities.

QUESTION 80
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?

Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account of the target server’s root account.

Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server’s root account.

Configure the Unix system to allow SSH logins.

Configure the CPM to allow SSH logins.

Explanation/Reference:

QUESTION 81
Which of the following properties are mandatory when adding accounts from a file? (Choose three.)

Safe Name

Platform ID

All required properties specified in the Platform

Username

Address

Hostname

QUESTION 82
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.
What is the least intrusive way to accomplish this?

Use the “change” button on the usage’s details page.

Use the “change” button on the parent account’s details page.

Use the “sync” button on the usage’s details page.

Use the “reconcile” button on the parent account’s details page.

QUESTION 83
In accordance with best practice, SSH access is denied for root accounts on UNIXLINUX system.
What is the BEST way to allow CPM to manage root accounts?

Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM
machine. Configure this account of the target server’s root account.

Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the
CPM machine. Configure this account as the Logon account of the target server’s root account.

Configure the Unix system to allow SSH logins.

Configure the CPM to allow SSH logins.

QUESTION 84
Accounts Discovery allows secure connections to domain controllers.

TRUE

FALSE

QUESTION 85
One can create exceptions to the Master Policy based on ____________________.

Safes

Platforms

Policies

Accounts

Explanation/Reference: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/The-Master-
Policy.htm

QUESTION 86
When running a “Privileged Accounts Inventory” Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?

List Accounts, View Safe Members

Manage Safe Owners

List Accounts, Access Safe without confirmation

Manage Safe, View Audit

QUESTION 87
A Logon Account can be specified in the Master Policy.

TRUE

FALS

QUESTION 88
Which of the following files must be created or configured m order to run Password Upload Utility? Select all that apply.

PACli.ini

Vault.ini

conf.ini

A comma delimitedupload file

QUESTION 89
Via Password Vault Web Access (PVWA), a user initiates a PSM connection to the target Linux machine using RemoteApp. When the client’s machine makes an RDP connection to the PSM server, which user will be utilized?

Credentials stored in the Vault for the target machine

Shadowuser

PSMConnect

PSMAdminConnect

QUESTION 90
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?

Auditors

Vault Admin

DR Users

Operators

QUESTION 91
It is possible to control the hours of the day during which a user may log into the vault.

TRUE

FALSE

QUESTION 92
To enable the Automatic response “Add to Pending” within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?

List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties

List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe

Add accounts (includes update properties), Update Account content, Update Account properties, View Audit

View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit

QUESTION 93
Time of day or day of week restrictions on when password verifications can occur configured in ____________________.

The Master Policy

The Platform settings

The Safe settings

The Account Details

QUESTION 94
What is the purpose of the Immediate Interval setting in a CPM policy?

To control how often the CPM looks for System Initiated CPM work.

To control how often the CPM looks for User Initiated CPM work.

To control how often the CPM rests between password changes.

To Control the maximum amount of time the CPM will wait for a password change to complete.

QUESTION 95
In your organization the “click to connect” button is not active by default.
How can this feature be activated?

Policies > Master Policy > Allow EPV transparent connections > Inactive

Policies > Master Policy > Session Management > Require privileged session monitoring and isolation > Add Exception

Policies > Master Policy > Allow EPV transparent connections > Active

Policies > Master Policy > Password Management

QUESTION 96
For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.

Create an exception to the Master Policy to exclude the group from the workflow process.

Edit the master policy rule and modify the advanced ‘Access safe without approval’ rule to include the group.

On the safe in which the account is stored grant the group the ‘Access safe without audit’ authorization.

On the safe in which the account is stored grant the group the ‘Access safe without confirmation’ authorization.

Explanation/Reference:
Reference: https://www.reddit.com/r/CyberARk/comments/6270zr/dual_control_on_specific_accounts/

QUESTION 97
Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?

Privileged Accounts Inventory

Privileged Accounts Compliance Status

Activity Log

Privileged Accounts CPM Status

QUESTION 98
Can the ‘Connect’ button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?

Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.

Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.

Yes, if a logon account is associated with the root account.

No, it is not possible.

QUESTION 99
Customers who have the ‘Access Safe without confirmation’ safe permission on a safe where accounts are configured for Dual control, still need to request approval to use the account.

TRUE

FALSE

QUESTION 100
Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?

Accounts Discovery

Auto Detection

Onboarding RestAPI functions

PTA Rules

QUESTION 101
What is the name of the Platform parameter that controls how long a password will stay valid when One Time
Passwords are enabled via the Master Policy?

MinValidityPeriod

Interval

ImmediateInterval

Timeout

QUESTION 102
Accounts Discovery allows secure connections to domain controllers.

TRUE

FALSE

Explanation/Reference:

QUESTION 103
You need to enable the PSM for all platforms.
Where do you perform this task?

Platform Management > (Platform) > UI & Workflows

Master Policy > Session Management

Master Policy > Privileged Access Workflows

Administration > Options > Connection Components

Loading …

Test Engine to Practice CAU201 Test Questions: https://www.dumpleader.com/CAU201_exam.html

Leave a Reply Cancel reply