CPC-SEN Free Sample Questions

A financial services firm is implementing CyberArk Privilege Cloud and requires a highly available architecture for their on-premises Connectors. The primary data center hosts two Connectors in an active-active cluster behind a load balancer. A disaster recovery (DR) site is prepared with identical network segments. The DR plan requires a manual failover process that can be completed within a 4-hour RTO. What is the MOST efficient method to provision the Connectors in the DR site to meet this requirement?

A security administrator is configuring a new platform for managing Cisco IOS devices. The platform must support password changes and verification. The administrator has duplicated the default Cisco Router platform but needs to ensure that the process uses `enable` mode for verification. Which platform parameter should be modified to specify the privileged mode prompt?

During a security audit, an organization discovers that its session recordings are being stored on the PSM server's local disk, which violates their data retention policy requiring off-host storage for audit logs. The PSM servers are deployed as part of the Privilege Cloud Connector. Which of the following actions must be taken to remediate this finding? (Select TWO).

A consultant is automating the onboarding of several hundred Windows service accounts into Privilege Cloud using the REST API. The script successfully adds the accounts to a Safe but fails to initiate the first password rotation. Analysis of the API response shows a `400 Bad Request` error on the password change call. The API user has full permissions on the Safe. What is the most likely cause of this failure?

True or False: When integrating CyberArk Privilege Cloud with an external SIEM system, the Secure Tunnel on the Privilege Cloud Connector must be used to forward audit logs.

A healthcare organization is deploying Privilege Cloud and has a strict requirement that all privileged sessions to their Electronic Health Record (EHR) database servers must be monitored in real-time by a security analyst. The connection must also be terminated immediately if suspicious activity is detected. Which Privilege Cloud feature directly supports this requirement?

An administrator is attempting to onboard a newly provisioned AWS IAM User account into Privilege Cloud. The onboarding fails with an error indicating 'Invalid credentials'. The administrator has confirmed the Access Key ID and Secret Access Key are correct. The IAM user has the `IAMUserGet` and `IAMUserUpdateAccessKey` permissions. What is the most likely missing permission causing the failure?

A university is configuring SAML authentication for Privilege Cloud to integrate with their central Shibboleth Identity Provider (IdP). After configuring the integration, users are reporting a SAML error message upon redirection back to the PVWA, stating 'Invalid Assertion'. The IdP logs show a successful authentication. The PVWA system clock is synchronized with a reliable NTP source. What is the most likely misconfiguration?

What is the primary function of the Secure Tunnel component within the CyberArk Privilege Cloud Connector?

**Case Study** A rapidly growing e-commerce company is deploying CyberArk Privilege Cloud to manage access to its production AWS environment and on-premises legacy systems. The company has a large, distributed DevOps team that requires just-in-time (JIT) access to EC2 instances for troubleshooting. The security team has mandated that all access must be temporary, request-based, and fully audited. The legacy systems are managed by a separate IT operations team that requires persistent, standing access. **Current Situation:** The company uses Okta as its corporate Identity Provider (IdP) and has integrated it with Privilege Cloud for user authentication. The DevOps team members are part of an 'AWS-Admins' group in Okta. The IT operations team is in an 'IT-Ops' group. A single Safe named 'Production-Servers' has been created to store all privileged accounts. **Requirements:** 1. DevOps users must request access to specific EC2 instances for a limited time (e.g., 4 hours). 2. Access for DevOps users must require approval from a team lead. 3. IT-Ops users should have immediate, non-expiring access to the legacy system accounts. 4. All session activity for both teams must be recorded. Which combination of configurations will meet all these requirements?