PAM-DEF Free Sample Questions

During a routine audit, it was discovered that a new team of database administrators requires temporary, emergency access to a production SQL server account. The current platform configuration for this account enforces a dual-control workflow for password retrieval. The security policy mandates that for emergency access, the request must bypass the standard dual-control approval process but still require a documented justification and be automatically revoked after two hours. Which is the most efficient and secure method to configure this exception in CyberArk?

A financial services company is deploying a distributed CyberArk architecture with a primary Vault and a Disaster Recovery (DR) Vault. A junior administrator is attempting to troubleshoot a replication failure. They have confirmed network connectivity and that the `padr.ini` file is correctly configured. What are the next TWO most likely causes of the replication failure? (Select TWO)

A PSM server is configured to use a custom recording safe named 'PSM_Recordings_Finance' for all sessions initiated from platforms tagged with the 'Finance' category. However, a security analyst reports that recordings for the 'Finance-DB-Admins' platform are still being stored in the default 'PSMRecordings' safe. What is the most likely reason for this misconfiguration?

True or False: When integrating an external LDAP directory for user authentication, you must create a corresponding CyberArk Local User for every LDAP user that needs to log in.

An administrator needs to configure a platform so that when a user connects to a target system via PSM, the session automatically executes a specific post-connection command, such as `sudo -i`. Where in the platform settings should this be configured?

A hospital is using CyberArk to manage credentials for critical medical devices. A new regulation requires that any password for a device involved in patient care must be at least 20 characters long and changed every 30 days. However, a specific set of older infusion pumps can only support passwords with a maximum length of 15 characters. How should a Defender administrator implement this policy while maintaining compliance for the older devices?

A security team wants to ensure that all commands executed during PSM sessions on critical Linux servers are logged and auditable, even if the session itself is not being actively recorded as a video. Which component or feature must be configured to meet this requirement?

When defining an LDAP Directory Mapping in the PVWA, what is the primary purpose of the 'LDAP Branch' field?

A CPM is failing to change the password for a local Windows account on a target server. The log file shows the error message: `CACPM243W Failed to receive response from remote machine. Error: 5. Access is denied.` The reconcile account has been verified to have the correct permissions on the target server. Which of the following is the MOST likely cause of this error?

A global retail corporation is implementing CyberArk Privileged Access Security. They have a central IT team in North America and regional IT teams in Europe and Asia. The security policy requires that the regional IT teams can only manage safes and accounts pertaining to their specific region. The current safe naming convention is `Region-Application-Environment`, for example, `EU-SAP-Prod` or `APAC-Oracle-Dev`. The regional teams are mapped to Active Directory groups, such as `CyberArk-Admins-EU` and `CyberArk-Admins-APAC`. The goal is to grant safe management permissions automatically based on the safe's name without requiring manual intervention from the global IT team for every new safe created. Which CyberArk feature should be used to achieve this automated, attribute-based safe permission model?