Practice Free CPC-SEN Exam Online Questions
Question #11
Following the installation of the PSM for SSH server, which additional tasks should be performed? (Choose 2.)
- A . Delete the user.cred file used during installation.
- B . Delete the vault.ini you used during installation.
- C . Delete the psmpparms file you used during installation.
- D . Package all installation log files for upload to CyberArk.
Correct Answer: A, C
A, C
Explanation:
Following the installation of the PSM for SSH server, certain security and cleanup tasks are crucial to secure the environment and eliminate potential vulnerabilities:
Delete the user.cred file used during installation (A): The user.cred file contains sensitive credential information used during the installation process. Deleting this file post-installation ensures that this sensitive data is not left accessible on the system, mitigating the risk of unauthorized access.
Delete the psmpparms file you used during installation (C): Similar to the user.cred file, the psmpparms file often contains parameters that might include sensitive configuration details. Removing this file after the installation process is completed helps in securing the server by removing potential leakage points of sensitive information.
These actions are part of best practices to secure the installation environment and reduce the risk of sensitive information exposure.
A, C
Explanation:
Following the installation of the PSM for SSH server, certain security and cleanup tasks are crucial to secure the environment and eliminate potential vulnerabilities:
Delete the user.cred file used during installation (A): The user.cred file contains sensitive credential information used during the installation process. Deleting this file post-installation ensures that this sensitive data is not left accessible on the system, mitigating the risk of unauthorized access.
Delete the psmpparms file you used during installation (C): Similar to the user.cred file, the psmpparms file often contains parameters that might include sensitive configuration details. Removing this file after the installation process is completed helps in securing the server by removing potential leakage points of sensitive information.
These actions are part of best practices to secure the installation environment and reduce the risk of sensitive information exposure.
Question #12
You are deploying a CyberArk Identity Connector to integrate Privilege Cloud Shared Services with an Active Directory environment.
Which requirement must be met?
- A . The Identity Connector Server must be joined to the Active Directory.
- B . The Server must be a member of the root domain of the Active Directory forest.
C The Identity Connector must be installed on a Domain Controller. - C . The Identity Connector must be installed using Domain Administrator credentials.
Correct Answer: A
A
Explanation:
When deploying a CyberArk Identity Connector to integrate Privilege Cloud Shared Services with an Active Directory environment, the server hosting the Identity Connector must meet specific requirements to ensure proper integration and functionality.
The necessary condition is:
The Identity Connector Server must be joined to the Active Directory (Option A). This requirement ensures that the server can communicate effectively with the Active Directory services and manage identity data securely and efficiently. Being part of the Active Directory domain facilitates authentication and authorization processes required for the connector to function correctly.
Reference: CyberArk installation and configuration guides typically emphasize the importance of having the Identity Connector server joined to the domain to allow seamless interaction with Active Directory services.
A
Explanation:
When deploying a CyberArk Identity Connector to integrate Privilege Cloud Shared Services with an Active Directory environment, the server hosting the Identity Connector must meet specific requirements to ensure proper integration and functionality.
The necessary condition is:
The Identity Connector Server must be joined to the Active Directory (Option A). This requirement ensures that the server can communicate effectively with the Active Directory services and manage identity data securely and efficiently. Being part of the Active Directory domain facilitates authentication and authorization processes required for the connector to function correctly.
Reference: CyberArk installation and configuration guides typically emphasize the importance of having the Identity Connector server joined to the domain to allow seamless interaction with Active Directory services.
Question #13
To disable the PSM default Support for Browser Sessions, which option should be set to ‘No* before running Hardening?
- A . SupportWebApplications
- B . SupportBrowsers
- C . SupportWebBrowsers
- D . SupportHTML5Content
Correct Answer: B
B
Explanation:
To disable the PSM default support for browser sessions, the option SupportBrowsers should be set to ‘No’ before running the hardening process. This configuration change is made within the PSM’s configuration files, typically found in the PSM’s administrative interface or directly within specific XML configuration files like PSMHardening.xml. Setting this option to ‘No’ prevents the PSM from processing session requests that involve web browsers, thereby enhancing security by limiting the session types the PSM will support. This setting is particularly important in environments where web browsing sessions are deemed unnecessary or too risky.
B
Explanation:
To disable the PSM default support for browser sessions, the option SupportBrowsers should be set to ‘No’ before running the hardening process. This configuration change is made within the PSM’s configuration files, typically found in the PSM’s administrative interface or directly within specific XML configuration files like PSMHardening.xml. Setting this option to ‘No’ prevents the PSM from processing session requests that involve web browsers, thereby enhancing security by limiting the session types the PSM will support. This setting is particularly important in environments where web browsing sessions are deemed unnecessary or too risky.
Question #14
Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM.
Which file should you update to allow this to run?
- A . PSMConfigureAppLocker.xml
- B . PSMHardening.xml
- C . PSMAppConfig.xml
- D . PSMConfigureHardening xml
Correct Answer: A
A
Explanation:
To allow a PSM Universal Connector executable to run on the PSM after the hardening process, you should update the PSMConfigureAppLocker.xml file. This file configures AppLocker, which is a feature that controls which apps and files users can run on a system. Including the necessary executable in the PSMConfigureAppLocker.xml ensures it is whitelisted by AppLocker policies, thus permitted to execute even under the hardened security settings of the PSM environment. Reference to this configuration can be found in the CyberArk Privilege Session Manager implementation documentation, specifically in sections detailing customization and security hardening of environment configurations.
A
Explanation:
To allow a PSM Universal Connector executable to run on the PSM after the hardening process, you should update the PSMConfigureAppLocker.xml file. This file configures AppLocker, which is a feature that controls which apps and files users can run on a system. Including the necessary executable in the PSMConfigureAppLocker.xml ensures it is whitelisted by AppLocker policies, thus permitted to execute even under the hardened security settings of the PSM environment. Reference to this configuration can be found in the CyberArk Privilege Session Manager implementation documentation, specifically in sections detailing customization and security hardening of environment configurations.
Question #15
You have been tasked with deploying a Privilege Cloud PSM for SSH connector When the initial installation has successfully completed, you create and permission several maintenance users to be used for administering the connector.
Which configuration file must be updated to define these maintenance users?
- A . sshd.config
- B . basic_psmpserver.conf
- C . sshd_config
- D . psmpparms
Correct Answer: C
C
Explanation:
The sshd_config file is the correct configuration file that must be updated to define maintenance users for administering the Privilege Cloud PSM for SSH connector. This file contains configurations for the SSH daemon, including user permissions and group settings. When adding maintenance users, their user accounts are created on the PSM server, and then they are added to the AllowGroups parameter within the sshd_config file to grant them the necessary permissions.
Reference: CyberArk documentation on the PSM for SSH environment1. CyberArk Sentry guide on how to add maintenance users for SSH PSM
When deploying a Privilege Cloud PSM for SSH connector, the configuration file that must be updated to define maintenance users is "sshd_config". This file is used to configure options specific to the SSH daemon, which includes user permissions, authentication methods, and other security-related settings. To add and configure maintenance users for the PSM for SSH, you will need to modify this file to specify allowed users and their respective privileges.
Reference: The configuration of SSH-related components typically involves the "sshd_config" file, as outlined in SSH and PSM for SSH setup guides. This is a standard practice in systems that utilize SSH for secure communications and management.
C
Explanation:
The sshd_config file is the correct configuration file that must be updated to define maintenance users for administering the Privilege Cloud PSM for SSH connector. This file contains configurations for the SSH daemon, including user permissions and group settings. When adding maintenance users, their user accounts are created on the PSM server, and then they are added to the AllowGroups parameter within the sshd_config file to grant them the necessary permissions.
Reference: CyberArk documentation on the PSM for SSH environment1. CyberArk Sentry guide on how to add maintenance users for SSH PSM
When deploying a Privilege Cloud PSM for SSH connector, the configuration file that must be updated to define maintenance users is "sshd_config". This file is used to configure options specific to the SSH daemon, which includes user permissions, authentication methods, and other security-related settings. To add and configure maintenance users for the PSM for SSH, you will need to modify this file to specify allowed users and their respective privileges.
Reference: The configuration of SSH-related components typically involves the "sshd_config" file, as outlined in SSH and PSM for SSH setup guides. This is a standard practice in systems that utilize SSH for secure communications and management.
Question #16
What is the correct CyberArk user to use when installing the Privilege Cloud Connector software?
- A . installeruser@<suffix>
- B . Administrator
- C . <subdomain>_admin
- D . Installer
Correct Answer: C
C
Explanation:
The correct CyberArk user to use when installing the Privilege Cloud Connector software is typically formatted as <subdomain>_admin. This username format indicates a privileged administrative account associated with the specific subdomain of the CyberArk Privilege Cloud installation. It ensures that the user has sufficient permissions to perform installation tasks across the environment, which are crucial for setting up and configuring the connectors correctly. Details about user roles and permissions can be found in the CyberArk Privilege Cloud installation and configuration guide.
C
Explanation:
The correct CyberArk user to use when installing the Privilege Cloud Connector software is typically formatted as <subdomain>_admin. This username format indicates a privileged administrative account associated with the specific subdomain of the CyberArk Privilege Cloud installation. It ensures that the user has sufficient permissions to perform installation tasks across the environment, which are crucial for setting up and configuring the connectors correctly. Details about user roles and permissions can be found in the CyberArk Privilege Cloud installation and configuration guide.
1 2