2024年最新の実際のCPC-SEN問題集最新CyberArk練習テスト問題集ゲット [Q27-Q46]

Share

2024年最新の実際のCPC-SEN問題集最新CyberArk練習テスト問題集ゲット

CPC-SEN問題集PDFでCPC-SENリアル試験問題解答

質問 # 27
What is the default username for the PSM for SSH maintenance user?

  • A. psmp_maintenance
  • B. psmpmaintenanceuser
  • C. proxyusr
  • D. proxymng

正解:A

解説:
The default username for the Privileged Session Manager (PSM) for SSH maintenance user in CyberArk Privilege Cloud is psmp_maintenance. This account is used for maintenance purposes and is integral for administrative tasks and configurations related to SSH sessions managed by the PSM. The username is predefined and standardized across deployments to maintain consistency and ensure security best practices are adhered to. The username is mentioned in the CyberArk official documentation regarding PSM configuration for SSH.


質問 # 28
On the CPM, you want to verify if DEP is disabled for the required executables According to best practices, which executables should be listed? (Choose 2.)

  • A. mstsc.exe
  • B. putty.exe
  • C. Plink.exe
  • D. Telnet.exe

正解:B、C

解説:
On the Central Policy Manager (CPM), it is crucial to verify that Data Execution Prevention (DEP) is disabled for specific executables required for proper operation according to best practices. The relevant executables include:
Plink.exe (Option B): This executable is commonly used for SSH communications and may require DEP to be disabled to function correctly under certain configurations.
putty.exe (Option C): Similar to Plink.exe, Putty is another essential tool for SSH communications and might also require DEP to be disabled to prevent any execution issues.


質問 # 29
What is the correct CyberArk user to use when installing the Privilege Cloud Connector software?

  • A. Installer
  • B. <subdomain>_admin
  • C. Administrator
  • D. installeruser@<suffix>

正解:B

解説:
The correct CyberArk user to use when installing the Privilege Cloud Connector software is typically formatted as <subdomain>_admin. This username format indicates a privileged administrative account associated with the specific subdomain of the CyberArk Privilege Cloud installation. It ensures that the user has sufficient permissions to perform installation tasks across the environment, which are crucial for setting up and configuring the connectors correctly. Details about user roles and permissions can be found in the CyberArk Privilege Cloud installation and configuration guide.


質問 # 30
Following the installation of the PSM for SSH server, which additional tasks should be performed? (Choose 2.)

  • A. Package all installation log files for upload to CyberArk.
  • B. Delete the vault.ini you used during installation.
  • C. Delete the user.cred file used during installation.
  • D. Delete the psmpparms file you used during installation.

正解:C、D

解説:
Following the installation of the PSM for SSH server, certain security and cleanup tasks are crucial to secure the environment and eliminate potential vulnerabilities:
Delete the user.cred file used during installation (A): The user.cred file contains sensitive credential information used during the installation process. Deleting this file post-installation ensures that this sensitive data is not left accessible on the system, mitigating the risk of unauthorized access.
Delete the psmpparms file you used during installation (C): Similar to the user.cred file, the psmpparms file often contains parameters that might include sensitive configuration details. Removing this file after the installation process is completed helps in securing the server by removing potential leakage points of sensitive information.
These actions are part of best practices to secure the installation environment and reduce the risk of sensitive information exposure.


質問 # 31
Which tool configures the user object that will be used during the installation of the PSM for SSH component?

  • A. ConfigureUserPass
  • B. CreateUserPass
  • C. CreateCredFile
  • D. ConfigureCredFile

正解:C

解説:
The tool used to configure the user object for the installation of the PSM for SSH component is CreateCredFile. This tool is responsible for creating a credentials file that stores the necessary user details required during the installation process, ensuring secure and correct authentication.
Reference:
CyberArk Privilege Cloud Introduction


質問 # 32
Refer to the exhibit.
You set up your LDAP Directory in CyberArk Identity, but encountered an error during the connection test.
Which scenarios could represent a valid misconfiguration? (Choose 2.)

  • A. TCP Port 636 could be blocked by a network firewall, preventing communication between the CyberArk Identity Connector and the LDAP Server.
  • B. All required CA Certificates have been installed on the CyberArk Identity Connector but the LDAP Bind credentials provided are incorrect.
  • C. Verify Server Certificate' is activated but the provided hostname is not listed as a Subject Alternative Name (SAN) in the LDAP server's certificate.
  • D. TCP Port 636 could be blocked by a network firewall, preventing communication between the Secure Tunnel and the LDAP Server.

正解:A、C

解説:
From the error message provided, two likely scenarios could represent valid misconfigurations:
TCP Port 636 could be blocked by a network firewall, preventing communication between the CyberArk Identity Connector and the LDAP Server (A). This is a common issue where firewall settings prevent the secure communication port (typically 636 for LDAPS) from transmitting data between the server and the connector, thus blocking the connection attempt.
'Verify Server Certificate' is activated but the provided hostname is not listed as a Subject Alternative Name (SAN) in the LDAP server's certificate (C). This scenario occurs when SSL/TLS security measures are stringent, requiring that the hostname used to connect to the LDAP server must match one listed in the server's SSL certificate. If the hostname does not match, the connection will fail due to SSL certificate validation errors.


質問 # 33
You have been tasked with deploying a Privilege Cloud PSM for SSH connector When the initial installation has successfully completed, you create and permission several maintenance users to be used for administering the connector.
Which configuration file must be updated to define these maintenance users?

  • A. basic_psmpserver.conf
  • B. sshd_config
  • C. sshd.config
  • D. psmpparms

正解:B

解説:
The sshd_config file is the correct configuration file that must be updated to define maintenance users for administering the Privilege Cloud PSM for SSH connector. This file contains configurations for the SSH daemon, including user permissions and group settings. When adding maintenance users, their user accounts are created on the PSM server, and then they are added to the AllowGroups parameter within the sshd_config file to grant them the necessary permissions.
Reference:
CyberArk documentation on the PSM for SSH environment1.
CyberArk Sentry guide on how to add maintenance users for SSH PSM
When deploying a Privilege Cloud PSM for SSH connector, the configuration file that must be updated to define maintenance users is "sshd_config". This file is used to configure options specific to the SSH daemon, which includes user permissions, authentication methods, and other security-related settings. To add and configure maintenance users for the PSM for SSH, you will need to modify this file to specify allowed users and their respective privileges.


質問 # 34
Arrange the steps to install passive CPM using Connector Management in the correct sequence

正解:

解説:

1 - Run the Connector Management Connector installer.
2 - When prompted to select the components to install, select CPM.
3 - When prompted to select the CPM mode, select Passive.
4 - Install the CPM and optionally PSM, if required.


質問 # 35
Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM. Which file should you update to allow this to run?

  • A. PSMAppConfig.xml
  • B. PSMConfigureAppLocker.xml
  • C. PSMHardening.xml
  • D. PSMConfigureHardening xml

正解:B

解説:
To allow a PSM Universal Connector executable to run on the PSM after the hardening process, you should update the PSMConfigureAppLocker.xml file. This file configures AppLocker, which is a feature that controls which apps and files users can run on a system. Including the necessary executable in the PSMConfigureAppLocker.xml ensures it is whitelisted by AppLocker policies, thus permitted to execute even under the hardened security settings of the PSM environment. Reference to this configuration can be found in the CyberArk Privilege Session Manager implementation documentation, specifically in sections detailing customization and security hardening of environment configurations.


質問 # 36
You are implementing LDAPS Integration for a standard Privilege Cloud environment.
Which information must be provided to the CyberArk Privilege Cloud support team through a Service Request? (Choose 2.)

  • A. Fully Qualified Domain Name and IP Address of the domain controllers to be integrated
  • B. LDAP bind username and password used to authenticate to the directory to be integrated C Domain Base Context used to locate the users and groups in the Active Directory to be integrated
  • C. LDAPS certificate chain for all domain controllers to be integrated
  • D. remote port set during secure tunnel configuration for each domain controller to be integrated

正解:A、C


質問 # 37
To disable the PSM default Support for Browser Sessions, which option should be set to 'No* before running Hardening?

  • A. SupportWebApplications
  • B. SupportHTML5Content
  • C. SupportBrowsers
  • D. SupportWebBrowsers

正解:C

解説:
To disable the PSM default support for browser sessions, the option SupportBrowsers should be set to 'No' before running the hardening process. This configuration change is made within the PSM's configuration files, typically found in the PSM's administrative interface or directly within specific XML configuration files like PSMHardening.xml. Setting this option to 'No' prevents the PSM from processing session requests that involve web browsers, thereby enhancing security by limiting the session types the PSM will support. This setting is particularly important in environments where web browsing sessions are deemed unnecessary or too risky.


質問 # 38
How should you configure PSM for SSH to support load balancing?

  • A. in PVWA > Options > PSM for SSH Proxy > Servers
  • B. by editing sshd.config on the all the PSM for SSH servers
  • C. in PVWA > Options > PSM for SSH Proxy > Servers > VIP
  • D. by using a network load balancer

正解:D

解説:
To support load balancing for PSM for SSH, the configuration should be done by using a network load balancer. This method involves placing a network load balancer in front of multiple PSM for SSH servers to distribute incoming SSH traffic evenly among them. This setup enhances the availability and scalability of PSM for SSH by ensuring that no single server becomes a bottleneck, thereby improving performance and reliability during high usage scenarios.


質問 # 39
According to best practice, when considering the location of PSM Connector servers in Privilege Cloud environments, where should the PSM be placed?

  • A. near the CPM servers
  • B. near the Users
  • C. near the Vault (closer to the external internet connection)
  • D. near the target devices

正解:D

解説:
According to best practice, when considering the location of PSM Connector servers in Privilege Cloud environments, the PSM should be placed near the target devices. This placement minimizes latency and maximizes performance by reducing the distance that data has to travel between the PSM servers and the devices they are managing. This is particularly important for maintaining high efficiency and response times during remote session management and operations, which are critical for the overall effectiveness of the Privilege Cloud environment.


質問 # 40
Which statement is correct about using the AllowedSafes platform parameter?

  • A. It allows the CPM to access PSM safes to monitor platform configuration and connection component changes.
  • B. It allows users to access accounts in specific safes.
  • C. It prevents the CPM from scanning all safes, restricting it to scan only safes that match the AllowedSafes configuration.
  • D. It prevents the CPM from processing pending items in the Discovery safes enforcing manual intervention to complete the onboarding process.

正解:C

解説:
The correct statement about using the AllowedSafes platform parameter is that it prevents the Central Policy Manager (CPM) from scanning all safes, restricting it to scan only safes that match the AllowedSafes configuration. This parameter is crucial in large-scale deployments where efficiency and resource management are key. By specifying which safes the CPM should manage, unnecessary scanning of irrelevant safes is avoided, thus optimizing the CPM's performance and reducing the load on the CyberArk environment. This configuration can be found in the platform management section of the CyberArk documentation.


質問 # 41
You are planning to configure Multi-Factor Authentication (MFA) for your CyberArk Privilege Cloud Shared Service. What are the available authentication methods?

  • A. Privilege Cloud Shared Services fully utilize CyberArk Identity and its MFA options.
  • B. LDAR RADIUS. SAML OpenID Connect (OIDC)
  • C. Only RADIUS can be used to achieve MFA across all components, such as PSM for RDP and PSM for SSH.
  • D. Windows. PKI. RADIUS. CyberArk, LDAP. SAML. OpenID Connect (OIDC)

正解:D

解説:
In CyberArk Privilege Cloud, Multi-Factor Authentication (MFA) can be configured to enhance security by requiring multiple methods of authentication from independent categories of credentials to verify the user's identity. The available authentication methods include:
Windows Authentication: Leverages the user's Windows credentials.
PKI (Public Key Infrastructure): Utilizes certificates to authenticate.
RADIUS (Remote Authentication Dial-In User Service): A networking protocol that provides centralized Authentication, Authorization, and Accounting management.
CyberArk: Uses CyberArk's own authentication methods.
LDAP (Lightweight Directory Access Protocol): Protocol for accessing and maintaining distributed directory information services.
SAML (Security Assertion Markup Language): An open standard that allows identity providers to pass authorization credentials to service providers.
OpenID Connect (OIDC): An authentication layer on top of OAuth 2.0, an authorization framework.
Reference for this can be found in the CyberArk Privilege Cloud documentation, which details the integration and setup of MFA using these methods.


質問 # 42
You plan to install Privilege Cloud Connectors on your AWS and Azure environments.
What is the maximum number of concurrent RDP/SSH sessions that each connector can handle for Large Implementations?

  • A. 1-10
  • B. 31-60
  • C. 0
  • D. 1

正解:B

解説:
For large implementations of CyberArk Privilege Cloud Connectors in AWS and Azure environments, each connector can handle between 31-60 concurrent RDP/SSH sessions. This capacity is specified in the CyberArk documentation concerning Privilege Cloud Connectors and their scalability options. It is designed to support a higher volume of concurrent sessions to meet the needs of larger enterprise environments, ensuring that multiple users can securely access resources without significant performance degradation.


質問 # 43
On Privilege Cloud, what can you use to update users' Permissions on Safes? (Choose 2.)

  • A. REST API
  • B. PrivateArk Client
  • C. Privilege Cloud Portal
  • D. PTA
  • E. PACLI

正解:A、C

解説:
On CyberArk Privilege Cloud, updating users' permissions on safes can be done through the Privilege Cloud Portal and the REST API. The Privilege Cloud Portal provides a user-friendly graphical interface where administrators can manage user permissions directly within the portal's safe management settings. Additionally, the REST API offers a programmable way to automate permission updates across safes, which is especially useful for bulk changes or integrating with other management tools. Both methods provide effective means to manage and customize access controls in a CyberArk environment, allowing for detailed permission settings per user on specific safes.


質問 # 44
Which statement is correct regarding the LDAP integration with CyberArk Privilege Cloud Standard?

  • A. You must track the expiration date of the directory server certificate and contact CyberArk Support to renew it.
  • B. For certificate trust to your directory server, only the Issuing CA certificate is required.
  • C. LDAPS integration with Privilege Cloud requires StartTLS for secure and encrypted communication.
  • D. The top-level domain entry of the directory must be unique in the chosen Privilege Cloud region.

正解:B

解説:
For LDAP integration with CyberArk Privilege Cloud Standard, the correct statement is that only the Issuing CA certificate is required for certificate trust to your directory server. This setup simplifies the process of establishing a trusted connection between CyberArk and the LDAP server by necessitating only the certification of the issuing Certificate Authority (CA), rather than needing multiple certificates from different levels of the trust chain. This approach ensures that the SSL/TLS communication between CyberArk and the LDAP server is secured based on the trust of the issuing CA's certificate.


質問 # 45
Which option correctly describes the authentication differences between CyberArk Privilege Cloud and CyberArk PAM Self-Hosted?

  • A. CyberArk Privilege Cloud only provides a username and password authentication without third-party IdP integration; CyberArk PAM Self-Hosted uses traditional on-premises methods such as Windows and LDAP. but lacks modern protocols such as SAML or OIDC.
  • B. CyberArk Privilege Cloud requires on-premises components for all authentication and does not support other cloud-based authentication protocols; CyberArk PAM Self-Hosted offers a wide array of methods, including support for SAML. OIDC. and other modern protocols, without needing on-premises components.
  • C. Both use the same authentication methods.
  • D. CyberArk Privilege Cloud uses cloud-based methods, integrating with CyberArk Identity for MFA. and supports SAML and OIDC; CyberArk PAM Self-Hosted depends on on-premises methods such as RADIUS and LDAP, but can adopt SAML or OIDC with additional setups.

正解:D

解説:
The correct description of the authentication differences between CyberArk Privilege Cloud and CyberArk PAM Self-Hosted is that CyberArk Privilege Cloud uses cloud-based methods, integrating with CyberArk Identity for Multi-Factor Authentication (MFA), and supports SAML and OIDC, while CyberArk PAM Self-Hosted relies on on-premises methods such as RADIUS and LDAP, but can adopt SAML or OIDC with additional setups. CyberArk Privilege Cloud is designed to leverage modern cloud-based authentication protocols to enhance security and ease of use, particularly in distributed and diverse IT environments. In contrast, CyberArk PAM Self-Hosted offers flexibility to use traditional on-premises authentication methods but also supports modern protocols if configured to do so.


質問 # 46
......

CPC-SENプレミアム試験エンジンPDFをダウンロード:https://jp.fast2test.com/CPC-SEN-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어