Which 2FA/MFA options can be used if users cannot use their mobile device? (Choose two.)
AFIDO2
BSecurity questions
COAUTH2
DQR code
EPush notification app
A user's account information required for multi-factor authentication is not set up properly and is preventing the user from logging in.
What should you do?
AUse the MFA Unlock command in the Admin Portal to suspend multifactor authentication for 10 minutes.
BDelete the user's account and create a new one.
CAsk the user to delete all browser cookies, then try again.
DChange the user's directory source from Active Directory to LDAP for authentication.
Which statement is correct about the CyberArk Identity Windows Device Trust enrollment process?
AAn enrollment code is optional.
BThe endpoint does not need to be a domain-joined machine.
CYou can define the maximum number of joinable endpoints.
DYou can define the minimum number of joinable endpoints.
DRAG DROP -
A user wants to install the CyberArk Identity mobile app by using a QR code.
Arrange the steps to do this in the correct sequence.
Question 6
Access Automation
0
Question 7
Advanced Workflows
Question 8
Access Discovery
Question 9
Access Certification
Question 10
Access Certification
Question 11
Access Automation
Question 12
Access Automation
Question 13
Access Discovery
Question 14
Access Automation
Question 15
Access Certification
Question 16
Advanced Workflows
Question 17
Access Discovery
Question 18
Access Certification
Question 19
Advanced Workflows
Question 20
Access Certification
Question 21
Access Certification
Question 22
Analysis and Reporting
Question 23
Access Discovery
Question 24
Access Certification
Question 25
Access Discovery
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
ACME Corporation employees access critical business web applications through CyberArk Identity. You notice a constant high volume of unauthorized traffic from 103.1.200.0/24 trying to gain access to the CyberArk Identity portal. Access to the CyberArk Identity portal is time sensitive. ACME decides to enforce IP restrictions to reduce vulnerability.
Which configuration can help achieve this?
ALog in to the CyberArk Identity Admin portal and define the IP range of 103.1.200.0/24 into the ACME Corporation IP range.
BLog in to the CyberArk Identity Admin portal and define the IP range of 103.1.200.0/24 into the blocked IP range.
CImplement device trust through the Windows Cloud Agent.
DImplement zero trust through the App Gateway.
Refer to the exhibit.
Which statements are correct regarding this Authentication Policy? (Choose two.)
AUsers will still be asked for their MFA even if they mistyped their username.
BIf users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.
CUsers will not be notified which challenge they failed if their login attempt failed.
DIf users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.
EIf the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".
An organization previously allowed users to add their personal apps on the Identity User Portal. This will soon be disabled due to policy changes.
What is the impact to the users for personal apps previously added to the User Portal?
AThey will continue to function normally; however, users cannot add new apps.
BThey will continue to display on the Apps screen and user devices; however, they will be greyed out and unavailable for any form of interaction.
CThey will be deleted from the Apps screen and user devices.
DThey will continue to display on the Apps screen and user devices; however, an error message will display when users try to open the application.
Refer to the exhibit.
Within the "Allow user notifications on multiple devices", if you leave the setting as Default (--), what happens if a user triggers a MFA Push notification and has enrolled three different devices?
AThe push notification will be sent to none of the enrolled devices.
BThe push notification will be sent to the first enrolled device only.
CThe push notification will be sent to all enrolled devices.
DThe push notification will be sent to the last enrolled device only.
Which protocols can CyberArk provide MFA for VPN? (Choose two.)
ASAML
BRADIUS
CIMAP
DTACACS
ELDAP
DRAG DROP -
Your organization wants to automatically create user accounts with different Salesforce licenses (e.g., Salesforce, Identity, Chatter External).
In CyberArk Identity, arrange the steps to achieve this in the correct sequence.
Which device enrollment settings are valid? (Choose two.)
ASend notification on device enrollment
BEnable invite based enrollment
CMinimum number of devices a user can enroll
DReassign the device to another user
EPermanently delete device
What is considered an "Identity Provider Initiated" login to an application?
AAfter signing in to the CyberArk Identity portal, a user launches a SAML app by clicking an app tile.
BAfter visiting a third-party web app, a user is redirected to CyberArk Identity for authentication.
CA user visits a third party web app directly and signs in with local credentials.
DA user signs in to the CyberArk Identity portal and takes a screenshot of the portal to send to IT.
CyberArk Identity's App Gateway can be used to protect and access which option?
Aon-premises Oracle web app
Bcloud-hosted Salesforce environment
Ca corporate laptop
Da web browser
Which predefined roles does CyberArk Identity provide?
ASystem Administrator and Everybody
BManage Users and Everybody
CSystem Administrator and Business Users
DManage Users and Business Users
When configuring an application to use the App Gateway, you do not have to change any configurations in the application directly. You enable the application for App Gateway access in the Admin Portal and input the existing URL that users enter to open the application. You can either use an external URL that CyberArk Identity automatically generates, or you can continue using an existing internal URL.
What is a disadvantage of using an existing internal URL for App Gateway connections?
AExisting links and bookmarks do not work outside of the corporate network.
BUsers must use different URLs depending on whether they access the application internally or externally.
CMore configuration is needed because you must upload the URL certificate and private key, and edit DNS settings.
DUsers must use the same URLs regardless of whether they access the application internally or externally and this may confuse them.
What does the CyberArk Identity App Gateway work with? (Choose three.)
ASAML-Compliant Apps
BWS-Fed Enabled Apps
COIDC Web Apps
DThick Client (non-web-based Apps)
ETerminal Services
FTelnet
Which 2FA/MFA options can fulfill the "Something you are" requirement? (Choose two.)
Aemail
BCyberArk Identity mobile app
CFIDO2
Dphone call
Esecurity questions
Your team is deploying endpoint authentication onto the corporate endpoints within an organization. Enrollment details include when the enrollment must be completed, and the enrollment code was sent out to the users. Enrollment can be performed in the office or remotely (without the assistance of an IT support engineer). You received feedback that many users are unable to enroll into the system using the enrollment code.
What can you do to resolve this? (Choose two.)
ASet maximum number of joinable endpoints to "unlimited".
BSet Expiry Date to "Never".
CSet the IP Address range to the user's' home network range.
DSet a description within the enrollment code.
EReinstall Windows Device Trust.
Which options are available with Self-Service Password Reset? (Choose three.)
AEnable users with Active Directory accounts who have forgotten their password to log in and reset it.
BPerform Self-Service Password Reset for the Organization's corporate accounts, such as Twitter, Facebook, or Instagram.
CUsers must log in after a password reset.
DA maximum number of times can be specified that users can reset their password within a specific timeframe.
EUsers must respond to a CAPTCHA before resetting their password.
FUse Helpdesk Caller Identity (Identity Verification) to confirm user identity.
When can 2FA/MFA be prompted? (Choose two.)
Awhen clicking on an app tile while in the User Portal
Bafter clicking on the Forgot Your Password link
Cwhen making changes to a policy while in the Admin Portal
Dwhen exporting a compliance report while in the Admin Portal
Ewhen adding a new web app
What is the purpose of the Infinite Apps feature offered by CyberArk Identity?
AIt provides an easy way to find all the SAML-enabled apps that exist online.
BIt automatically downloads the desktop version of all your web apps.
CIt provides the ability to launch apps in any web browser.
DIf facilitates adding User-Password web apps not in the CyberArk Identity App Catalog.
Which statement is true about the app gateway?
AFor applications that use the App Gateway, the connection from the user travels the same network pathways you already have and CyberArk Identity connects to the CyberArk Identity Connector through the firewall.
BFor applications that use the App Gateway, the connection from the user travels different network pathways and CyberArk Identity connects to the CyberArk Identity Connector through a separate connection from the firewall.
COn the App Gateway page, you can configure the application to enable users to access it if they are logging in from an external location.
DApp gateway supports on-premises apps and web applications running on HTTPS only.
When a user enrolls a mobile device (iOS or Android) without enabling mobile device management, what happens? (Choose three.)
AThe device is added to the Endpoints page in the Admin and User portals.
BThe web applications assigned to the user are added to the Web Apps screen in the CyberArk Identity mobile app.
CThe associated mobile applications are added and available for deployment automatically.
DThe mobile device policies defined in the CyberArk Cloud Directory policy service policy set are installed.
EThe device's model name, serial number, OS number, and Network Carrier information will be uploaded to the Identity portal.
FThe mobile phone can now be used as a MFA Authentication Factor.
As part of compliance regulation, ACME Corporation is enforcing MFA for its critical business web-based application. To increase security and MFA compliance, CyberArk recommends selecting mechanisms from different categories. Within the authentication policy, ACME Corporation made the requirement to configure an authentication mechanism with "Something you know".
Which authentication mechanism meets this requirement?
