When deploying EPM and in the Privilege Management phase what is the purpose of Discovery?
ATo identify all non-administrative eventsВ. To identify all administrative level events
CTo identify both administrative and non-administrative level events
DTo identify non-administrative threats
How does a Trusted Source policy affect an application?
AApplications will be allowed to run and will only elevate if required.
BApplications will be allowed to run and will inherit the process token from the EPM agent.
CApplications will be allowed to run always in elevated mode.
DApplication from the defined trusted sources must be configured on a per applicationbasis, in order to define run and elevation parameters.
If Privilege Management is not working on an endpoint, what is the most likely cause that can be verified in the EPM Agent Log Files?
ABehavior of the elevation prompt for administrators in Admin Approval Mode is set to “Prompt for Consent for non-Windows binaries”.
BAgent version is incompatible.
CUAC policy Admin Approval for the Built-in Administrator Account is set to “Disabled”.
DUAC policy Run all administrators in Admin Approval Mode is set to “Enabled”.
An EPM Administrator would like to include a particular file extension to be monitored and protected under Ransomware Protection. What setting should the EPM Administrator configure to add the extension?
AAuthorized Applications (Ransomware Protection)
BFiles to be Ignored Always
CAnti-tampering Protection
DDefault Policies
Question 6
Policy Audit and Compliance
0
Question 7
Least Privilege Enforcement
Question 8
Policy Audit and Compliance
Question 9
Policy Audit and Compliance
Question 10
Local Administrator Rights Removal
Question 11
Ransomware Protection
Question 12
Least Privilege Enforcement
Question 13
Ransomware Protection
Question 14
Ransomware Protection
Question 15
Least Privilege Enforcement
Question 16
Least Privilege Enforcement
Question 17
Policy Audit and Compliance
Question 18
Ransomware Protection
Question 19
Ransomware Protection
Question 20
Ransomware Protection
Question 21
Policy Audit and Compliance
Question 22
Ransomware Protection
Question 23
Least Privilege Enforcement
Question 24
Ransomware Protection
Question 25
Policy Audit and Compliance
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
When working with credential rotation at the EPM level, what is the minimum time period that can be set between connections?
A1 hour
B5 hours
C24 hours
D72 hours
An EPM Administrator needs to create a policy to allow the MacOS developers elevation to an application. What type of policy should be used?
AElevate Application Group
BDeveloper Applications Application Group
CElevate Trusted Applications If Necessary Advanced Policy
DElevate MacOS Policy
Which setting in the agent configuration controls how often the agent sends events to the EPM Server?
AEvent Queue Flush Period
BHeartbeat Timeout
CCondition Timeout
DPolicy Update Rate
Which of the following application options can be used when defining trusted sources?
Which of the following is CyberArk's Recommended FIRST roll out strategy?
AImplement Application Control
BImplement Privilege Management
CImplement Threat Detection
DImplement Ransomware Protection
Where can you view CyberArk EPM Credential Lures events?
AApplication Catalog
BThreat Protection Inbox
CEvents Management
DPolicy Audit
CyberArk's Privilege Threat Protection policies are available for which Operating Systems? (Choose two.)
AWindows Workstations
BWindows Servers
CMacOS
DLinux
An EPM Administrator would like to enable CyberArk EPM's Ransomware Protection in Restrict mode. What should the EPM Administrator do?
ASet Block unhandled applications to On.
BSet Protect Against Ransomware to Restrict.
CSet Protect Against Ransomware to Restrict and Set Block unhandled applications to On.
DSet Control unhandled applications to Detect.
An EPM Administrator would like to enable a Threat Protection policy, however, the policy protects an application that is not installed on all endpoints.
What should the EPM Administrator do?
AEnable the Threat Protection policy and configure the Policy Targets.
BDo not enable the Threat Protection policy.
CEnable the Threat Protection policy only in Detect mode.
DSplit up the endpoints in to separate Sets and enable Threat Protection for only one of the Sets.
A company is looking to manage their Windows Servers and Desktops with CyberArk EPM. Management would like to define different default policies between the Windows Servers and Windows Desktops.
What should the EPM Administrator do?
AIn the Default Policies, exclude either the Windows Servers or the Windows Desktops.
BCreate Advanced Policies to apply different policies between Windows Servers and Windows Desktops.
CCyberArk does not recommend installing EPM Agents on Windows Servers.
DCreate a separate Set for Windows Servers and Windows Desktops.
A particular user in company ABC requires the ability to run any application with administrative privileges every day that they log in to their systems for a total duration of 5 working days.
What is the correct solution that an EPM admin can implement?
AAn EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours
BAn EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours and Terminate administrative processes when the policy expires option unchecked
CAn EPM admin can create an authorization token for each application needed by running: EPMOPAGtool.exe -command gentoken -targetUser <username> -filehash <file hash> -timeLimit 120 -action run
DAn EPM admin can create a secure token for the end user's computer and instruct the end user to open an administrative command prompt and run the command vfagent.exe -UseToken <securetoken_value>
What can you manage by using User Policies?
AJust-In-Time endpoint access and elevation, access to removable drives, and Services access.
BAccess to Windows Services only.
CFilesystem and registry access, access to removable drives, and Services access.
DJust-In-Time endpoint access and elevation, access to removable drives, filesystem and registry access, Services access, and User account control monitoring.
Select the default threat intelligence source that requires additional licensing.
AVirusTotal
BPalo Alto WildFire
CCyberArk Application Risk Analysis Service
DNSRL
Which EPM reporting tool provides a comprehensive view of threat detection activity?
AThreat Detection Dashboard
BDetected Threats
CThreat Detection Events
DMcAfee ePO Reports
What is a valid step to investigate an EPM agent that is unable to connect to the EPM server?
AOn the end point, open a browser session to the URL of the EPM server.
BPing the endpoint from the EPM server.
CPing the server from the endpoint.
DRestart the end point
Which programming interface enables you to perform activities on EPM objects via a REST Web Service?
AEPM Web Services SDK
BApplication Password SDK
CMac Credential Provider SDK
DJava password SDK
When enabling Threat Protection policies, what should an EPM Administrator consider? (Choose two.)
ASome Threat Protection policies are applicable only for Windows Servers as opposed to Workstations.
BCertain Threat Protection policies apply for specific applications not found on all machines.
CThreat Protection policies requires an additional agent to be installed.
DThreat Protection features are not available in all regions.
When working with credential rotation/loosely connected devices, what additional CyberArk components are required?
APTA
BОРМ
CPVWA
DDAP
Before enabling Ransomware Protection, what should the EPM Administrator do first?
AEnable the Privilege Management Inbox in Elevate mode.
BEnable the Control Applications Downloaded From The Internet feature in Restrict mode.
CReview the Authorized Applications (Ransomware Protection) group and update if necessary.
DEnable Threat Protection and Threat Intelligence modules.
How does EPM help streamline security compliance and reporting?
AUse of automated distribution of reports to the security team
BProvides reports in standard formats such as PDF, Word and Excel
