Free Practice Questions for CyberArk CPC-CDE-RECERT Exam

https://docs.cyberark.com/pam-self-hosted/latest/en/content/pas%20inst/install_psm_harden.htm#HardenInDomaindeployments

The error message "CACPM410E Ending password policy Prod-AIX-Root-Accounts since the reconciliation task is active but the AllowedSafes parameter was not updated" suggests an issue with configuration parameters. The likely cause is:

The AllowedSafes parameter does not include the safe containing the reconciliation account defined in the Platform (Option C). This parameter must accurately reflect all safes where the reconciliation account operates to ensure proper management and access by the Central Policy Manager (CPM). If the safe containing the reconciliation account is not listed, the CPM cannot perform its tasks, leading to this error.

CyberArk explicitly states that you must move PSM application users (PSMConnect/PSMAdminConnect) to domain users on Windows 2019/2022 when:

you are using RDS CAL per-user licensing, and

you want to extend PSM sessions beyond one hour.

The tool used to configure the user object for the installation of the PSM for SSH component is CreateCredFile. This tool is responsible for creating a credentials file that stores the necessary user details required during the installation process, ensuring secure and correct authentication.

In the Shared Services model, MFA enforcement is done in CyberArk Identity / Identity Administration using Core Services > Policies:

To enforce MFA broadly, CyberArk documents configuring MFA for all users by enabling authentication policy controls and creating/assigning an authentication profile (the mechanisms/challenges).

To require users to set up MFA factors, CyberArk documents the setting under User Security Policies > User Account Settings where you specify the minimum number of authentication factors users must configure upon login.

Option B is the only choice that correctly points you to the right place and activity (Identity Administration Policies to configure authentication/MFA requirements and enrollment requirements).

In a PSM Load Balanced Virtual Server Configuration, the default service ports/protocols used are RDP/3389 and HTTPS/443. RDP (Remote Desktop Protocol) typically uses port 3389 for remote desktop services, which is essential for PSM functionalities involving remote sessions. HTTPS, which utilizes port 443, is used for the PSM Health Check service to ensure secure and encrypted communication during the monitoring and health verification processes of the PSM services.

CyberArk documents that the health check service returns HTTP 200 (OK) when the PSM service is healthy, and returns 503 (Service unavailable) when it is not healthy (in code-based behavior).

The default authentication profile to access CyberArk Identity is typically the Default New Device Login Profile. This profile is used to manage the authentication settings and security measures for devices accessing CyberArk services for the first time. It includes configurations such as authentication methods, security checks, and compliance requirements, ensuring that new devices meet the organization’s security standards before gaining access.

To map LDAP users from both your customer and the smaller organization they have merged with, especially when there is no network connectivity between the two infrastructures, the best approach is to:

Deploy Identity Connectors in the newly acquired infrastructure and create user mappings (Option C). This involves setting up additional Identity Connectors within the smaller organization’s network. These connectors will facilitate the integration of user directories from both organizations into the customer’s Privilege Cloud environment.