Free Practice Questions for CyberArk CPC-CDE-RECERT Exam

The correct statement about using the AllowedSafes platform parameter is that it prevents the Central Policy Manager (CPM) from scanning all safes, restricting it to scan only safes that match the AllowedSafes configuration. This parameter is crucial in large-scale deployments where efficiency and resource management are key. By specifying which safes the CPM should manage, unnecessary scanning of irrelevant safes is avoided, thus optimizing the CPM's performance and reducing the load on the CyberArk environment. This configuration can be found in the platform management section of the CyberArk documentation.

The basic network requirements to deploy a CyberArk Privilege Management Central Policy Manager (CPM) server include Port 1858 to the Privilege Cloud Vault service backend and Port 443 to the Privilege Cloud Portal. Port 1858 is necessary for communication with the CyberArk Vault, facilitating essential interactions like password retrieval and updates. Port 443 is required for secure web traffic to and from the Privilege Cloud Portal, ensuring that all management tasks performed through the web interface are secure and encrypted. These ports must be properly configured to allow for the efficient and secure operation of the CPM within the Privilege Cloud infrastructure.

For LDAP integration with CyberArk Privilege Cloud Standard, the correct statement is that only the Issuing CA certificate is required for certificate trust to your directory server. This setup simplifies the process of establishing a trusted connection between CyberArk and the LDAP server by necessitating only the certification of the issuing Certificate Authority (CA), rather than needing multiple certificates from different levels of the trust chain. This approach ensures that the SSL/TLS communication between CyberArk and the LDAP server is secured based on the trust of the issuing CA’s certificate.

CyberArk states that a Safe can be deleted only after its contents are deleted permanently, and (critically) objects are only deleted permanently after their retention/versions retention has passed. In the Privilege Cloud Safe management documentation, it notes that accounts are deleted permanently only after their retention period has passed, which is why deletion can be blocked by “non-expired” objects.

The underlying Vault/PACLI behavior is also explicit: “It is only possible to delete a Safe after the version retention period has expired for all files contained in the Safe.”

So, beyond deleting the content, the version retention period must have expired for all files → B.

CyberArk’s platform configuration guidance explicitly shows the navigation path to this parameter:

Edit the platform → Expand “Automatic Password Management” → select “General” → set “AllowedSafes”.

In other words, AllowedSafes is located under Automatic Password Management > General, which matches option C.

https://docs.cyberark.com/pam-self-hosted/14.0/en/content/pas%20inst/following-installation-of-psmp.htm

CyberArk defines MaxConcurrentConnections as: “The maximum number of connections that can be opened between the Central Policy Manager and the remote machine where the passwords are replaced.”

That is exactly option A.

For customers using CyberArk Privilege Cloud Shared Services, the correct format for the CyberArk Vault address is:

vault-<subdomain>.privilegecloud.cyberark.cloud (Option B). This format is used to access the vault services provided by CyberArk in the cloud environment, where <subdomain> is the unique identifier assigned to the customer’s specific instance of the Privilege Cloud.

https://docs.cyberark.com/privilege-cloud-standard/latest/en/content/privilege%20cloud/privcloud-sys-req-networks.htm