Download CyberArk Endpoint Privilege Manager.EPM-DEF.ExamTopics.2025-12-27.124q.vcex

Vendor: CyberArk
Exam Code: EPM-DEF
Exam Name: CyberArk Endpoint Privilege Manager
Date: Dec 27, 2025
File Size: 646 KB
Downloads: 2
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator
ProfExam Discount

Demo Questions

Question 1
What is the main reason to use the custom user access token for Elevate policies?
  1. to provide more privileges of permissions for the user
  2. to implement a less strict set of permissions for the user
  3. to provide least privileges of permissions for the user
  4. to impersonate the user with another set of permissions
Correct answer: D
Question 2
What is default retention period for admin activities on the web console?
  1. 14 days
  2. 30 days
  3. 90 days
  4. 1 year
Correct answer: B
Question 3
Refer to the exhibit.
When editing an application policy, what does the "Find" button do?
  1. It opens all users and groups in EPM console
  2. It opens CyberArk Software to check if the connection with AD is working
  3. In the EPM admin utility, it opens a window to select users and group from AD or from the local endpoint
  4. In the EPM admin utility, it opens a page in the EPM console for you to select the users or group
Correct answer: C
Question 4
How many days after license expiration do EPM agents stop enforcing policies?
  1. 1
  2. 14
  3. 30
  4. 120
Correct answer: C
Question 5
When adding the EPM agent to a pre-existing security stack on workstation, what two steps are CyberArk recommendations. (Choose two.)
  1. Add any pre-existing security application to the Files to Be Ignored Always.
  2. Add EPM agent to the other security tools exclusions.
  3. EPM agent should never be run with any other security tools.
  4. Create new advanced policies for each security tool.
Correct answer: AB
Question 6
For the CyberArk EPM Threat Deception Credential Lure feature, what is the recommendation regarding the username creation?
  1. The username should match to an existing account.
  2. The username should have a strong password associated.
  3. The username should not match to an existing account.
  4. The username should match the built-in local Administrator.
Correct answer: C
Question 7
CyberArk EPM's Ransomware Protection comes with file types to be protected out of the box. If an EPM Administrator would like to remove a file type from Ransomware Protection, where can this be done?
  1. Policy Scope within Protect Against Ransomware
  2. Authorized Applications (Ransomware Protection) within Application Groups
  3. Set Security Permissions within Advanced Policies
  4. Protected Files within Agent Configurations
Correct answer: A
Question 8
When blocking applications, what is the recommended practice regarding the end-user UI?
  1. Show a block prompt for blocked applications.
  2. Show no prompts for blocked applications.
  3. Hide the CyberArk EPM Agent icon in the system tray.
  4. Enable the Default Deny policy.
Correct answer: A
Question 9
What is required to configure SAML authentication on EPM?
  1. OAuth token
  2. Signed Authentication Request
  3. Encrypted Assertion
  4. Signed SAML Response
Correct answer: B
Question 10
An EPM Administrator is looking to enable the Threat Deception feature, under what section should the EPM Administrator go to enable this feature?
  1. Threat Protection Inbox
  2. Policies
  3. Threat Intelligence
  4. Policy Audit
Correct answer: B
Question 11
A policy needs to be created to block particular applications for a specific user group. Based on CyberArk's policy naming best practices, what should be included in the policy's name?
  1. Policy creation date
  2. Target use group
  3. Creator of the policy
  4. The policy's Set name
Correct answer: B
Question 12
After a clean installation of the EPM agent, the local administrator password is not being changed on macOS and the old password can still be used to log in.
What is a possible cause?
  1. Secure Token on macOS endpoint is not enabled.
  2. EPM agent is not able to connect to the EPM server.
  3. After installation, Full Disk Access for the macOS agent to support EPM policies was not approved.
  4. Endpoint password policy is too restrictive.
Correct answer: A
Question 13
For Advanced Policies, what can the target operating system users be set to?
  1. Local or AD users and groups, Azure AD User, Azure AD Group
  2. AD Groups, Azure AD Groups
  3. Local or AD users and groups
  4. Local or AD users, Azure AD Users
Correct answer: C
Question 14
In EPM, creation of which user type is required to use SAML?
  1. Local CyberArk EPM User
  2. AD User
  3. SQL User
  4. Azure AD User
Correct answer: A
Question 15
What are the predefined application groups?
  1. Developer group, Administrator group
  2. Run as Administrator, Run as Developer, Block
  3. Elevate, Allow, Block, Developer Applications
  4. Block Only
Correct answer: C
Question 16
Which policy can be used to improve endpoint performance for applications commonly used for software development?
  1. Developer Applications
  2. Trusted Application
  3. Trusted Source
  4. Software Updater
Correct answer: B
Question 17
Where would an EPM admin configure an application policy that depends on a script returning true for an end user's machine being connected to an open (no password protection) Wi-Fi?
  1. Advanced Policy - Application Control - Check Wi-Fi security
  2. Advanced Policy - Options: Conditional enforcement - Apply Policy according to Script execution result
  3. Default policies - Check if network access is secure
  4. Advanced Policy - Access - Specify permissions to be set for Wi-Fi network security
Correct answer: B
Question 18
When deploying Ransomware Protection, what tasks should be considered before enabling this functionality? (Choose two.)
  1. Add trusted software to the Authorized Applications (Ransomware protection) Application Group
  2. Add trusted software to the Allow Application Group
  3. Add additional files, folders, and/or file extensions to be included to Ransomware Protection
  4. Enable Detect privileged unhandled applications under Default Policies
Correct answer: AC
Question 19
How does EPM help streamline security compliance and reporting?
  1. Use of automated distribution of reports to the security team
  2. Provides reports in standard formats such as PDF, Word and Excel
  3. Print reports
  4. Create custom reports
Correct answer: B
Question 20
Before enabling Ransomware Protection, what should the EPM Administrator do first?
  1. Enable the Privilege Management Inbox in Elevate mode.
  2. Enable the Control Applications Downloaded From The Internet feature in Restrict mode.
  3. Review the Authorized Applications (Ransomware Protection) group and update if necessary.
  4. Enable Threat Protection and Threat Intelligence modules.
Correct answer: C
Question 21
When working with credential rotation/loosely connected devices, what additional CyberArk components are required?
  1. PTA
  2. ОРМ
  3. PVWA
  4. DAP
Correct answer: C
Question 22
When enabling Threat Protection policies, what should an EPM Administrator consider? (Choose two.)
  1. Some Threat Protection policies are applicable only for Windows Servers as opposed to Workstations.
  2. Certain Threat Protection policies apply for specific applications not found on all machines.
  3. Threat Protection policies requires an additional agent to be installed.
  4. Threat Protection features are not available in all regions.
Correct answer: AB
Question 23
Which programming interface enables you to perform activities on EPM objects via a REST Web Service?
  1. EPM Web Services SDK
  2. Application Password SDK
  3. Mac Credential Provider SDK
  4. Java password SDK
Correct answer: A
Question 24
What is a valid step to investigate an EPM agent that is unable to connect to the EPM server?
  1. On the end point, open a browser session to the URL of the EPM server.
  2. Ping the endpoint from the EPM server.
  3. Ping the server from the endpoint.
  4. Restart the end point
Correct answer: C
Question 25
Which EPM reporting tool provides a comprehensive view of threat detection activity?
  1. Threat Detection Dashboard
  2. Detected Threats
  3. Threat Detection Events
  4. McAfee ePO Reports
Correct answer: A
Question 26
Select the default threat intelligence source that requires additional licensing.
  1. VirusTotal
  2. Palo Alto WildFire
  3. CyberArk Application Risk Analysis Service
  4. NSRL
Correct answer: B
Question 27
What can you manage by using User Policies?
  1. Just-In-Time endpoint access and elevation, access to removable drives, and Services access.
  2. Access to Windows Services only.
  3. Filesystem and registry access, access to removable drives, and Services access.
  4. Just-In-Time endpoint access and elevation, access to removable drives, filesystem and registry access, Services access, and User account control monitoring.
Correct answer: D
Question 28
A particular user in company ABC requires the ability to run any application with administrative privileges every day that they log in to their systems for a total duration of 5 working days.
What is the correct solution that an EPM admin can implement?
  1. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours
  2. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours and Terminate administrative processes when the policy expires option unchecked
  3. An EPM admin can create an authorization token for each application needed by running: EPMOPAGtool.exe -command gentoken -targetUser <username> -filehash <file hash> -timeLimit 120 -action run
  4. An EPM admin can create a secure token for the end user's computer and instruct the end user to open an administrative command prompt and run the command vfagent.exe -UseToken <securetoken_value>
Correct answer: B
Question 29
A company is looking to manage their Windows Servers and Desktops with CyberArk EPM. Management would like to define different default policies between the Windows Servers and Windows Desktops.
What should the EPM Administrator do?
  1. In the Default Policies, exclude either the Windows Servers or the Windows Desktops.
  2. Create Advanced Policies to apply different policies between Windows Servers and Windows Desktops.
  3. CyberArk does not recommend installing EPM Agents on Windows Servers.
  4. Create a separate Set for Windows Servers and Windows Desktops.
Correct answer: B
Question 30
An EPM Administrator would like to enable a Threat Protection policy, however, the policy protects an application that is not installed on all endpoints.
What should the EPM Administrator do?
  1. Enable the Threat Protection policy and configure the Policy Targets.
  2. Do not enable the Threat Protection policy.
  3. Enable the Threat Protection policy only in Detect mode.
  4. Split up the endpoints in to separate Sets and enable Threat Protection for only one of the Sets.
Correct answer: D
Question 31
An EPM Administrator would like to enable CyberArk EPM's Ransomware Protection in Restrict mode. What should the EPM Administrator do?
  1. Set Block unhandled applications to On.
  2. Set Protect Against Ransomware to Restrict.
  3. Set Protect Against Ransomware to Restrict and Set Block unhandled applications to On.
  4. Set Control unhandled applications to Detect.
Correct answer: C
Question 32
CyberArk's Privilege Threat Protection policies are available for which Operating Systems? (Choose two.)
  1. Windows Workstations
  2. Windows Servers
  3. MacOS
  4. Linux
Correct answer: AB
Question 33
Where can you view CyberArk EPM Credential Lures events?
  1. Application Catalog
  2. Threat Protection Inbox
  3. Events Management
  4. Policy Audit
Correct answer: B
Question 34
Which of the following is CyberArk's Recommended FIRST roll out strategy?
  1. Implement Application Control
  2. Implement Privilege Management
  3. Implement Threat Detection
  4. Implement Ransomware Protection
Correct answer: B
Question 35
Which of the following application options can be used when defining trusted sources?
  1. Publisher, Product, Size, URL
  2. Publisher, Name, Size, URI
  3. Product, URL, Machine, Package
  4. Product, Publisher, User/Group, Installation Package
Correct answer: D
Question 36
Which setting in the agent configuration controls how often the agent sends events to the EPM Server?
  1. Event Queue Flush Period
  2. Heartbeat Timeout
  3. Condition Timeout
  4. Policy Update Rate
Correct answer: A
Question 37
An EPM Administrator needs to create a policy to allow the MacOS developers elevation to an application. What type of policy should be used?
  1. Elevate Application Group
  2. Developer Applications Application Group
  3. Elevate Trusted Applications If Necessary Advanced Policy
  4. Elevate MacOS Policy
Correct answer: D
Question 38
When working with credential rotation at the EPM level, what is the minimum time period that can be set between connections?
  1. 1 hour
  2. 5 hours
  3. 24 hours
  4. 72 hours
Correct answer: B
Question 39
An EPM Administrator would like to include a particular file extension to be monitored and protected under Ransomware Protection. What setting should the EPM Administrator configure to add the extension?
  1. Authorized Applications (Ransomware Protection)
  2. Files to be Ignored Always
  3. Anti-tampering Protection
  4. Default Policies
Correct answer: A
Question 40
If Privilege Management is not working on an endpoint, what is the most likely cause that can be verified in the EPM Agent Log Files?
  1. Behavior of the elevation prompt for administrators in Admin Approval Mode is set to “Prompt for Consent for non-Windows binaries”.
  2. Agent version is incompatible.
  3. UAC policy Admin Approval for the Built-in Administrator Account is set to “Disabled”.
  4. UAC policy Run all administrators in Admin Approval Mode is set to “Enabled”.
Correct answer: D
Question 41
How does a Trusted Source policy affect an application?
  1. Applications will be allowed to run and will only elevate if required.
  2. Applications will be allowed to run and will inherit the process token from the EPM agent.
  3. Applications will be allowed to run always in elevated mode.
  4. Application from the defined trusted sources must be configured on a per applicationbasis, in order to define run and elevation parameters.
Correct answer: A
Question 42
When deploying EPM and in the Privilege Management phase what is the purpose of Discovery?
  1. To identify all non-administrative events
  2. To identify all administrative level events
  3. To identify both administrative and non-administrative level events
  4. To identify non-administrative threats
Correct answer: C
Question 43
Which user or group will not be removed as part of CyberArk EPM's Remove Local Administrators feature?
  1. Built-in Local Administrator
  2. Domain Users
  3. Admin Users
  4. Power Users
Correct answer: A
Question 44
What is the CyberArk recommended practice when deploying the EPM agent to non-persistent VDIs?
  1. A separate set
  2. a VDI advanced policy
  3. a separate license
  4. A separate computer group
Correct answer: A
Question 45
How does CyberArk EPM's Ransomware Protection feature monitor for Ransomware Attacks?
  1. It compares known ransomware signatures retrieved from virus databases.
  2. It sandboxes the suspected ransomware and applies heuristics.
  3. It monitors for any unauthorized access to specified files.
  4. It performs a lookup of file signatures against VirusTotal's database.
Correct answer: C
Question 46
On the Default Policies page, what are the names of policies that can be set as soon as EPM is deployed?
  1. Privilege Escalation, Privilege Management, Application Management
  2. Privilege Management, Application Control, Threat analysis
  3. Privilege Management, Threat Protection, Application Escalation Control
  4. Privilege Management, Privilege Threat Protection, Local Privileged Accounts Management
Correct answer: D
Question 47
What are valid policy options for JIT and elevation policies?
  1. Grant temporary access for all users, Policy name, Restart administrative processes in admin approval mode, Collect audit information
  2. Grant temporary access for, Policy name, Terminate administrative processes when the policy expires, Collect audit information
  3. Grant administrative access, Policy name, Log off to apply policy, Collect policy violation information
  4. Terminate administrative services, Grant policy access for, Policy name, Collect audit reports
Correct answer: B
Question 48
An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?
  1. In Agent Configurations, add the application to the Threat Protection Exclusions.
  2. Add the application to the Files to be Ignored Always in Agent Configurations.
  3. Exclude the application within the LSASS Credentials Harvesting module.
  4. Add the application to an Advanced Policy or Application Group with an Elevate policy action.
Correct answer: A
Question 49
If you want to diagnose agent EPM agent connectivity issues, what is the agent executable that can be used from the command line?
  1. vf_agent.exe
  2. epm_agent.exe
  3. vault_agent.exe
  4. db_agent.exe
Correct answer: A
Question 50
What unauthorized change can CyberArk EPM Ransomware Protection prevent?
  1. Windows Registry Keys
  2. Website Data
  3. Local Administrator Passwords
  4. Certificates in the Certificate Store
Correct answer: D
Question 51
An end user is reporting that an application that needs administrative rights is crashing when selecting a certain option menu item. The Application is part of an advanced elevate policy and is working correctly except when using that menu item.
What could be the EPM cause of the error?
  1. The Users defined in the advanced policy do not include the end user running the application.
  2. The Advanced: Time options are not set correctly to include the time that the user is running the application at.
  3. The Elevate Child Processes option is not enabled.
  4. The Specify permissions to be set for selected Services on End-user Computers is set to Allow Start/Stop
Correct answer: C
Question 52
What are Trusted sources for Windows endpoints used for?
  1. Creating policies that contain trusted sources of applications.
  2. Defining applications that can be used by the developers.
  3. Listing all the approved application to the end users.
  4. Managing groups added by recommendation.
Correct answer: C
Question 53
What feature is designed to exclude applications from CyberArk EPM's Ransomware Protection, without whitelisting the application launch?
  1. Trusted Sources
  2. Authorized Applications (Ransomware Protection)
  3. Threat Intelligence
  4. Policy Recommendations
Correct answer: B
Question 54
An EPM Administrator would like to notify end users whenever the Elevate policy is granting users elevation for their applications. Where should the EPM Administrator go to enable the end-user dialog?
  1. End-user UI in the left panel of the console
  2. Advanced, Agent Configurations
  3. Default Policies
  4. End-User UI within the policy
Correct answer: D
Question 55
A Helpdesk technician needs to provide remote assistance to a user whose laptop cannot connect to the Internet to pull EPM policies. What CyberArk EPM feature should the Helpdesk technician use to allow the user elevation capabilities?
  1. Offline Policy Authorization Generator
  2. Elevate Trusted Application If Necessary
  3. Just In Time Access and Elevation
  4. Loosely Connected Devices Credential Management
Correct answer: A
Question 56
What EPM component is responsible for communicating password changes in credential rotation?
  1. EPM Agent
  2. EPM Server
  3. EPM API
  4. EPM Discovery
Correct answer: A
Question 57
An end user is experiencing performance issues on their device after the EPM Agent had been installed on their machine. What should the EPM Administrator do first to help resolve the issue?
  1. Verify any 3rd party security solutions have been added to EPM's Files To Be Ignored Always configuration and CyberArk EPM has also been excluded from the 3rd party security solutions.
  2. Enable the Default Policy's Privilege Management Control, Unhandled Privileged Applications in Elevate mode.
  3. Rerun the agent installation on the user's machine to repair the installation.
  4. Uninstall or disable any anti-virus software prohibiting the EPM Agent functionalities.
Correct answer: D
Question 58
What are the policy targeting options available for a policy upon creation?
  1. AD Users and Groups, Computers in AD Security Groups, Servers
  2. Computers in this set, Computers in AD Security Groups, Users and Groups
  3. OS Computers, EPM Sets, AD Users
  4. EPM Sets, Computers in AD Security Groups, AD Users and AD Security Groups
Correct answer: D
Question 59
What type of user can be created from the Threat Deception LSASS Credential Lures feature?
  1. It does not create any users
  2. A standard user
  3. A local administrator user
  4. A domain admin user
Correct answer: C
Question 60
An EPM Administrator would like to exclude an application from all Threat Protection modules. Where should the EPM Administrator make this change?
  1. Privilege Threat Protection under Policies.
  2. Authorized Applications under Application Groups.
  3. Protect Against Ransomware under Default Policies.
  4. Threat Protection under Agent Configurations.
Correct answer: B
Question 61
Which threat intelligence source requires the suspect file to be sent externally?
  1. NSRL
  2. Palo Alto Wildfire
  3. VirusTotal
  4. CyberArk Application Risk Analysis Service (ARA)
Correct answer: B
Question 62
Can the EPM Set Administrator configure Audit Dialog Pop-ups for the Record Audit Video option?
  1. Yes, when Audit Video recording started, when Audit Video recording stopped, and when Audit Recording video reached size limit.
  2. Yes, when Audit Video recording started, when not enough disk space to start the video recording, and when video recording is initializing.
  3. Yes, when Audit Video recording started, when Audit Video recording is uploaded to the EPM server, and when audit recording cannot be initialized.
  4. No, Audit Video is only available without the possibility of having End-User dialog pop-ups.
Correct answer: B
Question 63
You need to upgrade Windows EPM agents when agent self-defense is enforced.
How can you accomplish this? (Choose two.)
  1. Upgrade the EPM Agent from the EPM management console.
  2. In Agent Configuration settings, disable agent self-defense and upgrade the agents through the EPM Management console or a software distribution tool.
  3. Deploy the MSI and include the secure token as a parameter in the MSI.
  4. Download the latest EPM Agent MSI and installation key and deploy the agent with a software distribution tool.
  5. Unzip the TAR file and run install.sh.
Correct answer: BC
Question 64
After how many days will events be removed from event management?
  1. 14
  2. 30
  3. 90
  4. 365
Correct answer: C
Question 65
As a help desk support team member, you are trying to scan specific computers to discover the applications installed on them.
Which statements about scans are correct? (Choose two.)
  1. Scans can be performed on a computer once every 24 hours.
  2. Folders can be scanned using the scan, EPM agent files, and components.
  3. Scans can be performed on computers that are currently being scanned.
  4. Scans cannot be performed on disconnected machines.
  5. Scans can be performed on disconnected machines.
Correct answer: BD
Question 66
After how many days is customer data, including backup data, deleted automatically after the expiration or termination of CyberArk EPM services or sets?
  1. 30
  2. 45
  3. 60
  4. 90
Correct answer: C
Question 67
Arrange the steps to implement Privilege Management in the correct sequence.
Correct answer: To work with this question, an Exam Simulator is required.
Question 68
Which action does CyberArk EPM execute for applications categorized as “Trusted Sources”?
  1. Block applications.
  2. Exclude from the CyberArk EPM policy enforcement.
  3. Always elevate the permissions of the applications.
  4. Elevate the permissions when required.
Correct answer: B
Question 69
Which functions are part of the Local Privileged Accounts Management default policy? (Choose two.)
  1. Remove local administrators.
  2. Rotate credentials of local privileged user accounts.
  3. Automatically onboard local privileged user accounts.
  4. Create credential lures to detect and deceive attackers.
  5. Protect against user-created local privileged user accounts.
Correct answer: BC
Question 70
A CyberArk EPM administrator wants to include a specific file extension to be monitored and protected under Ransomware Protection.
Which setting should the administrator configure to add the extension?
  1. Authorized Applications (Ransomware Protection)
  2. Files to be Ignored Always
  3. Anti-tampering Protection
  4. Default Policies
Correct answer: D
Question 71
CyberArk EPM’s Ransomware Protection must be set to which mode to prevent ransomware?
  1. Detect
  2. Block
  3. Restrict
  4. Deny
Correct answer: B
Question 72
Which types of reports does CyberArk EPM support?
  1. Events, Policies, Admin audits
  2. Events, Policies, Endpoints, Admin audits
  3. Events, Policies
  4. Events, Policies, Endpoints, Admin audits, Set Audits
Correct answer: D
Question 73
Which information is collected from CyberArk EPM administrators? (Choose two.)
  1. local usernames and groups.
  2. EPM username (email address)
  3. IP address from which the administrator is connected
  4. hardware specifications
  5. launched applications
Correct answer: BC
Question 74
A set administrator is creating 100 custom groups to manage the application of policies based on computers within a set. Your organization provided a CSV file containing the list of computers and custom groups. Now you need to import and manage these custom groups in a set.
How do you enable the feature to import the groups?
  1. Turn on the Synchronize computer groups parameter under Set configuration.
  2. Turn on the Import computer groups parameter under Agent configuration.
  3. Turn on the Manage computer groups parameter under Set configuration.
  4. Turn on the Create computer groups parameter under Agent configuration.
Correct answer: C
Question 75
What must be provided to disable the EPM agent self-defense on an endpoint?
  1. Installation Key
  2. Agent ID
  3. Agent Self-Defense Password
  4. Secure Token
Correct answer: C
Question 76
Which port or protocol does the EPM Agent use to communicate with the EPM SaaS?
  1. ТСР1815
  2. HTTP
  3. TCP443
  4. UDP1815
Correct answer: C
Question 77
Match each Aggregated Event type to the correct description.
Correct answer: To work with this question, an Exam Simulator is required.
Question 78
What is the filename for the service and log parameters for the Linux Endpoint in CyberArk EPM?
  1. config.yaml and agentparams.yaml
  2. agentparams.yaml and agentiogs.yaml
  3. agentservices.yaml and agentlogs.yaml
  4. agentservices.yaml and config.yaml
Correct answer: A
Question 79
In Automatic SAML User Provisioning, which attribute name must be added for all users who will log into CyberArk EPM using SAML?
  1. EPM-User
  2. EPM-User-Binding
  3. EPM-SAML-Binding
  4. EPM-SAML
Correct answer: A
Question 80
What is required to install and run the CyberArk EPM admin utility?
  1. Begin sudo to see groups and users in /etc/passwd
  2. Stop the password rotation
  3. Ensure NET 4.8 or higher was installed on the endpoint
  4. Install the EPM agent before running the utility.
Correct answer: C
Question 81
Arrange the policy action in the correct priority order beginning with the policy action with the highest priority.
Correct answer: To work with this question, an Exam Simulator is required.
Question 82
Which statements are correct about Trusted Sources in CyberArk EPM? (Choose two.)
  1. They are limited to applications with a specific digital signature.
  2. They cannot apply retroactively if the application is moved to a different location.
  3. An unhandled application is an application that is not specifically trusted or blocked in the organization
  4. They can include applications located in a specific network share
  5. They can incorporate applications installed by them, even with different digital signatures
Correct answer: CD
Question 83
Match each task with the appropriate installation method.
Correct answer: To work with this question, an Exam Simulator is required.
Question 84
Which policy actions are applied in the Trust Policies for Windows and MacOS Endpoints? (Choose two.)
  1. Allow
  2. Elevate If Necessary
  3. Trusted
  4. Elevate
  5. Elevate if need child process
Correct answer: AC
Question 85
What best describes the purpose of the Policy Recommendations feature?
  1. suggest least privilege policies based on application usage patterns and behavior
  2. automatically block high-risk applications without user input
  3. enforce mandatory security updates for all endpoint devices
  4. recommend software upgrades for outdated applications
Correct answer: A
Question 86
What are application policy actions within CyberArk EPM? (Choose two.)
  1. Run As Administrator
  2. Elevate if Necessary
  3. Prevent Launch as Needed
  4. Authorized Sources
  5. Elevate
Correct answer: BE
Question 87
What is a CyberArk EPM policy that can be created to detect an attempt to escalate privileges by harvesting credentials without alerting the potential attacker?
  1. Application Groups set to Block, report on attempt to run
  2. Remove Local Administrators, report on attempt to run elevated programs
  3. Ransomware, define Authorized Applications, report on all other applications
  4. Privilege Deception, set to Detect, review all attempts
Correct answer: D
Question 88
You are an IT team member. An end user reported an issue with the Visual Studio application. As part of troubleshooting, you want to suspend policies and test the application. You would like to apply the setting to one endpoint.
What is the path to create this configuration?
  1. Configuration → Set Configuration → Agent Configuration → General Configuration → Edit parameters
  2. Configuration → Agent Configuration → Set Configuration → General Configuration → Edit parameters
  3. Configuration → Agent Configuration → Create custom Configuration
  4. Configuration → User access tokens → Create custom Configuration
Correct answer: B
Question 89
Which parameters can be enabled for data collection by the agent? (Choose two.)
  1. Event queue flush period
  2. Collect unprotected accounts
  3. Policy audit event flush period
  4. Push active policies to agents
  5. Automate report generation
Correct answer: AC
Question 90
Which agent parameter defines protection from third-party DLLs on Windows?
  1. agent self-defense
  2. protect elevated processes from DLL hijacking
  3. anti-tampering protection
  4. protect administrative user groups
Correct answer: B
Question 91
What are default out-of-the-box predefined Application groups? (Choose two.)
  1. Elevate
  2. Stopped
  3. Elevate if necessary
  4. Developer applications
  5. Allowed sources
Correct answer: DE
Question 92
A set administrator wants to download the immediate enforcement agent for Windows but cannot find the tab in the EPM console's download center.
What is the reason?
  1. The set is not an immediate enforcement agent set.
  2. The set administrator does not have account admin permissions.
  3. The feature is not enabled in the set configuration settings.
  4. The immediate enforcement agent is downloaded from Marketplace
Correct answer: A
Question 93
Which time format is used for events in EPM reports?
  1. local time
  2. UTC+0
  3. EST
  4. GMT+5
Correct answer: B
Question 94
In which report will you find secure tokens generated for endpoints in the CyberArk EPM management console?
  1. Admin Audits
  2. Endpoints
  3. Events
  4. Application Catalog
Correct answer: B
Question 95
When generating a secure token, for which scopes can the secure token be valid? (Choose two.)
  1. all computers part of an EPM tenant
  2. all computers part of a set
  3. a subset of computers part of an EPM tenant
  4. a subset of computers part of a set
  5. all computers part of a specific Active Directory organizational unit
Correct answer: BD
Question 96
What does the policy action influence?
  1. order of precedence
  2. policy name
  3. operating system
  4. application groups
Correct answer: A
Question 97
Match the items to their correct configuration type.
Correct answer: To work with this question, an Exam Simulator is required.
Question 98
What happens during agent installation on MacOS?
  1. A token is generated
  2. The user must insert a username and password to apply an upgrade.
  3. A service account is created and automatically removed at the end of installation.
  4. A service account is automatically created and must not be deleted.
Correct answer: D
Question 99
Where can you find a detailed list of all of the policies applied to an endpoint?
  1. Endpoint inventory report in Reports - Endpoint section
  2. In the Endpoints, My Computers, Active Policies
  3. C:\Program Files\CyberArk\Endpoint Privilege Manager\Agent\vf_policies.xml
  4. vf_policy file in the support info bundle
Correct answer: B
Question 100
Which policy category focuses on managing and controlling software permissions within an organization?
  1. Credential Rotation
  2. Application Policy
  3. Privilege Threat Protection
  4. Script Distribution
Correct answer: B
Question 101
For some reason, a few machines were disconnected from the console and are having problems connecting to the console. Now, the Intune team is trying to uninstall agents, but self-defense is enabled on these machines.
What is the best way to uninstall the EPM agents under these circumstances?
  1. Turn off self-defense, then the Intune team can uninstall the agent
  2. Generate a secure token for all computers and use it for this machine.
  3. Generate a secure token for any of the alive machines and use it for this machine.
  4. Turn off self-defense for this specific machine by creating a custom configuration, so the Intune team can uninstall the agent.
Correct answer: A
Question 102
What is the primary purpose of CyberArk CORA AI?
  1. Provide real-time antivirus protection for applications.
  2. Recommend policy actions based on machine learning algorithms.
  3. Manage user credentials and passwords
  4. Automatically block unauthorized users from accessing the network.
Correct answer: B
Question 103
Which default policy includes the functionality of creating credential lures?
  1. Privilege Management
  2. Privilege Threat Protection
  3. Local Privileged Accounts Management
  4. Phishing Protection Management
Correct answer: B
Question 104
Which statements are correct regarding a non-persistent VDI set? (Choose two.)
  1. Only network and operating system data are reported
  2. Credential rotation policies cannot be configured.
  3. You cannot create a policy with a specific computer name
  4. Only limited manual computer groups can be created
  5. Custom user access tokens cannot be created
Correct answer: AC
Question 105
As part of the IT team, you enabled auditing to record an end user's activities in the cmd application. When checking for a video file on an end user's computer, you found that it was deleted due to the default retention period. Now, you are trying to set the maximum retention period.
What is the maximum retention period that can be set?
  1. 60 days
  2. 90 days
  3. 1 year
  4. 2 years
Correct answer: D
Question 106
In the CyberArk EPM SaaS console, which feature displays the percentage of detected applications handled?
  1. Application Groups
  2. Policy Recommendations
  3. Application Coverage by Policies
  4. Policy Audit
Correct answer: C
Question 107
Which statements about Privilege Threat Protection are correct? (Choose two.)
  1. It only supports credential types for Windows OS and Web Browsers
  2. It can detect and block credential theft for critical operating system resources.
  3. It cannot create credential lures to deceive attackers
  4. It helps prevent lateral movement to stop attack vectors.
  5. It is limited to detecting threats in IT Applications only
Correct answer: BD
Question 108
Which types of data are collected by CyberArk EPM endpoints? (Choose two.)
  1. computer name
  2. file explorer information
  3. EPM username (email address)
  4. installed programs
  5. administrator's IP address
Correct answer: AD
Question 109
If an EPM agent loses connectivity to the EPM SaaS, what will occur?
  1. The EPM agent continues to apply policies based on the last policies retrieved
  2. The EPM agent automatically disables its agent self-defense
  3. The EPM SaaS attempts to redeploy the agent to the endpoint.
  4. The EPM SaaS redirects the EPM agent to an available EPM SaaS region
Correct answer: A
Question 110
Which statements about the Immediate Enforcement (IE) agent are correct? (Choose two.)
  1. Threat protection is not available for IE agents.
  2. The agent installation kit for IE agents does not contain the set’s policies.
  3. IE agents are available for Windows. MacOS and Linux.
  4. IE agents should be installed in the same set as regular agents
  5. "Download immediate enforcement agent" must be set to ON when deploying an IE agent
Correct answer: AE
Question 111
For some reason, Windows executables are not scanned in the scanning process.
Where should you check to determine whether the file type is being selected?
  1. Configuration → Agent Configuration → General Configuration → File Types to Scan for Application Catalog
  2. Configuration → Server Configuration → General Configuration → File Types to Scan for Application Catalog
  3. Configuration → Set Configuration → Agent Configuration → File Types to Scan for Application Catalog
  4. Configuration → Agent Configuration → Set Configuration → File Types to Scan for Application Catalog
Correct answer: A
Question 112
Arrange the policy names and their priority in the correct order of precedence.
Correct answer: To work with this question, an Exam Simulator is required.
Question 113
Which action is required after adding driver-level exclusions for CybeArk EPM?
  1. Reboot the endpoint
  2. Restart the EPM service.
  3. Manually update EPM settings.
  4. Delete temporary files.
Correct answer: A
Question 114
Which statements are correct about the functions of the Application Catalog? (Choose two.)
  1. It detects applications that are managed by policies and those that are not
  2. Threat analyses can be run on application events.
  3. An event can be deleted before the retention period ends
  4. You can configure the number of displayed events in the Application Catalog up to 1000 events
  5. It detects only events for applications that are not managed by policies.
Correct answer: AD
Question 115
How does the "Create Credential Lures" function detect and deceive attackers?
  1. It creates employees with fake phone numbers in the company employee directory; when an attacker calls the fake phone number. EPM creates an event.
  2. It creates LinkedIn profiles of real employees with easy to guess passwords, when an attacker attempts to log in to the profile. EPM creates an event.
  3. It creates user credentials in popular places on the endpoint; when an attacker attempts to log into the user. EPM creates an event.
  4. It creates fake accounts in CyberArk's privileged access management vault, when an attacker attempts to use the account, EPM creates an event.
Correct answer: C
Question 116
Arrange the steps to manage unsigned macOS executables in the correct sequence.
Correct answer: To work with this question, an Exam Simulator is required.
Question 117
Arrange the steps to install the agent on a new macOS endpoint in the correct sequence.
Correct answer: To work with this question, an Exam Simulator is required.
Question 118
Which methods does CyberArk EPM SaaS use to secure data? (Choose two.)
  1. data encryption using SSL/TLS and AES-256
  2. regular data backups to external servers
  3. access control through SAML authentication
  4. data segregation to ensure customer data isolation
  5. blockchain technology for data integrity
Correct answer: AD
Question 119
A CyberArk EPM administrator wants to enable CyberArk EPM's Ransomware Protection in Restrict mode.
What should the administrator do?
  1. Set Block unhandled applications to On.
  2. Set Protect Against Ransomware to Restrict
  3. Set Protect Against Ransomware to Restrict and Set Block unhandled applications to On.
  4. Set Control unhandled applications to Detect
Correct answer: C
Question 120
How long can a JIT policy can be granted to a user of the target resource?
  1. 10 minutes to 48 hours
  2. 1 to 24 hours
  3. 1 to 72 hours
  4. unlimited time range
Correct answer: A
Question 121
You are a CyberArk EPM Administrator creating a new Application Blocked dialog with these end-user requirements:
  • ability to provide reasons to the CyberArk EPM Administrator to access the blocked application on a per request basis
  • ability to notify the end-users upon approval completion.
Which sections enable these requirements? (Choose two.)
  1. User Email Request
  2. Action Buttons
  3. User Justification Request
  4. Main message
  5. Application Properties
Correct answer: AC
Question 122
Which types of sets are defined by their license type?
  1. regular machines and non-persistent VDI machines
  2. non-persistent VDI machines and full protection set
  3. credentials rotation and regular machines
  4. full protection set and credentials rotation set.
Correct answer: B
Question 123
Which types of reports are available in the CyberArk EPM Management Console? (Choose two.)
  1. Endpoints
  2. Policies
  3. Ransomware
  4. Domain Users
  5. Error Logs
Correct answer: AC
Question 124
What is the function of the group "Microsoft Windows Programs (default Policies)"?
  1. monitors or restricts access to sensitive resources for Microsoft Windows programs
  2. groups Microsoft Windows programs for easy management
  3. monitors the use of Windows programs for license management
  4. allows Windows applications to provide access to sensitive resources
Correct answer: A
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!