EPM-DEF Online Practice Questions and Answers

What can you manage by using User Policies?

A. Just-In-Time endpoint access and elevation, access to removable drives, and Services access.

B. Access to Windows Services only.

C. Filesystem and registry access, access to removable drives, and Services access.

D. Just-In-Time endpoint access and elevation, access to removable drives, filesystem and registry access, Services access, and User account control monitoring.

What EPM component is responsible for communicating password changes in credential rotation?

A. EPM Agent

B. EPM Server

C. EPM API

D. EPM Discovery

On the Default Policies page, what are the names of policies that can be set as soon as EPM is deployed?

A. Privilege Escalation, Privilege Management, Application Management

B. Privilege Management, Application Control, Threat analysis

C. Privilege Management, Threat Protection, Application Escalation Control

D. Privilege Management, Privilege Threat Protection, Local Privileged Accounts Management

An application has been identified by the LSASS Credentials Harvesting Module.

What is the recommended approach to excluding the application?

A. In Agent Configurations, add the application to the Threat Protection Exclusions

B. Add the application to the Files to be Ignored Always in Agent Configurations.

C. Exclude the application within the LSASS Credentials Harvesting module.

D. Add the application to an Advanced Policy or Application Group with an Elevate policy action.

How does CyberArk EPM's Ransomware Protection feature monitor for Ransomware Attacks?

A. It compares known ransomware signatures retrieved from virus databases.

B. It sandboxes the suspected ransomware and applies heuristics.

C. It monitors for any unauthorized access to specified files.

D. It performs a lookup of file signatures against VirusTotal's database.

An end user is reporting that an application that needs administrative rights is crashing when selecting a certain option menu item. The Application is part of an advanced elevate policy and is working correctly except when using that menu item.

What could be the EPM cause of the error?

A. The Users defined in the advanced policy do not include the end user running the application.

B. The Advanced: Time options are not set correctly to include the time that the user is running the application at.

C. The Elevate Child Processes option is not enabled.

D. The Specify permissions to be set for selected Services on End-user Computers is set to Allow Start/Stop

If you want to diagnose agent EPM agent connectivity issues, what is the agent executable that can be used from the command line?

A. vf_agent.exe

B. epm_agent.exe

C. vault_agent.exe

D. db_agent.exe

When working with credential rotation at the EPM level, what is the minimum time period that can be set between connections?

A. 1 hour

B. 5 hours

C. 24 hours

D. 72 hours

For Advanced Policies, what can the target operating system users be set to?

A. Local or AD users and groups, Azure AD User, Azure AD Group

B. AD Groups, Azure AD Groups

C. Local or AD users and groups

D. Local or AD users, Azure AD Users

What is a valid step to investigate an EPM agent that is unable to connect to the EPM server?

A. On the end point, open a browser session to the URL of the EPM server.

B. Ping the endpoint from the EPM server.

C. Ping the server from the endpoint.

D. Restart the end point