[Oct 12, 2023] Free CyberArk Defender EPM-DEF Exam Question [Q24-Q47]

Q24. An EPM Administrator would like to enable CyberArk EPM’s Ransomware Protection in Restrict mode. What should the EPM Administrator do?

Set Block unhandled applications to On.

Set Protect Against Ransomware to Restrict.

Set Protect Against Ransomware to Restrict and Set Block unhandled applications to On.

Set Control unhandled applications to Detect.

Q25. A Helpdesk technician needs to provide remote assistance to a user whose laptop cannot connect to the Internet to pull EPM policies. What CyberArk EPM feature should the Helpdesk technician use to allow the user elevation capabilities?

Offline Policy Authorization Generator

Elevate Trusted Application If Necessary

Just In Time Access and Elevation

Loosely Connected Devices Credential Management

Q26. Which policy can be used to improve endpoint performance for applications commonly used for software development?

Developer Applications

Trusted Application

Trusted Source

Software Updater

Q27. What is required to configure SAML authentication on EPM?

OAuth token

Signed Authentication Request

Encrypted Assertion

Signed SAML Response

Q28. What feature is designed to exclude applications from CyberArk EPM’s Ransomware Protection, without whitelisting the application launch?

Trusted Sources

Authorized Applications (Ransomware Protection)

Threat Intelligence

Policy Recommendations

Q29. When working with credential rotation at the EPM level, what is the minimum time period that can be set between connections?

1 hour

5 hours

24 hours

72 hours

Q30. Match the Trusted Source to its correct definition:

Q31. An end user is experiencing performance issues on their device after the EPM Agent had been installed on their machine. What should the EPM Administrator do first to help resolve the issue?

Verify any 3rd party security solutions have been added to EPM’s Files To Be Ignored Always configuration and CyberArk EPM has also been excluded from the 3rd party security solutions.

Enable the Default Policy’s Privilege Management Control, Unhandled Privileged Applications in Elevate mode.

Rerun the agent installation on the user’s machine to repair the installation.

Uninstall or disable any anti-virus software prohibiting the EPM Agent functionalities.

Q32. For Advanced Policies, what can the target operating system users be set to?

Local or AD users and groups, Azure AD User, Azure AD Group

AD Groups, Azure AD Groups

Local or AD users and groups

Local or AD users, Azure AD Users

Q33. What can you manage by using User Policies?

Just-In-Time endpoint access and elevation, access to removable drives, and Services access.

Access to Windows Services only.

Filesystem and registry access, access to removable drives, and Services access.

Just-In-Time endpoint access and elevation, access to removable drives, filesystem and registry access, Services access, and User account control monitoring.

Q34. Which of the following is CyberArk’s Recommended FIRST roll out strategy?

Implement Application Control

Implement Privilege Management

Implement Threat Detection

Implement Ransomware Protection

Q35. How does EPM help streamline security compliance and reporting?

Use of automated distribution of reports to the security team

Provides reports in standard formats such as PDF, Word and Excel

Print reports

Create custom reports

Q36. An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?

In Agent Configurations, add the application to the Threat Protection Exclusions

Add the application to the Files to be Ignored Always in Agent Configurations.

Exclude the application within the LSASS Credentials Harvesting module.

Add the application to an Advanced Policy or Application Group with an Elevate policy action.

Q37. CyberArk’s Privilege Threat Protection policies are available for which Operating Systems? (Choose two.)

Windows Workstations

Windows Servers

MacOS

Linux

Q38. After a clean installation of the EPM agent, the local administrator password is not being changed on macOS and the old password can still be used to log in.
What is a possible cause?

Secure Token on macOS endpoint is not enabled.

EPM agent is not able to connect to the EPM server.

After installation, Full Disk Access for the macOS agent to support EPM policies was not approved.

Endpoint password policy is too restrictive.

Q39. When blocking applications, what is the recommended practice regarding the end-user UI?

Show a block prompt for blocked applications.

Show no prompts for blocked applications.

Hide the CyberArk EPM Agent icon in the system tray.

Enable the Default Deny policy.

Q40. When enabling Threat Protection policies, what should an EPM Administrator consider? (Choose two.)

Some Threat Protection policies are applicable only for Windows Servers as opposed to Workstations.

Certain Threat Protection policies apply for specific applications not found on all machines

Threat Protection policies requires an additional agent to be installed.

Threat Protection features are not available in all regions.

Q41. An EPM Administrator needs to create a policy to allow the MacOS developers elevation to an application.
What type of policy should be used?

Elevate Application Group

Developer Applications Application Group

Elevate Trusted Applications If Necessary Advanced Policy

Elevate MacOS Policy

Q42. Which EPM reporting tool provides a comprehensive view of threat detection activity?

Threat Detection Dashboard

Detected Threats

Threat Detection Events

McAfee ePO Reports

Q43. What type of user can be created from the Threat Deception LSASS Credential Lures feature?

It does not create any users

A standard user

A local administrator user

A domain admin user

Q44. An EPM Administrator would like to enable a Threat Protection policy, however, the policy protects an application that is not installed on all endpoints.
What should the EPM Administrator do?

Enable the Threat Protection policy and configure the Policy Targets.

Do not enable the Threat Protection policy.

Enable the Threat Protection policy only in Detect mode.

Split up the endpoints in to separate Sets and enable Threat Protection for only one of the Sets.

Q45. Before enabling Ransomware Protection, what should the EPM Administrator do first?

Enable the Privilege Management Inbox in Elevate mode.

Enable the Control Applications Downloaded From The Internet feature in Restrict mode.

Review the Authorized Applications (Ransomware Protection) group and update if necessary.

Enable Threat Protection and Threat Intelligence modules.

Q46. For the CyberArk EPM Threat Deception Credential Lure feature, what is the recommendation regarding the username creation?

The username should match to an existing account.

The username should have a strong password associated.

The username should not match to an existing account.

The username should match the built-in local Administrator.

Q47. CyberArk EPM’s Ransomware Protection comes with file types to be protected out of the box. If an EPM Administrator would like to remove a file type from Ransomware Protection, where can this be done?

Policy Scope within Protect Against Ransomware

Authorized Applications (Ransomware Protection) within Application Groups

Set Security Permissions within Advanced Policies

Protected Files within Agent Configurations

[Oct 12, 2023] Free CyberArk Defender EPM-DEF Exam Question [Q24-Q47]

Leave a Reply Cancel reply

EPM-DEF Practice Tests

Related Certifications

Recent Posts

Categories

Archives