Dec-2023 CyberArk EPM-DEF Certification Real 2023 Mock Exam [Q32-Q57]

Dec-2023 CyberArk EPM-DEF Certification Real 2023 Mock Exam

EPM-DEF Exam Questions and Valid PMP Dumps PDF

CyberArk EPM-DEF certification is highly valued in the cybersecurity industry. It demonstrates that the holder has a deep understanding of endpoint security and privileged access management, and is capable of implementing and managing CyberArk's EPM solution to protect against cyber threats. Certified professionals are in high demand by organizations that need to secure their endpoints against increasingly sophisticated cyber attacks.

CyberArk EPM-DEF (CyberArk Defender - EPM) Certification Exam is a comprehensive assessment of an individual's knowledge and skills in using CyberArk's Privileged Access Security solutions. EPM-DEF exam is designed for cybersecurity professionals who want to demonstrate their expertise in designing, implementing, and managing CyberArk's Endpoint Privilege Manager (EPM) solution. The EPM solution helps organizations to protect against privileged access abuse and mitigate the risk of cyber attacks.

 

NEW QUESTION # 32
For the CyberArk EPM Threat Deception Credential Lure feature, what is the recommendation regarding the username creation?

• A. The username should have a strong password associated.
• B. The username should match the built-in local Administrator.
• C. The username should match to an existing account.
• D. The username should not match to an existing account.

Answer: D

NEW QUESTION # 33
What are the predefined application groups?

• A. Elevate, Allow, Block, Developer Applications
• B. Developer group, Administrator group
• C. Run as Administrator, Run as Developer, Block
• D. Block Only

Answer: A

NEW QUESTION # 34
A particular user in company ABC requires the ability to run any application with administrative privileges every day that they log in to their systems for a total duration of 5 working days.
What is the correct solution that an EPM admin can implement?

• A. An EPM admin can create an authorization token for each application needed by running:
  EPMOPAGtool.exe -command gentoken -targetUser <username> -filehash <file hash> -timeLimit 120
  -action run
• B. An EPM admin can create a secure token for the end user's computer and instruct the end user to open an administrative command prompt and run the command vfagent.exe -UseToken <securetoken_value>
• C. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to
  120 hours
• D. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to
  120 hours and Terminate administrative processes when the policy expires option unchecked

Answer: D

NEW QUESTION # 35
Match the Application Groups policy to their correct description.

Answer:

Explanation:

NEW QUESTION # 36
Can the EPM Set Administrator configure Audit Dialog Pop-ups for the Record Audit Video option?

• A. Yes, when Audit Video recording started, when not enough disk space to start the video recording, and when video recording is initializing.
• B. No, Audit Video is only available without the possibility of having End-User dialog pop-ups.
• C. Yes, when Audit Video recording started, when Audit Video recording stopped, and when Audit Recording video reached size limit.
• D. Yes, when Audit Video recording started, when Audit Video recording is uploaded to the EPM server, and when audit recording cannot be initialized.

Answer: B

NEW QUESTION # 37
An EPM Administrator is looking to enable the Threat Deception feature, under what section should the EPM Administrator go to enable this feature?

• A. Threat Protection Inbox
• B. Policy Audit
• C. Policies
• D. Threat Intelligence

Answer: C

NEW QUESTION # 38
What are Trusted sources for Windows endpoints used for?

• A. Creating policies that contain trusted sources of applications.
• B. Defining applications that can be used by the developers.
• C. Managing groups added by recommendation.
• D. Listing all the approved application to the end users.

Answer: D

NEW QUESTION # 39
Which of the following is CyberArk's Recommended FIRST roll out strategy?

• A. Implement Application Control
• B. Implement Privilege Management
• C. Implement Threat Detection
• D. Implement Ransomware Protection

Answer: B

NEW QUESTION # 40
How does CyberArk EPM's Ransomware Protection feature monitor for Ransomware Attacks?

• A. It sandboxes the suspected ransomware and applies heuristics.
• B. It performs a lookup of file signatures against VirusTotal's database.
• C. It monitors for any unauthorized access to specified files.
• D. It compares known ransomware signatures retrieved from virus databases.

Answer: A

NEW QUESTION # 41
When working with credential rotation/loosely connected devices, what additional CyberArk components are required?

• A. DAP
• B.
• C. PVWA
• D. PTA

Answer: C

NEW QUESTION # 42
When deploying EPM and in the Privilege Management phase what is the purpose of Discovery?

• A. To identify all non-administrative events
• B. To identify all administrative level events
• C. To identify both administrative and non-administrative level events
• D. To identify non-administrative threats

Answer: C

NEW QUESTION # 43
When deploying Ransomware Protection, what tasks should be considered before enabling this functionality?
(Choose two.)

• A. Add trusted software to the Authorized Applications (Ransomware protection) Application Group
• B. Enable Detect privileged unhandled applications under Default Policies
• C. Add trusted software to the Allow Application Group
• D. Add additional files, folders, and/or file extensions to be included to Ransomware Protection

Answer: A,D

NEW QUESTION # 44
What unauthorized change can CyberArk EPM Ransomware Protection prevent?

• A. Local Administrator Passwords
• B. Website Data
• C. Certificates in the Certificate Store
• D. Windows Registry Keys

Answer: C

NEW QUESTION # 45
An end user is reporting that an application that needs administrative rights is crashing when selecting a certain option menu item. The Application is part of an advanced elevate policy and is working correctly except when using that menu item.
What could be the EPM cause of the error?

• A. The Specify permissions to be set for selected Services on End-user Computers is set to Allow Start/Stop
• B. The Elevate Child Processes option is not enabled.
• C. The Users defined in the advanced policy do not include the end user running the application.
• D. The Advanced: Time options are not set correctly to include the time that the user is running the application at.

Answer: B

NEW QUESTION # 46
Which of the following application options can be used when defining trusted sources?

• A. Publisher, Name, Size, URI
• B. Product, Publisher, User/Group, Installation Package
• C. Product, URL, Machine, Package
• D. Publisher, Product, Size, URL

Answer: B

NEW QUESTION # 47
Where would an EPM admin configure an application policy that depends on a script returning true for an end user's machine being connected to an open (no password protection) Wi-Fi?

• A. Advanced Policy - Options: Conditional enforcement - Apply Policy according to Script execution result
• B. Advanced Policy - Application Control - Check Wi-Fi security
• C. Default policies - Check if network access is secure
• D. Advanced Policy - Access - Specify permissions to be set for Wi-Fi network security

Answer: A

NEW QUESTION # 48
Which threat intelligence source requires the suspect file to be sent externally?

• A. NSRL
• B. Palo Alto Wildfire
• C. VirusTotal
• D. CyberArk Application Risk Analysis Service (ARA)

Answer: C

NEW QUESTION # 49
An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?

• A. Add the application to the Files to be Ignored Always in Agent Configurations.
• B. Add the application to an Advanced Policy or Application Group with an Elevate policy action.
• C. Exclude the application within the LSASS Credentials Harvesting module.
• D. In Agent Configurations, add the application to the Threat Protection Exclusions

Answer: D

NEW QUESTION # 50
A Helpdesk technician needs to provide remote assistance to a user whose laptop cannot connect to the Internet to pull EPM policies. What CyberArk EPM feature should the Helpdesk technician use to allow the user elevation capabilities?

• A. Loosely Connected Devices Credential Management
• B. Just In Time Access and Elevation
• C. Elevate Trusted Application If Necessary
• D. Offline Policy Authorization Generator

Answer: B

NEW QUESTION # 51
What type of user can be created from the Threat Deception LSASS Credential Lures feature?

• A. A local administrator user
• B. A domain admin user
• C. A standard user
• D. It does not create any users

Answer: C

NEW QUESTION # 52
For Advanced Policies, what can the target operating system users be set to?

• A. Local or AD users and groups, Azure AD User, Azure AD Group
• B. Local or AD users, Azure AD Users
• C. AD Groups, Azure AD Groups
• D. Local or AD users and groups

Answer: D

NEW QUESTION # 53
CyberArk's Privilege Threat Protection policies are available for which Operating Systems? (Choose two.)

• A. MacOS
• B. Windows Workstations
• C. Linux
• D. Windows Servers

Answer: B,D

NEW QUESTION # 54
What feature is designed to exclude applications from CyberArk EPM's Ransomware Protection, without whitelisting the application launch?

• A. Trusted Sources
• B. Policy Recommendations
• C. Authorized Applications (Ransomware Protection)
• D. Threat Intelligence

Answer: C

NEW QUESTION # 55
When adding the EPM agent to a pre-existing security stack on workstation, what two steps are CyberArk recommendations. (Choose two.)

• A. Add any pre-existing security application to the Files to Be Ignored Always.
• B. Create new advanced policies for each security tool.
• C. EPM agent should never be run with any other security tools.
• D. Add EPM agent to the other security tools exclusions.

Answer: A,D

NEW QUESTION # 56
......

EPM-DEF Question Bank: Free PDF Download Recently Updated Questions: https://passguide.validtorrent.com/EPM-DEF-valid-exam-torrent.html