DRAG DROP
A user wants to install the CyberArk Identity mobile app by using a QR code.
Arrange the steps to do this in the correct sequence.
Where can MFA filters be used? (Choose three.)
- A . User and Admin Portal login
- B . App level 2FA/MFA
- C . RADIUS
- D . Self-service password reset
- E . Editing personal profile attributes
- F . OAUTH2 connections
Which 2FA/MFA options can be used if users cannot use their mobile device? (Choose two.)
- A . FID02
- B . Security questions
- C . OAUTH2
- D . QRcode
- E . Push notification app
A user’s account information required for multi-factor authentication is not set up properly and is preventing the user from logging in.
What should you do?
- A . Use the MFA Unlock command in the Admin Portal to suspend multifactor authentication for 10 minutes.
- B . Delete the user’s account and create a new one.
- C . Ask the user to delete all browser cookies, then try again.
- D . Change the user’s director/ source from Active Directory to LDAP for authentication.
Which statement is correct about the CyberArk Identity Windows Device Trust enrollment process?
- A . An enrollment code is optional.
- B . The endpoint does not need to be a domain-joined machine.
- C . You can define the maximum number of joinable endpoints.
- D . You can define the minimum number of joinable endpoints.
ACME Corporation employees access critical business web applications through CyberArk Identity. You notice a constant high volume of unauthorized traffic from 103.1.200.0/24 trying to gain access to the CyberArk Identity portal. Access to the CyberArk Identity portal is time sensitive. ACME decides to enforce IP restrictions to reduce vulnerability.
Which configuration can help achieve this?
- A . Login in to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the ACME Corporation IP range.
- B . Log in to the CyberArk Identity Admin portal and define the IP range of 103 1 200 0/24 into the blocked IP range.
- C . Implement device trust through the Windows Cloud Agent.
- D . Implement zero trust through the App Gateway.
Refer to the exhibit.
Which statements are correct regarding this Authentication Policy? (Choose two.)
- A . Users will still be asked for their MFA even if they mistyped their username.
- B . If users have set up CyberArk Mobile Authenticator as an MFA, they will still receive the Push Notification to confirm the request even if they mistyped their password.
- C . Users will not be notified which challenge they failed if their login attempt failed.
- D . If users have set up a Security Question as an MFA, the Security Question will not be displayed to the user to answer even if they mistyped their password.
- E . If the first factor is password and the user is an Active Directory user and the Active Directory is unavailable, this setting does not matter because the user will not be able to authenticate through Active Directory credentials and will see the message "Active Directory not available".
DRAG DROP
Your organization wants to automatically create user accounts with different Salesforce licenses (e.g., Salesforce, Identity, Chatter External).
In CyberArk Identity, arrange the steps to achieve this in the correct sequence.
Refer to the exhibit.
Within the "Allow user notifications on multiple devices", if you leave the setting as Default (–), what happens if a user triggers a MFA Push notification and has enrolled three different devices?
- A . The push notification will be sent to none of the enrolled devices.
- B . The push notification will be sent to the first enrolled device only.
- C . The push notification will be sent to all enrolled devices.
- D . The push notification will be sent to the last enrolled device only.
An organization previously allowed users to add their personal apps on the Identity User Portal. This will soon be disabled due to policy changes.
What is the impact to the users for personal apps previously added to the User Portal?
- A . They will continue to function normally; however, users cannot add new apps.
- B . They will continue to display on the Apps screen and user devices; however, they will be greyed out and unavailable for any form of interaction.
- C . They will be deleted from the Apps screen and user devices.
- D . They will continue to display on the Apps screen and user devices; however, an error message will display when users try to open the application.
Which protocols can CyberArk provide MFA for VPN? (Choose two.)
- A . SAML
- B . RADIUS
- C . IMAP
- D . TACACS
- E . LDAP
Which device enrollment settings are valid? (Choose two.)
- A . Send notification on device enrollment
- B . Enable invite based enrollment
- C . Minimum number of devices a user can enroll
- D . Reassign the device to another user
- E . Permanently delete device
What is considered an "Identity Provider Initiated" login to an application?
- A . After signing in to the CyberArk Identity portal, a user launches a SAML app by clicking an app tile.
- B . After visiting a third-party web app, a user is redirected to CyberArk Identity for authentication.
- C . A user visits a third party web app directly and signs in with local credentials.
- D . A user signs in to the CyberArk Identity portal and takes a screenshot of the portal to send to IT.
CyberArk Identity’s App Gateway can be used to protect and access which option?
- A . on-premises Oracle web app
- B . cloud-hosted Salesforce environment
- C . a corporate laptop
- D . a web browser
DRAG DROP
Admins can enable self-service for users to unlock their accounts. There are four options under the Admin Portal Core Services > Policies > User Security Policies > Self Service > Account Unlock options. Match each option to the correct description.
Which predefined roles does CyberArk Identity provide?
- A . System Administrator and Everybody
- B . Manage Users and Everybody
- C . System Administrator and Business Users
- D . Manage Users and Business Users
When configuring an application to use the App Gateway, you do not have to change any configurations in the application directly. You enable the application for App Gateway access in the Admin Portal and input the existing URL that users enter to open the application. You can either use an external URL that CyberArk Identity automatically generates, or you can continue using an existing internal URL.
What is a disadvantage of using an existing internal URL for App Gateway connections?
- A . Existing links and bookmarks do not work outside of the corporate network.
- B . Users must use different URLs depending on whether they access the application internally or externally.
- C . More configuration is needed because you must upload the URL certificate and private key, and edit DNS settings.
- D . Users must use the same URLs regardless of whether they access the application internally or
externally and this may confuse them.
What does the CyberArk Identity App Gateway work with? (Choose three.)
- A . SAML-Compliant Apps
- B . WS-Fed Enabled Apps
- C . OIDC Web Apps
- D . Thick Client (non-web-based Apps)
- E . Terminal Services
- F . Telnet
Which 2FA/MFA options can fulfill the "Something you are" requirement? (Choose two.)
- A . email
- B . CyberArk Identity mobile app
- C . F1D02
- D . phone call
- E . security questions