EPM-DEF Online Practice Questions and Answers

When deploying EPM and in the Privilege Management phase what is the purpose of Discovery?

A. To identify all non-administrative events

B. To identify all administrative level events

C. To identify both administrative and non-administrative level events

D. To identify non-administrative threats

Which programming interface enables you to perform activities on EPM objects via a REST Web Service?

A. EPM Web Services SDK

B. Application Password SDK

C. Mac Credential Provider SDK

D. Java password SDK

A company is looking to manage their Windows Servers and Desktops with CyberArk EPM. Management would like to define different default policies between the Windows Servers and Windows Desktops.

What should the EPM Administrator do?

A. In the Default Policies, exclude either the Windows Servers or the Windows Desktops.

B. Create Advanced Policies to apply different policies between Windows Servers and Windows Desktops.

C. CyberArk does not recommend installing EPM Agents on Windows Servers.

D. Create a separate Set for Windows Servers and Windows Desktops.

CyberArk EPM's Ransomware Protection comes with file types to be protected out of the box. If an EPM Administrator would like to remove a file type from Ransomware Protection, where can this be done?

A. Policy Scope within Protect Against Ransomware

B. Authorized Applications (Ransomware Protection) within Application Groups

C. Set Security Permissions within Advanced Policies

D. Protected Files within Agent Configurations

An EPM Administrator would like to enable a Threat Protection policy, however, the policy protects an application that is not installed on all endpoints.

What should the EPM Administrator do?

A. Enable the Threat Protection policy and configure the Policy Targets.

B. Do not enable the Threat Protection policy.

C. Enable the Threat Protection policy only in Detect mode.

D. Split up the endpoints in to separate Sets and enable Threat Protection for only one of the Sets.

What are the policy targeting options available for a policy upon creation?

A. AD Users and Groups, Computers in AD Security Groups, Servers

B. Computers in this set, Computers in AD Security Groups, Users and Groups

C. OS Computers, EPM Sets, AD Users

D. EPM Sets, Computers in AD Security Groups, AD Users and AD Security Groups

Where can you view CyberArk EPM Credential Lures events?

A. Application Catalog

B. Threat Protection Inbox

C. Events Management

D. Policy Audit

After a clean installation of the EPM agent, the local administrator password is not being changed on macOS and the old password can still be used to log in.

What is a possible cause?

A. Secure Token on macOS endpoint is not enabled.

B. EPM agent is not able to connect to the EPM server.

C. After installation, Full Disk Access for the macOS agent to support EPM policies was not approved.

D. Endpoint password policy is too restrictive.

How does a Trusted Source policy affect an application?

A. Applications will be allowed to run and will only elevate if required.

B. Applications will be allowed to run and will inherit the process token from the EPM agent.

C. Applications will be allowed to run always in elevated mode.

D. Application from the defined trusted sources must be configured on a per application basis, in order to define run and elevation parameters.

What is a valid step to investigate an EPM agent that is unable to connect to the EPM server?

A. On the end point, open a browser session to the URL of the EPM server.

B. Ping the endpoint from the EPM server.

C. Ping the server from the endpoint.

D. Restart the end point