CyberArk secret-sen practice test

A customer requires high availability in its AWS cloud infrastructure.
What is the minimally viable Conjur deployment architecture to achieve this?

• A. one Follower in each AZ. load balancer for the region
• B. two Followers in each region, load balanced for the region
• C. two Followers in each AZ. load balanced for the region
• D. two Followers in each region, load balanced across all regions

While installing the first CP in an environment, errors that occurred when the environment was
created are displayed; however, the installation procedure continued and finished successfully.
What should you do?

• A. Continue configuring the application to use the CP. No further action is needed since the successful installation makes the error message benign.
• B. Review the lag file 'CreateEnv.loq' and investigate any error messages it contains.
• C. Run setup.exe again and select 'Recreate Vault Environment'. Provide the details of a user with more privileges when prompted by the installer.
• D. Review the PV WA lags to determine which REST API call used during the installation failed.

What is the correct process to upgrade the CCP Web Service?

• A. Run “sudo yum update aimprv” from the CLI.
• B. Double-click the Credential Provider installer executable and select upgrade.
• C. Double-click the AimWebService.msi and select upgrade.
• D. Uninstall and reinstall the CCP Web Service.

In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer
than the configured TTL. A Standby has been promoted.
Which steps are required to repair the cluster when the old Leader is brought back online?

• A. On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list. Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.
• B. Generate a Standby seed for the newly promoted Leader. Stop and remove the container on the new Leader, then rebuild it as a new Standby. Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.
• C. Generate standby seeds for the newly-promoted Leader and the 3rd Standby Stop and remove the containers and then rebuild them as new Standbys. On both new Standbys, re-enroll the node to the cluster.
• D. On the new Leader, generate a Standby seed for the old Leader node and re-upload the auto- failover policy in “replace” mode. Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

When using the Seed Fetcher to deploy Kubernetes Followers, an error occurs in the Seed Fetcher
container. You check the logs and discover that although the Seed Fetcher was able to authenticate, it
shows a 500 error in the log and does not successfully retrieve a seed file. What is the cause?

• A. The certificate based on the Follower DNS name is not present on the Leader.
• B. The host you configured does not have access to see the certificates.
• C. The synchronizer service crashed and needs to be restarted.
• D. The Leader does not have the authenticator webservice enabled.

You are setting up the Secrets Provider for Kubernetes to support rotation with Push-to-File mode.
Which deployment option should be used?

• A. Init container
• B. Application container
• C. Sidecar
• D. Service Broker

What is the correct command to import the root CA certificate into Conjur?

• A. docker exec <ContainerName> evoke ca import – –no-restart – –root <rootCA.cer>
• B. docker exec <ContainerName> evoke import – –no-restart – –root <rootCA.cer>
• C. docker exec <ContainerName> evoke ca import – –no-restart <rootCA.cer>
• D. docker exec <ContainerName> ca import <rootCA.cer>

You start up a Follower and try to connect to it with a REST call using the server certificate, but you
get an SSL connection refused error.
What could be the problem and how should you fix it?

• A. The certificate does not contain the Follower hostname as a Subject Alternative Name (SAN). Generate a new certificate for the Follower.
• B. One of the PostgreSQL ports (5432. 1999) is blocked by the firewall Open those ports.
• C. Port 443 is blocked; open that port.
• D. The certificate is unnecessary. Use the command option to suppress SSL certificate checking.

When loading policy, you receive a 422 Response from Conjur with a message.
What could cause this issue?

• A. malformed Policy file
• B. incorrect Leader URL
• C. misconfigured Load Balancer health check
• D. incorrect Vault Conjur Synchronizer URL

After manually failing over to your disaster recovery site (Site B) for testing purposes, you need to
failback to your primary site (Site A).
Which step is required?

• A. Contact CyberArk for a new license file.
• B. Reconfigure the Vault Conjur Synchronizer to point to the new Conjur Leader.
• C. Generate a seed for the new Leader to be deployed in Site A.
• D. Trigger autofailover to promote the Standby in Site A to Leader.