CyberArk SECRET-SEN Quiz 1 Topic 1 Questions 1-5

Question: 1

While retrieving a secret through REST, the secret retrieval fails to find a matching secret. You know the secret onboarding process was completed, the secret is in the expected safe with the expected object name, and the CCP is able to provide secrets to other applications.

What is the most likely cause for this issue?

AThe application ID or Application Provider does not have the correct permissions on the safe.

BThe client certificate fingerprint is not trusted.

CThe service account running the application does not have the correct permissions on the safe.

DThe OS user does not have the correct permissions on the safe

Show Answer

Question: 2

A customer has 100 .NET applications and wants to use Summon to invoke the application and inject secrets at run time.

Which change to the NET application code might be necessary to enable this?

AIt must be changed to include the REST API calls necessary to retrieve the needed secrets from the CCP.

BIt must be changed to access secrets from a configuration file or environment variable.

CNo changes are needed as Summon brokers the connection between the application and the backend data source through impersonation.

DIt must be changed to include the host API key necessary for Summon to retrieve the needed secrets from a Follower

Show Answer

Question: 3

You start up a Follower and try to connect to it with a REST call using the server certificate, but you get an SSL connection refused error.

What could be the problem and how should you fix it?

AThe certificate does not contain the Follower hostname as a Subject Alternative Name (SAN). Generate a new certificate for the Follower.

BOne of the PostgreSQL ports (5432. 1999) is blocked by the firewall Open those ports.

CPort 443 is blocked; open that port.

DThe certificate is unnecessary. Use the command option to suppress SSL certificate checking.

Show Answer

Question: 4

Refer to the exhibit.

q4_SECRET-SEN

How can you confirm that the Follower has a current copy of the database?

ACompare the pgcurrentxlog_locationlocation from the Leader to the Follower you need to validate against.

BCount the number of components in pgstartreplication and compare this to the total number of Followers in the deployment.

CValidate that the Follower container ID matches the node in the info endpoint on the Leader.

DRetrieve the credential from a test application on the Leader cluster; then retrieve against the Follower and compare if they are accurate.

Show Answer

Question: 5

In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer than the configured TTL. A Standby has been promoted.

Which steps are required to repair the cluster when the old Leader is brought back online?

AOn the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list.
Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.

BGenerate a Standby seed for the newly promoted Leader.
Stop and remove the container on the new Leader, then rebuild it as a new Standby.
Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.

CGenerate standby seeds for the newly-promoted Leader and the 3rd Standby
Stop and remove the containers and then rebuild them as new Standbys.
On both new Standbys, re-enroll the node to the cluster.

DOn the new Leader, generate a Standby seed for the old Leader node and re-upload the auto-failover policy in ''replace'' mode.
Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

Show Answer

CyberArk SECRET-SEN Quiz:1 Topic:1 Questions:1-5