Secret-Sen試験無料問題集（62題）「CyberArk Sentry

出題：1

During the configuration of Conjur, what is a possible deployment scenario?

A. The Leader cluster is deployed outside a Kubernetes environment; Followers and Standbys can run inside or outside the environment.

B. The Conjur Leader cluster is deployed outside of a Kubernetes environment; Followers can run inside or outside the environment.

C. The Conjur Leader cluster and Followers are deployed inside a Kubernetes environment.

D. The Leader and Followers are deployed outside of a Kubernetes environment; Slandbys can run inside a Kubernetes environment.

正解：A 解答を投票する

出題：2

What is the correct command to import the root CA certificate into Conjur?

A. docker exec <ContainerName> evoke import - -no-restart - -root <rootCA.cer>

B. docker exec <ContainerName> ca import <rootCA.cer>

C. docker exec <ContainerName> evoke ca import - -no-restart <rootCA.cer>

D. docker exec <ContainerName> evoke ca import - -no-restart - -root <rootCA.cer>

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

An application owner reports that their application is suddenly receiving an incorrect password. CPM logs show the password was recently changed, but the value currently being retrieved by the application is a different value. The Vault Conjur Synchronizer service is running.
What is the most likely cause of this issue?

A. The application has been configured to retrieve the wrong password.

B. The CPM is writing password changes to the Primary Vault while the Vault Conjur Synchronizer is configured to replicate from the DR Vault.

C. Dual Accounts are in use, but after the CPM changed the password for the Inactive account, it accidentally updated the password for the Active account instead.

D. The Vault Conjur Synchronizer is not configured with the DR Vault IP address and there has been a failover event.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Arrange the manual failover configuration steps in the correct sequence.

正解：

Explanation

In the event of a Leader failure, you can perform a manual failover to promote one of the Standbys to be the new Leader. The manual failover process consists of the following steps:
Suspend replication for all Standbys and Followers and identify the best failover candidate. This step ensures that no data is lost or corrupted during the failover process. The best failover candidate is the Standby with the most advanced replication timeline, which means it has the most up-to-date data from the Leader.
Promote the failover candidate to be the new Leader. This step changes the role of the failover candidate from a Standby to a Leader, and updates its configuration accordingly. The new Leader can now accept write requests from clients and replicate data to other nodes.
Restore replication. This step re-establishes the replication connections between the new Leader and the other nodes, and rebases the replication of the other Standbys and Followers to the new Leader. This ensures that all nodes have the same data and are in sync with the new Leader.
References: The manual failover configuration steps are explained in detail in the Configure Manual Failover section of the CyberArk Conjur Enterprise documentation. The image in the question is taken from the same source.

出題：5

Match each cloud platform to the correct Conjur authenticator.

正解：

Explanation

AWS -> authn-iam
Azure -> authn-azure
GCP -> authn-gcp
JWT Provider -> authn-jwt
Explanation: Conjur supports different authenticators for different cloud platforms. Each authenticator allows a resource or service running on the cloud platform to authenticate to Conjur using a unique identity token signed by the cloud provider. The following are the descriptions of each authenticator:
authn-iam: Enables an AWS resource to use its AWS IAM role to authenticate with Conjur. The resource sends a request to the AWS Security Token Service (STS) to get a signed AWS access token, and then sends the token to Conjur for verification.
authn-azure: Enables an Azure resource to authenticate with Conjur. The resource sends a request to the Azure Instance Metadata Service (IMDS) to get a signed Azure access token, and then sends the token to Conjur for verification.
authn-gcp: Enables a Google Cloud Platform resource to authenticate with Conjur. The resource sends a request to the Google Cloud Identity and Access Management (IAM) service to get a signed Google identity token, and then sends the token to Conjur for verification.
authn-jwt: Enables an application to authenticate to Conjur using a JWT from a JWT Provider. The application obtains a JWT from the JWT Provider, and then sends the JWT to Conjur for verification.
References: You can find more information about the Conjur authenticators in the following resources:
Supported Conjur Cloud authenticators
Configure Conjur Cloud authenticators
GCP Authenticator

出題：6

In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer than the configured TTL. A Standby has been promoted.
Which steps are required to repair the cluster when the old Leader is brought back online?

A. On the new Leader, generate a Standby seed for the old Leader node and re-upload the auto-failover policy in "replace" mode.Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

B. Generate standby seeds for the newly-promoted Leader and the 3rd Standby Stop and remove the containers and then rebuild them as new Standbys.
On both new Standbys, re-enroll the node to the cluster.

C. Generate a Standby seed for the newly promoted Leader.
Stop and remove the container on the new Leader, then rebuild it as a new Standby.
Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.

D. On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list.
Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

Secret-Sen試験無料問題集「CyberArk Sentry - Secrets Manager 認定」