Secret-Sen試験無料問題集（62題）「CyberArk Sentry

出題：1

When using the Seed Fetcher to deploy Kubernetes Followers, an error occurs in the Seed Fetcher container.
You check the logs and discover that although the Seed Fetcher was able to authenticate, it shows a 500 error in the log and does not successfully retrieve a seed file. What is the cause?

A. The synchronizer service crashed and needs to be restarted.

B. The Leader does not have the authenticator webservice enabled.

C. The host you configured does not have access to see the certificates.

D. The certificate based on the Follower DNS name is not present on the Leader.

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

A customer requires high availability in its AWS cloud infrastructure.
What is the minimally viable Conjur deployment architecture to achieve this?

A. two Followers in each region, load balanced for the region

B. two Followers in each region, load balanced across all regions

C. two Followers in each AZ. load balanced for the region

D. one Follower in each AZ. load balancer for the region

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Match each cloud platform to the correct Conjur authenticator.

正解：

Explanation

AWS -> authn-iam
Azure -> authn-azure
GCP -> authn-gcp
JWT Provider -> authn-jwt
Explanation: Conjur supports different authenticators for different cloud platforms. Each authenticator allows a resource or service running on the cloud platform to authenticate to Conjur using a unique identity token signed by the cloud provider. The following are the descriptions of each authenticator:
authn-iam: Enables an AWS resource to use its AWS IAM role to authenticate with Conjur. The resource sends a request to the AWS Security Token Service (STS) to get a signed AWS access token, and then sends the token to Conjur for verification.
authn-azure: Enables an Azure resource to authenticate with Conjur. The resource sends a request to the Azure Instance Metadata Service (IMDS) to get a signed Azure access token, and then sends the token to Conjur for verification.
authn-gcp: Enables a Google Cloud Platform resource to authenticate with Conjur. The resource sends a request to the Google Cloud Identity and Access Management (IAM) service to get a signed Google identity token, and then sends the token to Conjur for verification.
authn-jwt: Enables an application to authenticate to Conjur using a JWT from a JWT Provider. The application obtains a JWT from the JWT Provider, and then sends the JWT to Conjur for verification.
References: You can find more information about the Conjur authenticators in the following resources:
Supported Conjur Cloud authenticators
Configure Conjur Cloud authenticators
GCP Authenticator

出題：4

When attempting to retrieve a credential managed by the Synchronizer, you receive this error:

What is the cause of the issue?

A. The host does not have access to the credential.

B. The Vault Conjur Synchronizer has crashed and needs to be restarted.

C. The Conjur Leader has lost upstream connectivity to the Vault Conjur Synchronizer.

D. The path to the credential was not properly encoded.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

You are configuring the Conjur Cluster with 3rd-party certificates.
Arrange the steps to accomplish this in the correct sequence.

正解：

Explanation
The correct sequence of steps to configure the Conjur Cluster with 3rd-party certificates is as follows:
Import 3rd-party certificates to the Leader using the command: docker exec mycontainer evoke ca import --force --root <path-to-root-certificate> --chain <path-to-chain-certificate>1 Configure the Leader using the command: docker exec mycontainer evoke configure master
--accept-eula --hostname <load-balancer-dns> --admin-password <password> <account-name>1 Verify the Conjur Leader configuration using the command: docker exec mycontainer evoke role1 Configure the Standbys using the command: docker exec mycontainer evoke configure standby
--master-address <leader-ip-address> --master-fingerprint <leader-fingerprint>1 References: 1: Certificate requirements

出題：6

After manually failing over to your disaster recovery site (Site B) for testing purposes, you need to failback to your primary site (Site A).
Which step is required?

A. Contact CyberArk for a new license file.

B. Reconfigure the Vault Conjur Synchronizer to point to the new Conjur Leader.

C. Generate a seed for the new Leader to be deployed in Site A.

D. Trigger autofailover to promote the Standby in Site A to Leader.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

Secret-Sen試験無料問題集「CyberArk Sentry - Secrets Manager 認定」