Pass the CyberArk Sentry CPC-CDE-RECERT Questions and answers with Dumpstech

In the Privilege Cloud LDAP integration workflow, CyberArk lists the default maps (built-in directory maps) as:

Vault Admins

Safe managers

Auditors

Users

Since the question asks for the default roles in addition to Vault Admins and Auditors, the remaining two default map roles are Safe managers and Users, which correspond to A and D.

CyberArk’s Privilege Cloud procedure for adding account search properties states:

In the Privilege Cloud Portal, go to Administration > Configuration Options

Under Configurations, right-click Search Properties → Add Property

That is option B.

In the Shared Services model, MFA enforcement is done in CyberArk Identity / Identity Administration using Core Services > Policies:

To enforce MFA broadly, CyberArk documents configuring MFA for all users by enabling authentication policy controls and creating/assigning an authentication profile (the mechanisms/challenges).

To require users to set up MFA factors, CyberArk documents the setting under User Security Policies > User Account Settings where you specify the minimum number of authentication factors users must configure upon login.

Option B is the only choice that correctly points you to the right place and activity (Identity Administration Policies to configure authentication/MFA requirements and enrollment requirements).

CyberArk’s PSM hardening procedure for In Domain deployments explicitly recommends linking the hardening GPO to a dedicated OU and ensuring the CyberArk servers are located under that OU so the hardening GPO does not affect any other server.

This directly matches D.

CyberArk’s hardening instructions for SUSE (manual hardening) explicitly require:

Updating the SSH daemon configuration in /etc/ssh/sshd_config (for example, removing SFTP subsystem definitions and setting multiple hardening-related attributes such as disabling forwarding features).

Ensuring the credential file for the PSM for SSH gateway user (psmpgwuser.cred) has the required permissions 640 (default path shown as /etc/opt/CARKpsmp/Vault/psmpgwuser.cred).

Those map directly to A and C.

CyberArk’s official DR CPM procedure for Privilege Cloud (shared services) describes two key actions in this flow:

During installation (Connector Management): When prompted to select the CPM mode, choose Passive.

After installation (configuration step): Stop the CyberArk Password Manager service and set its startup type to Manual.

These map directly to answers C and A.

For Shared Services (ISPSS), CyberArk’s Identity Administration documentation states: “To provision users based on on-prem directory services, you must first install the Identity Connector.”

This is because Privilege Cloud Shared Services leverages CyberArk Identity directory services integration (via the Identity Connector) for AD/LDAP provisioning and authentication.

CyberArk defines MaxConcurrentConnections as: “The maximum number of connections that can be opened between the Central Policy Manager and the remote machine where the passwords are replaced.”

That is exactly option A.

To map LDAP users from both your customer and the smaller organization they have merged with, especially when there is no network connectivity between the two infrastructures, the best approach is to:

Deploy Identity Connectors in the newly acquired infrastructure and create user mappings (Option C). This involves setting up additional Identity Connectors within the smaller organization’s network. These connectors will facilitate the integration of user directories from both organizations into the customer’s Privilege Cloud environment.