ExamTopics Logo
Mail Us[email protected]
Menu
Cyberark Discussions
exam questions

Exam PAM-SEN All Questions

View all questions & answers for the PAM-SEN exam
Go to Exam

Exam PAM-SEN topic 1 question 18 discussion

Actual exam question from CyberArk's PAM-SEN
Question #: 18
Topic #: 1
[All PAM-SEN Questions]

To enable LDAP over SSL for a Vault when DNS lookups are blocked, which step must be completed?

  • A. Add the FQDN & IP details for each LDAP host into the local hosts file of the Vault server.
  • B. Configure an AllowNonStandardFWAddresses rule in DBParm.ini on the Vault to allow outbound TCP 53 to the organization’s DNS servers.
  • C. Ensure LDAP hosts added to the directory mapping configuration are defined using only IP addresses.
  • D. Set the ReferralsDNSLookup parameter value to “No” in the directory configuration.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by penuelaandy at March 14, 2023, 9:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cavdog
9 months, 2 weeks ago
Selected Answer: A
Enabling DNS (and associated firewall rules) on the Vault is strongly as it increases the attack surface of the system. Therefore hostname and IPs should be added to the hosts file locallt on the Vault. https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1#:~:text=In%20the%20%25systremroot%25%5CSystem32%5CDrivers%5CEtc%5Chosts%20file%2C%20define%20the%20DNS%20of%20the%20LDAP%20host
upvoted 2 times
...
Fabri59
1 year, 1 month ago
Selected Answer: A
The answer is A. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.6/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1
upvoted 2 times
...
Riaan_M
1 year, 2 months ago
A is correct. If the PVWA or CPM cannot resolve the domain name, add DNS server configuration to the PVWA or CPM network interface configuration. 10.10.10.10 dc1.mydomain.com As the Vault cannot be configured with a DNS server, add a row to the HOSTS file for every domain controller that specifies the IP address and corresponding domain name.
upvoted 2 times
...
penuelaandy
1 year, 3 months ago
Selected Answer: A
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1#ConfigureLDAPoverSSLconnectionsrecommended
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel