CyberArk Secret-Sen 問題集

質問 1：
A customer wants to minimize the Kubernetes application code developers must change to adopt Conjur for secrets access.
Which solutions can meet this requirement? (Choose two.)
A. Application Server Credential Provider
B. Secretless
C. CPM Push-to-File
D. Secrets Provider
E. authn-Azure
正解：B,D
解説: (Topexam メンバーにのみ表示されます)

質問 2：
When installing the CCP and configuring it for use behind a load balancer, which authentication methods may be affected? (Choose two.)
A. Path
B. Allowed Machines authentication
C. [Client Certificate authentication
D. Hash
E. OS User
正解：B,C
解説: (Topexam メンバーにのみ表示されます)

質問 3：
If you rename an account or Safe, the Vault Conjur Synchronizer recreates these accounts and safes with their new name and deletes the old accounts or safes.
What does this mean?
A. The Vault-Conjur Synchronizer will recreate these accounts and safes with their exact same names.
B. Their permissions in Coniur must also be recreated to access them.
C. You can not rename an account or safe.
D. Their permissions in Coniur remain the same.
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 4：
You are setting up the Secrets Provider for Kubernetes to support rotation with Push-to-File mode.
Which deployment option should be used?
A. Init container
B. Service Broker
C. Sidecar
D. Application container
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 5：
Match each cloud platform to the correct Conjur authenticator.

正解：

Explanation

AWS -> authn-iam
Azure -> authn-azure
GCP -> authn-gcp
JWT Provider -> authn-jwt
Explanation: Conjur supports different authenticators for different cloud platforms. Each authenticator allows a resource or service running on the cloud platform to authenticate to Conjur using a unique identity token signed by the cloud provider. The following are the descriptions of each authenticator:
authn-iam: Enables an AWS resource to use its AWS IAM role to authenticate with Conjur. The resource sends a request to the AWS Security Token Service (STS) to get a signed AWS access token, and then sends the token to Conjur for verification.
authn-azure: Enables an Azure resource to authenticate with Conjur. The resource sends a request to the Azure Instance Metadata Service (IMDS) to get a signed Azure access token, and then sends the token to Conjur for verification.
authn-gcp: Enables a Google Cloud Platform resource to authenticate with Conjur. The resource sends a request to the Google Cloud Identity and Access Management (IAM) service to get a signed Google identity token, and then sends the token to Conjur for verification.
authn-jwt: Enables an application to authenticate to Conjur using a JWT from a JWT Provider. The application obtains a JWT from the JWT Provider, and then sends the JWT to Conjur for verification.
References: You can find more information about the Conjur authenticators in the following resources:
Supported Conjur Cloud authenticators
Configure Conjur Cloud authenticators
GCP Authenticator

質問 6：
You are configuring the Conjur Cluster with 3rd-party certificates.
Arrange the steps to accomplish this in the correct sequence.

正解：

Explanation
The correct sequence of steps to configure the Conjur Cluster with 3rd-party certificates is as follows:
Import 3rd-party certificates to the Leader using the command: docker exec mycontainer evoke ca import --force --root <path-to-root-certificate> --chain <path-to-chain-certificate>1 Configure the Leader using the command: docker exec mycontainer evoke configure master
--accept-eula --hostname <load-balancer-dns> --admin-password <password> <account-name>1 Verify the Conjur Leader configuration using the command: docker exec mycontainer evoke role1 Configure the Standbys using the command: docker exec mycontainer evoke configure standby
--master-address <leader-ip-address> --master-fingerprint <leader-fingerprint>1 References: 1: Certificate requirements