ExamTopics Logo
Mail Us[email protected]
Menu
Cyberark Discussions
exam questions

Exam PAM-SEN All Questions

View all questions & answers for the PAM-SEN exam
Go to Exam

Exam PAM-SEN topic 1 question 20 discussion

Actual exam question from CyberArk's PAM-SEN
Question #: 20
Topic #: 1
[All PAM-SEN Questions]

A customer is moving from an on-premises to a public cloud deployment.
What is the best and most cost-effective option to secure the server key?

  • A. Install the Vault in the cloud the same way you would in an on-premises environment. Place the server key in a password protected folder on the operating system.
  • B. Install the Vault in the cloud the same way you would in an on-premises environment. Purchase a Hardware Security Module to secure the server key.
  • C. Install the Vault using the native cloud images and secure the server key using native cloud Key Management Systems.
  • D. Install the Vault using the native cloud images and secure the server key with a Hardware Security Module.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by penuelaandy at March 14, 2023, 9:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cavdog
7 months, 3 weeks ago
Selected Answer: C
The recommendation from Cyberark is to use KMS (as per the reference) however this would not be anywhere near as “cost-effective” as just storing them on the filesystem and securing them with NTFS permissions as per a normal on-prem deployment but my understanding is that this is strongly discouraged. There are also several difference between the cloud and on-prem installs therefore the statement “Install the Vault in the cloud the same way you would in an on-premises environment.” isn’t exactly true either. Therefore I'd say the answer is C. https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20Cloud/ChangeServerKeys-cloud.htm#:~:text=To%20ensure%20the%20security%20of%20the%20keys%20in%20AWS%2C%20it%20is%20recommended%20to%20follow%20AWS%20best%20practices%20and%20encrypt%20them%20with%20KMS.
upvoted 2 times
Cavdog
7 months, 3 weeks ago
mods, just delete this haha
upvoted 1 times
...
Cavdog
7 months, 3 weeks ago
Correction the paramter does exist I'm trippin >.< However there is no requirement for a passphrase and it will work without it.
upvoted 1 times
Cavdog
7 months, 3 weeks ago
The answer is A.
upvoted 1 times
...
...
...
pamlover
9 months, 2 weeks ago
Selected Answer: A
You would use CAVaultManager.exe ChangeAwsKeys to make new keys and store in the cloud. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PAS%20Cloud/ChangeServerKeys-cloud.htm#ChangetheserverkeyonthePrimaryVault
upvoted 1 times
...
Fabri59
11 months, 1 week ago
Selected Answer: C
The answer is C. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.6/en/Content/PAS%20Cloud/ChangeServerKeys-cloud.htm?tocpath=Installation%7CInstall%20Privileged%20Access%20Manager%20-%20Self-Hosted%C2%A0in%20a%20cloud%20environment%7CInstall%20the%20Digital%20Vault%20on%20the%20cloud%7C_____14
upvoted 2 times
...
marcosneves
1 year ago
Selected Answer: A
A is correct
upvoted 2 times
Riaan_M
1 year ago
Nope. This is NOT the cost-efficient choice.
upvoted 1 times
...
...
penuelaandy
1 year, 1 month ago
Selected Answer: C
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PAS%20Cloud/ChangeServerKeys-cloud.htm?TocPath=Installation%7CInstall%20PAM%C2%A0in%20a%20cloud%20environment%7CInstall%20the%20Digital%20Vault%20on%20the%20cloud%7C_____14
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago