CA Privileged Identity Manager r12.x Implementation … aim of this document is to help you prepare...
13
Study Guide Version 1.5 CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
Transcript of CA Privileged Identity Manager r12.x Implementation … aim of this document is to help you prepare...
Study Guide Version 1.5
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
PROPRIETARY AND CONFIDENTIAL INFORMATION
© 2016 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized use, copying or distribution. All names of individuals or of companies referenced herein are fictitious names used for instructional purposes only. Any similarity to any real persons or businesses is purely coincidental. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. These Materials are for your informational purposes only, and do not form any type of warranty. The use of any software or product referenced in the Materials is governed by the end user’s applicable license agreement. CA is the manufacturer of these Materials. Provided with “Restricted Rights.” Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
The Exam Experience Professional Exam DetailsYou can register to take an online proctored exam from your home or office using Kryterion’s Online Proctoring (OLP) Services, or you can take an on-site proctored exam at a Kryterion testing center. If you choose to take an online proctored exam, you will need Internet access, an external web camera, and a computer that meets specific hardware and software requirements.
For answers to frequently asked questions about registering for exams, locations, on-site and virtual proctoring, OLP equipment requirements, cancellation and re-scheduling policies and more, read our FAQs at http://www.ca.com/us/education/accreditations/certifications/certification-faq.aspx.CA employees may also go here for more
information: https://one.ca.com/education/certification
Product release: Major release listed in the title; Includes subsequent point releases
Recertification: There is no annual requirement to recertify for the same release of a product. For each major product release, an updated exam will be available for recertification.
Number of items = 50 Item types = Multiple choice, including multiple response
questions Time to complete test: 90 minutes Passing score is 70% Attempts Permitted: You may register for your first retake
immediately. For subsequent retakes you are required to wait at least thirty (30) calendar days from the date of your last attempt. Read the online FAQs for details.
Exam Information
IndexThe CA Technologies Certification Program is designed to measure your skills, knowledge, and expertise in managing, administering, installing, configuring and implementing select CA Technologies products for complete and optimized IT solutions. With CA certifications, management teams will have peace of mind that knowledgeable professionals are handling their CA Technologies applications.
Proctored by a third party vendor, KryterionOnline, CA Technologies certifications objectively validate the competencies of a project team –whether that team is your in-house staff, CA Technologies Professional Services, or a CA Technologies partner.
The aim of this document is to help you prepare for CA Privileged Identity Manager (ControlMinder) r12.x Implementation Proven Professional Exam. Make sure that you familiarize yourself with the content areas tested. Your best path to success is to attend the exam prep course(s).
You may also find it helpful to review the product documentation at https://support.ca.com and to participate in CA Global User Community forums at https://communities.ca.com.
The experience gained from taking courses and using the product will help you: • Gain a comprehensive understanding of the product or solution • Increase the likelihood of passing the exam on your first attempt
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Only qualified candidates who demonstrate competency by successfully passing the CA Technologies certification exam will be awarded certification credentials. Prospective certification candidates are encouraged to prepare for the exam using the Exam Study Guide and other materials available on the Certification from CA Technologies website.
To safeguard the integrity of the certification program, CA Technologies requires all candidates to behave in an ethical manner and to comply with the rules of the third-party test center for on-site proctoring and on-line proctoring. The validity of the certification program depends on the exam content remaining secure and undisclosed to other potential certification candidates. CA Technologies will not tolerate cheating, fraud, or misconduct, which includes but is not limited to the following:
• Obtaining, whether through purchase or otherwise acquiring, unauthorized exam preparation materials from any non-CA website • Obtaining, whether through purchase or otherwise acquiring, unauthorized exam questions from any non-CA website, including brain
dump websites • Acquiring or attempting to acquire exam questions through online communities, chat rooms, screen capture software, forums, and
social networking sites • Acquiring or attempting to acquire exam content through CA Subject Matter Experts, CA Support Staff, or CA Certified Professionals • Using or attempting to use a proxy to sit for the exam in your place • Taking or attempting to take an exam for someone else • Receiving or giving assistance during an exam • Sharing exam questions or answers with a potential certification candidate • Violating testing center rules • Falsifying a diploma or score report • Using a CA Technologies certification logo or credential to which you are not entitled
CA Technologies reserves the right to take any actions it deems reasonably appropriate in the case of suspected misconduct or violation of the terms of the Non-Disclosure Agreement, including, but not limited to, cancelling an exam result, revoking exam or certification status, terminating use of the Designation, requiring a candidate to retake an exam, banning a candidate from the certification program, and reporting misconduct to the candidate’s employer. CA Technologies considers cheating a serious offense that warrants disciplinary action, up to and including termination of employment.
Exam Security
Index
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Best Practices
Prior Knowledgecawiki.ca.com
support.ca.com
CA Tech Insider
Practical Application of Course Concepts
Areas of Study
Index
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
CA ControlMinder r12.8 Courses: 04CMR20060 CA ControlMinder 12.8: Introduction and Architecture 200 (0.5 hours) 04CMR20041 CA ControlMinder 12.8: Implementation 200 (2 days) 04CMR20051 CA ControlMinder 12.8: Core Administration 200 (2 days) 04CMR20071 CA ControlMinder 12.8: Using UNIX Authentication Broker 200 (1 day) 04CMR20081 CA ControlMinder 12.8: Using Shared Account Management 200 (1 day)
Search the CA Education Portal for latest courses, as they may not have been available at the time of this document posting: Partners & Customers look here: http://education.ca.com Employees look here: https://learn.ca.com/
For documentation, Communities, and more visit: https://support.ca.com
Register for the exam here: www.webassessor.com/catechnologies/index.html
communities.ca.com Use Cases & Scenarios
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
Exam Objectives Related Content Exam FocusUnderstanding CA ControlMinder 04CMR20060 CA ControlMinder 12.8: Introduction and Architecture 200
Introduction • Describe the Key Capabilities of CA ControlMinder• Describe the Components of the Enterprise Deployment Architecture
4%
Installing CA ControlMinder Server Components
04CMR20041 CA ControlMinder 12.8: Implementation 200 Install CA ControlMinder Server Components • Identify Guidelines for Implementing an Enterprise Deployment of CA ControlMinder• Install CA ControlMinder Enterprise Management
4%
Configuring JBoss and Enterprise Management for SSL Communication
04CMR20041 CA ControlMinder 12.8: Implementation 200 Configure JBoss and Enterprise Management for SSL Communication • Configure Enterprise Management for SSL Communication
2%
Installing the CA ControlMinder Reporting Service Server Components
04CMR20041 CA ControlMinder 12.8: Implementation 200 Install the CA ControlMinder Reporting Service Server Components • Describe the CA ControlMinder Reporting Service Server Components • Install the CA ControlMinder Reporting Service Server Components
4%
Configuring the Reporting Service Server Components
04CMR20041 CA ControlMinder 12.8: Implementation 200 Configure the Reporting Service Server Components • Deploy Report Packages • Configure the Connection to CA Business Intelligence
4%
Installing the Endpoints 04CMR20041 CA ControlMinder 12.8: Implementation 200 Install the Endpoints • Install a Windows Endpoint • Install a UNIX Endpoint
4%
Configuring the Endpoints 04CMR20041 CA ControlMinder 12.8: Implementation 200 Configure the Endpoints • Configure Endpoints for Advanced Policy Management • Configure Endpoint Encryption, Reporting, and Enterprise Users
Documentation at support.ca.com, Field Experience • Identify Classes for Advanced Policy Management • Install Advanced Policy Management Components
20%
Exam Objectives
Exam objectives as they map to related courseware and the body of knowledge, including percentage of exam devoted to topics.
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
Exam Objectives Related Content Exam FocusExtending CA ControlMinder 04CMR20041 CA ControlMinder 12.8: Implementation 200
Extend CA ControlMinder• Describe CA ControlMinder Integration with CA User Activity Reporting Module • Deploy Additional Servers to Handle Endpoint Capacity
4%
Troubleshooting CA ControlMinder 04CMR20041 CA ControlMinder 12.8: Implementation 200 Troubleshoot CA ControlMinder• Identify Troubleshooting Techniques in CA ControlMinder
2%
Managing Users and Groups 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Manage Users and Groups • Manage Enterprise Management Users and Groups • Assign Roles to Enterprise Management Users • Manage Users and Groups
8%
Controlling Access to Resources 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Control Access to Resources • Describe Resources • Enforce Access Rights • Set up Default Object Protections
6%
Controlling User Access 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Control User Access • Control User ID Substitution • Prevent Password Attacks
4%
Protecting Files and Programs 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Protect Files and Programs • Protect Files and Directories • Protect Sensitive Programs and Files from Tampering
4%
Protecting Servers 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Protect Servers • Protect Network Access
2%
Protecting Windows Services and the Registry 04CMR20051 CA ControlMinder 12.8: Core Administration 200 Protect Windows Services and the Registry • Protect Windows Services • Protect Registry Keys
8%
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
Exam Objectives Related Content Exam FocusManaging Policies 04CMR20051 CA ControlMinder 12.8: Core Administration 200
Manage Policies • Create CA ControlMinder Policies • Deploy CA ControlMinder Policies • Update CA ControlMinder Policies
6%
Introducing the UNIX Authentication Broker 04CMR20071 CA ControlMinder 12.8: Using UNIX Authentication Broker 200 Introducing the UNIX Authentication Broker • Describe the Integration Modes in UNAB
2%
Working with UNAB 04CMR20071 CA ControlMinder 12.8: Using UNIX Authentication Broker 200 Working with UNAB • Register a UNIX Host in Active Directory
2%
Understanding Shared Account Management 04CMR20081 CA ControlMinder 12.8: Using Shared Account Management 200 Describe Shared Account Management • Define Shared Account Management
2%
Implementing SAM 04CMR20081 CA ControlMinder 12.8: Using Shared Account Management 200 Implement SAM • Set Up Shared Accounts • Import Endpoints and Accounts
6%
Implementing Redundancy and Failover Documentation at support.ca.com, Field Experience Implement Redundancy and Failover • Set Up DH Redundancy and Failover
2%
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
Sample Certification Exam Questions
These sample questions are very similar to the questions in the actual exam. Some questions may include several correct options.
Questions Options
Question 1Why do large organizations need to implement controls for privileged users? (Choose two)
A. Privileged users can abuse their authority. B. Privileged users pose a particularly significant threat to network and data security. C. Insider attacks are increasingly difficult to prevent and detect because they are only initiated by privileged users. D. External attackers seek to gain access to privileged identities directly, and do not tend to escalate access from unprivileged accounts.
Question 2Which solution scenario applies to organizations concerned with meeting government regulations and guidelines?
A. Proving Compliance B. Managing Headcount C. Lowering Costs through Secure Virtualization D. Preventing Security Breaches from Insiders and External Attackers
Question 3Examples of key capabilities of CA ControlMinder include: (Choose three)
A. secure auditing. B. policy-based compliance reporting. C. Shared Account Management (SAM). D. an in-built Web Access Management System (WAM). E. Pluggable Authentication Modules (PAMs) to protect key ports.
Question 4What does the Enterprise Reporting facility do? (Choose three)
A. Displays data from the CA ControlMinder central database B. Presents useful views of the CA ControlMinder infrastructure status C. Provides textual and graphical information about CA ControlMinder endpoints D. Facilitates the deployment of CA ControlMinder policies to enterprise endpoints E. Notifies the Advanced Policy Management component that the endpoint is active
Question 5You can install CA ControlMinder r12.8 Enterprise Management on:
A. Oracle Solaris 11. B. CentOS Linux 64-bit. C. Red Hat Linux 32-bit. D. Red Hat Linux 64-bit.
Question 6You need to check if snapshots are reaching the central database. Which component should you examine to determine if there are communication issues?
A. Report Portal B. Message Queue (MQ) C. Endpoint Management D. Deployment Map Server (DMS)
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Questions Options
Question 7The Report Agent is a process on: (Choose three)
A. the Distribution Server. B. the Enterprise Management Server. C. the CA User Activity Reporting Server. D. each CA ControlMinder or UNIX Authentication Broker (UNAB) endpoint.
Question 8Which Distribution Server component is configured to receive reporting data from endpoints?
A. Central database B. Message Queue (MQ) C. Deployment Map Server (DMS) D. CA Business Intelligence (CABI)
Question 9You can install CA ControlMinder endpoints on:
A. Windows Server 2008 SP1. B. all editions of Windows 2000 Server. C. only one edition of Windows Server 2003. D. enterprise edition server operating systems only.
Question 10You are installing CA ControlMinder on a UNIX endpoint. What is the minimum memory requirement?
A. 128 MB B. 256 MB C. 1 GB D. 3 GB
Question 11In Enterprise Management, you can list the endpoints by: (Choose three)
A. priority. B. host group. C. deployed policies. D. operating system. E. access control rules.
Question 12Which class identifies a collection of endpoints that will receive the same POLICY?
A. GPOLICY B. GHNODE C. GRULESET D. GDEPLOYMENT
Question 13What should a POLICY class include? (Choose two)
A. A descriptive base name B. A tag to indicate function C. A user or group definition D. An ampersand (&) to indicate the version
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Questions Options
Question 14Which Advanced Policy Management Server database handles the distribution of POLICY?
A. DH__ B. EAR__ C. DMA__ D. DH__WRITER
Question 15You need to create an environment to provision accounts to various endpoint systems. Which product do you integrate with CA ControlMinder?
A. CA IdentityMinderB. CA Single Sign-On C. CA GovernanceMinderD. CA Security Compliance Manager
Question 16Which troubleshooting action is used to clean an endpoint, and its status on the Deployment Map Server (DMS), from all policy deployments and Advanced Policy Management properties?
A. Reset B. Restore C. Redeploy D. Undeploy
Question 17USER and XUSER class properties can be (Choose three):
A. hidden. B. viewable only. C. public or private. D. viewable and modifiable.
Question 18One of the benefits of CA ControlMinder file protection is that you can:
A. synchronize UNIX and Windows policy access control lists (ACLs). B. extend operating system ACLs to match policy. C. synchronize MAC and Windows ACLs. D. exclude Superuser edits.
Question 19Which controls do PROGRAM class records implement? (Choose three)
A. Trojan blocking B. Integrity checking C. Integrity recovery D. SUID executable monitoring
Question 20To process the rules in the HOST class, which class must be disabled?
A. TCP B. GHOST C. HOSTNP D. NETWORK
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Questions Options
Question 21When you are configuring Windows registry and service protection, which wildcard can you use to represent any sequence of zero or more characters?
A. Tilde (~) B. Asterisk (*) C. Ampersand (&) D. Forward slash (/)
Question 22Which user activities can CA ControlMinder limit?
A. BIOS edits B. Registry edits C. Database edits D. Active Directory edits
Question 23Before you can install UNIX Authentication Broker on Linux, which commands do you need to run? (Choose two)
A. rpm –U ca-lic-0.0080-04.i386.rpm B. uxpreinstall –a <administrator> –w <password> C. customize_uxauth_rpm –w proceed <CM_rpm_filename> D. customize_uxauth_rpm –w proceed <UNAB_rpm_filename>
Question 24Which statements about failover and recovery concepts are TRUE? (Choose two)
A. IT best practice requires the production and disaster recovery (DR) systems to be in the same location. B. Geographical separation is not conducive to standard high-availability (HA) clustering. C. Endpoint security depends on CA ControlMinder Enterprise Management server components being available. D. The CA ControlMinder server components may or may not be considered mission critical, because endpoints will continue enforcing security even if Enterprise Management and Distribution Servers are offline.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
c
Index
CA Privileged Identity Manager r12.x (CA ControlMinder) Implementation Proven Professional Exam (CAT-480)
© 2016 CA. ALL RIGHTS RESERVED.
Exam Information
Areas for Study
Exam Objectives
Exam Security
Copyright
Exam Questions
Answers
Question 1 = A and B Question 2 = A Question 3 = A, B, and C Question 4 = A, B, and C Question 5 = D Question 6 = B Question 7 = A, B, and D Question 8 = B Question 9 = A Question 10 = C Question 11 = B, C, and E Question 12 = B Question 13 = A and B Question 14 = A Question 15 = A Question 16 = A Question 17 = A, B, and D Question 18 = A Question 19 = A, B, and D Question 20 = A Question 21 = B Question 22 = B Question 23 = A and D Question 24 = B and D
c
