Study Guide Version 1.0

CA Privileged Access Manager 3.xProven Implementation Professional Exam(CAT-661)

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

PROPRIETARY AND CONFIDENTIAL INFORMATION

© 2018 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner and CA Customer use only. No unauthorized use, copying or distribution. All names of individuals or of companies referenced herein are fictitious names used for instructional purposes only. Any similarity to any real persons or businesses is purely coincidental. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. These Materials are for your informational purposes only, and do not form any type of warranty. The use of any software or product referenced in the Materials is governed by the end user’s applicable license agreement. CA is the manufacturer of these Materials. Provided with “Restricted Rights.”

Copyright

Areas for Study

Exam Information

Exam Objectives

Exam Questions

Exam Security

c

Register for Exam

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

The Exam Experience Professional Exam DetailsYou can register to take an online proctored exam from your home or office using Kryterion’s Online Proctoring (OLP) Services, or you can take an on-site proctored exam at a Kryterion testing center. If you choose to take an online proctored exam, you will need Internet access, an external web camera, and a computer that meets specific hardware and software requirements.

For answers to frequently asked questions about registering for exams, locations, on-site and virtual proctoring, OLP equipment requirements, cancellation and re-scheduling policies and more, read our FAQs at http://www.ca.com/us/education/accreditations/certifications/certification-faq.aspx.CA employees may also go here for more

information: https://one.ca.com/education/certification

▪ Product release: Major release listed in the title; Includes subsequent point releases

▪ Recertification: There is no annual requirement to recertify for the same release of a product. For each major product release, an updated exam will be available for recertification.

▪ Number of items = 50▪ Item types = Multiple choice, including multiple response

questions▪ Time to complete test: 90 minutes▪ Passing score is 70%▪ Attempts Permitted: You may register for your first retake

immediately. For subsequent retakes you are required to wait at least thirty (30) calendar days from the date of your last attempt. Read the online FAQs for details.

Exam Information

IndexThe CA Technologies Certification Program is designed to measure your skills, knowledge, and expertise in managing, administering, installing, configuring and implementing select CA Technologies products for complete and optimized IT solutions. With CA certifications, management teams will have peace of mind that knowledgeable professionals are handling their CA Technologies applications.

Proctored by a third party vendor, KryterionOnline, CA Technologies certifications objectively validate the competencies of a project team –whether that team is your in-house staff, CA Technologies Professional Services, or a CA Technologies partner.

The aim of this document is to help you prepare for the CA Privileged Access Manager 3.x Proven Implementation Professional Exam. Make sure that you familiarize yourself with the content areas tested. Your best path to success is to attend the exam prep course(s).

You may also find it helpful to review the product documentation at https://docops.ca.com/home and to participate in CA Global User Community forums at https://communities.ca.com.

The experience gained from taking courses and using the product will help you: • Gain a comprehensive understanding of the product or solution • Increase the likelihood of passing the exam on your first attempt

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Only qualified candidates who demonstrate competency by successfully passing the CA Technologies certification exam will be awarded certification credentials. Prospective certification candidates are encouraged to prepare for the exam using the Exam Study Guide and other materials available on the Certification from CA Technologies website.

To safeguard the integrity of the certification program, CA Technologies requires all candidates to behave in an ethical manner and to comply with the rules of the third-party test center for on-site proctoring and on-line proctoring. The validity of the certification program depends on the exam content remaining secure and undisclosed to other potential certification candidates. CA Technologies will not tolerate cheating, fraud, or misconduct, which includes but is not limited to the following:

• Obtaining, whether through purchase or otherwise acquiring, unauthorized exam preparation materials from any non-CA website • Obtaining, whether through purchase or otherwise acquiring, unauthorized exam questions from any non-CA website, including brain

dump websites • Acquiring or attempting to acquire exam questions through online communities, chat rooms, screen capture software, forums, and

social networking sites • Acquiring or attempting to acquire exam content through CA Subject Matter Experts, CA Support Staff, or CA Certified Professionals • Using or attempting to use a proxy to sit for the exam in your place • Taking or attempting to take an exam for someone else • Receiving or giving assistance during an exam • Sharing exam questions or answers with a potential certification candidate • Violating testing center rules • Falsifying a diploma or score report • Using a CA Technologies certification logo or credential to which you are not entitled

CA Technologies reserves the right to take any actions it deems reasonably appropriate in the case of suspected misconduct or violation of the terms of the Non-Disclosure Agreement, including, but not limited to, cancelling an exam result, revoking exam or certification status, terminating use of the Designation, requiring a candidate to retake an exam, banning a candidate from the certification program, and reporting misconduct to the candidate’s employer. CA Technologies considers cheating a serious offense that warrants disciplinary action, up to and including termination of employment.

Exam Security

Index

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Areas of Study

Index

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Best Practices

Experience Prior Knowledge

support.ca.com

Use Cases & ScenariosPractical Application of Course Concepts

communities.ca.com

youtube.com/catechnologies

docops.ca.com

wiki.ca.com

developer.ca.com

Search the CA Education Portal for latest courses, as they may not have been available at the time of this document posting: ▪ Partners & Customers look here: http://education.ca.com▪ Employees look here: https://learn.ca.com/

For documentation, Communities, and more visit: https://docops.ca.com/homeRegister for the exam here: www.webassessor.com/catechnologies/index.html

For other relevant courseware, see the next page.

CA Privileged Access Manager 3.x Configuration Foundations 200• Instructor-led Training / Virtual Learning (ILT/VL)

04PIM204311 dayOR

• Web-Based Training (WBT)04PIM204301.25 hoursOR

• Dynamic Lab04PIM2043S2 hours

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Areas of Study

Index

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

CA Privileged Access Manager r3.x: Administration Foundations 200 (ILT/VL)04PIM203912 daysORCA Privileged Access Manager 3.X: Getting Started with CA PAM Objects and Dependencies 200 • 04PIM20449 Dynamic Labs 2.5 hours• 04PIM20440 WBT 1 hourCA Privileged Access Manager 3.X: Manage Access to Windows Servers 200• 04PIM20459 Dynamic Labs 1.5 hours• 04PIM20450 WBT .5 hoursCA Privileged Access Manager 3.X: Manage Access to UNIX/Linux Servers 200 • 04PIM2046S Dynamic Labs 1.25 hours• 04PIM20460 WBT .5 hoursCA Privileged Access Manager 3.X: Manage Access to Web Portals 200 • 04PIM2047S Dynamic Labs 1 hour• 04PIM20470 WBT .5 hoursCA Privileged Access Manager 3.X: Manage Access to RDP Published Applications 200 • 04PIM2048S Dynamic Labs 1.5 hours• 04PIM20480 WBT .5 hoursCA Privileged Access Manager 3.X: Improve Security with Credential Management 200 • 04PIM2049S Dynamic Labs 3 hours• 04PIM20490 WBT 1 hourCA Privileged Access Manager 3.X: Implement Command and Socket Filters 200 • 04PIM2050S Dynamic Labs 1 hour• 04PIM20500 eLearning .5 hours

CA Privileged Access Manager 3.X: Use Account Services and Task Discovery Tools 300• 04PIM3038S Dynamic Labs 2 hours• 04PIM30380 WBT 1 hourCA Privileged Access Manager r3.x: Implement the Application to Application Client 300• 04PIM3035S Dynamic Lab 2 hours• 04PIM30350 WBT 1 hourCA Privileged Access Manager 3.X: Use the Transparent Logon Learn Tool 300• 04PIM30390 WBT .5 hoursCA Privileged Access Manager r3.x: Use the Command Line Interface Tool and Java API 300• 04PIM3037S Dynamic Labs .5 hours• 04PIM30370 WBT .25 hoursCA Privileged Access Manager r3.x: Use the External API 300• 04PIM3036S Dynamic Labs 2 hours• 04PIM30360 WBT 1 hourCA Privileged Access Manager r3.x: Use the Management Console to Manage Large Installations 300• 04PIM3040S Dynamic Labs 2 hours• 04PIM30400 WBT 1 hour

Note: Relevant courseware is available in various formats. For more details, see the product learning path.

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

Exam Objectives

Exam objectives as they map to related courseware and the body of knowledge, including percentage of exam devoted to topics.

c

Register for Exam

Exam Objectives Related Content Exam FocusUnderstanding the Architecture and Features CA Privileged Access Manager 3.x Configuration Foundations 200 (04PIM20431,

04PIM20430, OR 04PIM2043S) Architecture and Feature Overview• Deployment Scenarios• Privileged Access Manager Architecture and Flow

8%

Configuring the Appliance CA Privileged Access Manager 3.x Configuration Foundations 200 (04PIM20431, 04PIM20430, OR 04PIM2043S) Appliance Configuration – Main Configuration

8%

Understanding Firewall Permissions CA Privileged Access Manager 3.x Configuration Foundations 200 (04PIM20431, 04PIM20430, OR 04PIM2043S) Firewall Permissions

2%

Getting Started with CA PAM Objects and Dependencies

CA Privileged Access Manager r3.x: Administration Foundations 200 (04PIM20391)CA PAM Objects and Dependencies• Components, Users, Services, Access PoliciesImport Users and Devices with LDAP GroupsORCA Privileged Access Manager 3.X: Getting Started with CA PAM Objects and Dependencies 200 (04PIM20449 OR 04PIM20440)

16%

Managing Access to Windows Servers CA Privileged Access Manager r3.x: Administration Foundations 200 (04PIM20391)Manage Access to Windows ServersORCA Privileged Access Manager 3.X: Manage Access to Windows Servers 200 (04PIM20459 OR 04PIM20450)

8%

Managing Access to Linux/UNIX Servers CA Privileged Access Manager r3.x: Administration Foundations 200 (04PIM20391)Manage Access to Linux/UNIX ServersORCA Privileged Access Manager 3.X: Manage Access to UNIX/Linux Servers 200 (04PIM2046S OR 04PIM20460)

4%

Managing Access To Web Portals CA Privileged Access Manager r3.x: Administration Foundations 200 (04PIM20391)Manage Access To Web PortalsORCA Privileged Access Manager 3.X: Manage Access to Web Portals 200 (04PIM2047S OR 04PIM20470)

4%

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Exam Objectives Related Content Exam FocusManaging Access to RDP Published Applications

CA Privileged Access Manager r3.x: Administration Foundations 200 (04PIM20391)Manage Access to RDP Published ApplicationsORCA Privileged Access Manager 3.X: Manage Access to RDP Published Applications 200 (04PIM2048S OR 04PIM20480)

6%

Improving Security with Credential Management

04PIM20391 CA Privileged Access Manager r3.x: Administration Foundations 200Improve Security with Credential ManagementORCA Privileged Access Manager 3.X: Improve Security with Credential Management 200(04PIM2049S OR 04PIM20490)

14%

Implementing Command and Socket Filters 04PIM20391 CA Privileged Access Manager r3.x: Administration Foundations 200Implement Command and Socket FiltersORCA Privileged Access Manager 3.X: Implement Command and Socket Filters 200 (04PIM2050S OR 04PIM20500)

6%

Implementing the Application to Application Client

CA Privileged Access Manager r3.x: Implement the Application to Application Client 300 (04PIM3035S or 04PIM30350)

4%

Using the External API CA Privileged Access Manager r3.x: Use the External API 300(04PIM3036S or 04PIM30360)

4%

Using Account Services and Task Discovery Tools

CA Privileged Access Manager 3.X: Use Account Services and Task Discovery Tools 300 (04PIM3038S or 04PIM30380)

8%

Understanding Recent Enhancements Documentation and Field ExperienceRecent Enhancements• LDAP Over SSL (LDAPS) Support• Compact Your Database• Scheduled Purge of Session Recordings• Multi-Site Clustering

8%

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

Sample Certification Exam Questions

These sample questions are very similar to the questions in the actual exam. Some questions may include several correct options.

c

Register for Exam

Questions Options

Question 1In CA PAM, security information and event management systems (SIEM) are leveraged for storing:

A. credential data.B. policy engine data.C. session applet data.D. recorded session and log data.

Question 2CA PAM supports Security Assertion Markup Language (SAML) 2.0 as anauthentication option. What does this enable you to do?

A. Integrate CA PAM as a Service Provider (SP) for an Identity Provider (IdP) such as CASingle Sign-On (CA SSO).

B. Use CA PAM as an IdP to connect to a rich client acting as an SP.C. Operate as an IdP or an SP for a web portal SSO connection.D. Operate as an IdP only for a web portal SSO connection.

Question 3You need a valid repository on CA PAM to store graphical session recording files. What can you use? (Choose three)

A. Amazon S3B. Google DriveC. Network File System (NFS)D. The local CA PAM applianceE. Common Internet File System (CIFS)

Question 4If a CA PAM implementation uses a Network Time Protocol (NTP) service:

A. any accessible NTP service can be used.B. the NTP service must be hosted in an FCC office.C. the NTP service must be hosted by CA Network services.D. the NTP service must be hosted on the same network as CA PAM.

Question 5When you are configuring the date and time settings for a CA PAM appliance, you CANNOT:

A. synchronize the date and time with a customized script output.B. manually set the date and time in the CA PAM UI.C. set a local Network Time Protocol (NTP) server.D. set an international NTP server.

Question 6By default, which port does CA PAM use to communicate with the Windows Proxy?

A. 443B. 27077C. 28088D. 49154

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Questions Options

Question 7What can you do after you load an Active Directory group from the CA PAM UI? (Choose two)

A. Delete the group.B. Refresh the group.C. Add a user to the group.D. Delete a user from the group.

Question 8By default, which role is assigned to CA PAM users?

A. MonitorB. Standard UserC. TroubleshooterD. User/Group Manager

Question 9In CA PAM, the purpose of roles is to enable users to perform permitted actions in the:

A. CA PAM UI.B. CA PAM appliance back end.C. target devices that they access through CA PAM.D. applications that are installed on the target devices that they access through CA PAM.

Question 10In CA PAM, which elements are required parts of an access policy? (Choose three)

A. UserB. DeviceC. ServiceD. PasswordE. Agent name

Question 11In CA PAM, what are the access time rules applied to?

A. UsersB. PolicyC. DevicesD. Device groups

Question 12In CA PAM, session recording:

A. stores files locally on the CA PAM appliance.B. is supported for console login to target devices.C. is supported for RDP, SSH, and Web access methods.D. produces files that can be played on commercially available media players.

Question 13In CA PAM 3.x, from which menu does an administrator start to import devices from LDAP?

A. Import > DevicesB. Import > Device GroupC. Devices > Manage DevicesD. Devices > Manage Device Groups

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Questions Options

Question 14In CA PAM, device autodiscovery:

A. only discovers WEB device types.B. only discovers SSH and RDP device types.C. has no limitation on the device types that can be discovered.D. only discovers services device types such as Microsoft SQL Server and Oracle.

Question 15What is defined in an SSH Key Pair policy?

A. A key type and lengthB. A dual authorization listC. A key pair rotation policyD. A master private key for managing keys

Question 16What is the purpose of a target group?

A. To define the systems a user can auto-connect toB. To define the accounts that can be assigned in a policyC. To define who will receive an email on an account view policyD. To define the accounts and applications available for use in a role

Question 17When you create a dynamic target group, which fields are available for configuring dynamic filters? (Choose three)

A. Host NameB. Service NameC. Account NameD. Application Type

Question 18You can set a Change Password On Connection End option for a password view policy. If set, a password that is used to establish a connection, such as RDP or SSH, is automatically changed. When is the change implemented? (Choose two)

A. When the connection times outB. Immediately after the connection is closedC. When the CA PAM session is closed by the userD. Immediately before the next connection to the server

Question 19Windows services and scheduled tasks are discovered through which target connector?

A. AWS ProxyB. Windows LocalC. Windows ProxyD. Windows Domain Services

Question 20When you upgrade from CA PAM 2.x to 3.x, which major change will you notice in the UI? (Choose two)

A. The CA PAM Client is now mandatory of most tasks.B. A unified interface to manage device and credentialsC. An improved Access page, which includes the ability to filterD. The ability to change the look and feel by using custom themes

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Answers

Question 1 = DQuestion 2 = CQuestion 3 = A, C, and EQuestion 4 = AQuestion 5 = AQuestion 6 = BQuestion 7 = A and BQuestion 8 = BQuestion 9 = AQuestion 10 = A, B, and CQuestion 11 = AQuestion 12 = CQuestion 13 = DQuestion 14 = CQuestion 15 = AQuestion 16 = DQuestion 17 = A, C, and DQuestion 18 = A and BQuestion 19 = CQuestion 20 = B and C

Index

CA Privileged Access Manager 3.x Proven Implementation Professional Exam (CAT-661)

© 2018 CA. ALL RIGHTS RESERVED.

Exam Information

Areas for Study

Exam Objectives

Exam Security

Copyright

Exam Questions

c

Register for Exam

Register for the Exams

To register and pay for any of the Proven Implementation Professional certification exams, visit our third party testing

partner, Kryterion Online.

Each exam attempt costs $150. Payment and vouchers are only accepted during registration and scheduling on the third party website.

We are not able to process payment for Proven Implementation Professional exams on the LMS Training Portal.