SECRET-SEN Exam Details

  • Exam Code
    :SECRET-SEN
  • Exam Name
    :CyberArk Sentry - Secrets Manager
  • Certification
    :CyberArk Certifications
  • Vendor
    :CyberArk
  • Total Questions
    :60 Q&As
  • Last Updated
    :Jul 08, 2026

CyberArk SECRET-SEN Online Questions & Answers

  • Question 31:

    In a 3-node auto-failover cluster, the Leader has been brought down for patching that lasts longer than the configured TTL. A Standby has been promoted.

    Which steps are required to repair the cluster when the old Leader is brought back online?

    A. On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list. Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.
    B. Generate a Standby seed for the newly promoted Leader. Stop and remove the container on the new Leader, then rebuild it as a new Standby. Re-enroll the Standby to the cluster and re-base replication of the 3rd Standby back to the old Leader.
    C. Generate standby seeds for the newly-promoted Leader and the 3rd Standby Stop and remove the containers and then rebuild them as new Standbys. On both new Standbys, re-enroll the node to the cluster.
    D. On the new Leader, generate a Standby seed for the old Leader node and re-upload the auto-failover policy in "replace" mode. Rebuild the old Leader as a new Standby, then re-enroll the node to the cluster.

  • Question 32:

    When using the Seed Fetcher to deploy Kubernetes Followers, an error occurs in the Seed Fetcher container. You check the logs and discover that although the Seed Fetcher was able to authenticate, it shows a 500 error in the log and does not successfully retrieve a seed file. What is the cause?

    A. The certificate based on the Follower DNS name is not present on the Leader.
    B. The host you configured does not have access to see the certificates.
    C. The synchronizer service crashed and needs to be restarted.
    D. The Leader does not have the authenticator webservice enabled.

  • Question 33:

    When attempting to retrieve a credential, you receive an error 401 ?Malformed Authorization Token.

    What is the cause of the issue?

    A. The token is not correctly encoded.
    B. The token you are trying to retrieve does not exist.
    C. The host does not have access to the credential with the current token.
    D. The credential has not been initialized.

  • Question 34:

    When loading policy, you receive a 422 Response from Conjur with a message.

    What could cause this issue?

    A. malformed Policy file
    B. incorrect Leader URL
    C. misconfigured Load Balancer health check
    D. incorrect Vault Conjur Synchronizer URL

  • Question 35:

    Where can all the self-signed/imported certificates be found in Conjur?

    A. /opt/conjur/etc/ssl from the Conjur containers
    B. /opt/conjur/certificates from the Conjur containers
    C. /opt/cyberark/dap/certs from the Conjur containers
    D. Log in to the Conjur UI > Conjur Cluster > Certificates > view.

  • Question 36:

    DRAG DROP

    You are configuring the Conjur Cluster with 3rd-party certificates.

    Arrange the steps to accomplish this in the correct sequence.

    Select and Place:

  • Question 37:

    DRAG DROP

    Arrange the manual failover configuration steps in the correct sequence.

    Select and Place:

  • Question 38:

    Refer to the exhibit.

    How can you confirm that the Follower has a current copy of the database?

    A. Compare the pgcurrentxlog_locationlocation from the Leader to the Follower you need to validate against.
    B. Count the number of components in pgstartreplication and compare this to the total number of Followers in the deployment.
    C. Validate that the Follower container ID matches the node in the info endpoint on the Leader.
    D. Retrieve the credential from a test application on the Leader cluster; then retrieve against the Follower and compare if they are accurate.

  • Question 39:

    What does "Line of business (LOB)" represent?

    A. a business group requiring access to secrets from the Vault/Privilege Claud to facilitate syncing accounts to Conjur
    B. the services that Conjur offers and typically refers to a group of application identities in Conjur
    C. a business group that meets a certain set of Conjur policies for entitlements and policy management
    D. the services that Conjur offers and typically refers to the list of configured and enabled authenticators in Conjur

  • Question 40:

    You start up a Follower and try to connect to it with a REST call using the server certificate, but you get an SSL connection refused error.

    What could be the problem and how should you fix it?

    A. The certificate does not contain the Follower hostname as a Subject Alternative Name (SAN). Generate a new certificate for the Follower.
    B. One of the PostgreSQL ports (5432. 1999) is blocked by the firewall Open those ports.
    C. Port 443 is blocked; open that port.
    D. The certificate is unnecessary. Use the command option to suppress SSL certificate checking.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CyberArk exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SECRET-SEN exam preparations and CyberArk certification application, do not hesitate to visit our Vcedump.com to find your solutions here.