Get Ping Identity PAP-001 Exam Practice Questions - Real and Updated

Answer : B, C

Step-up authentication in PingAccess is enforced through Authentication Requirement Rules. If users are not prompted, the likely issues are:

The rule is missing from the application/resource.

The rule's minimum authentication context does not include MFA.

Exact Extract:

''Authentication requirement rules determine whether PingAccess will challenge a user with additional authentication (such as MFA). Ensure that the rule is applied to the resource and that the authentication context is set correctly.''

Option A is incorrect --- rejection handlers define error handling, not MFA enforcement.

Option B is correct --- verify the authentication requirement rule is applied.

Option C is correct --- ensure the rule contains the right MFA requirements.

Option D is incorrect --- identity mappings do not enforce step-up authentication.

Option E is incorrect --- token validation rules check validity, not MFA levels.

Answer : C, E

The run.properties file in PingAccess is the primary configuration file that defines system-level runtime behavior. According to PingAccess documentation:

Exact Extract:

''The run.properties file contains configuration properties for PingAccess, including operational mode, logging levels, admin authentication fallback, cluster settings, and system defaults.''

(PingAccess Administrator's Guide -- run.properties Reference)

From this, we can determine:

C . Operational mode for PingAccess Correct

The property pa.operational.mode in run.properties defines whether the node operates as STANDALONE, CLUSTERED_CONSOLE, CLUSTERED_CONSOLE_REPLICA, or CLUSTERED_ENGINE. This is one of the core configurable options.

E . Logging levels Correct

Properties such as log.level and other logging configurations are explicitly defined in run.properties, allowing administrators to adjust the verbosity of logs (DEBUG, INFO, WARN, ERROR).

Why the others are incorrect:

A . Default logs location Incorrect

The log file path is not controlled via run.properties. It is defined in log4j2.xml, not in run.properties.

B . URL for heartbeat endpoint Incorrect

The heartbeat endpoint (/pa/heartbeat.ping) is a fixed system endpoint and is not configurable in run.properties.

D . X-Frame-Options header Incorrect

Security headers like X-Frame-Options are managed under application security policies or global response headers, not in run.properties.

PingAccess Administrator's Guide -- run.properties Reference (section describing pa.operational.mode and logging configuration properties).

Answer : B

Legacy PKIs often provide certificate chains that are out of order or non-compliant with RFC-5280 path validation. PingAccess provides an option in Trusted Certificate Groups called Validate disordered certificate chains to allow chaining even if the order is not RFC-5280 compliant.

Exact Extract:

''Enable Validate disordered certificate chains when the certificate chain is not in RFC-5280 compliant order but should still be accepted.''

Option A is incorrect; using the Java trust store is unrelated to PKI ordering.

Option B is correct --- this setting allows PingAccess to process disordered certificate chains.

Option C is incorrect; date checks are unrelated to RFC-5280 path ordering.

Option D is incorrect; revocation status handling does not address legacy PKI ordering issues.

Answer : C

The property engine.ssl.protocols in run.properties specifies the TLS protocol versions that PingAccess engines will support for incoming HTTPS traffic.

Exact Extract:

''The engine.ssl.protocols property configures which TLS versions are enabled for HTTPS listeners.''

Option A (ciphers) is incorrect --- cipher suites are defined separately, not in this property.

Option B (HTTPS port) is incorrect --- the port is defined in the engine listener, not here.

Option C (TLS versions) is correct --- this property controls TLS version support (e.g., TLSv1.2, TLSv1.3).

Option D (clustering) is incorrect --- clustering does not depend on this property.

Answer : D

When APIs are remote, latency is introduced by frequent token validation requests. Enabling Cache Token on the OAuth Resource Server reduces repeated validation calls and improves performance.

Exact Extract:

''The OAuth Resource Server configuration includes a Cache Token option that improves performance by reducing round trips for token validation.''

Option A is incorrect --- key rolling affects cryptographic keys, not API latency.

Option B is incorrect --- virtual hosts control external FQDNs, not performance.

Option C is incorrect --- token attribute size does not significantly affect remote latency.

Option D is correct --- caching tokens reduces validation overhead.