- 100 Actual Exam Questions
- Compatible with all Devices
- Printable Format
- No Download Limits
- 90 Days Free Updates
Get All Certified Professional - PingAM Exam Questions with Validated Answers
| Vendor: | Ping Identity |
|---|---|
| Exam Code: | PT-AM-CPE |
| Exam Name: | Certified Professional - PingAM Exam |
| Exam Questions: | 100 |
| Last Updated: | July 6, 2026 |
| Related Certifications: | Ping Identity Certifications |
| Exam Tags: | Professional |
Looking for a hassle-free way to pass the Ping Identity Certified Professional - PingAM Exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by Ping Identity certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!
DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our Ping Identity PT-AM-CPE exam questions give you the knowledge and confidence needed to succeed on the first attempt.
Train with our Ping Identity PT-AM-CPE exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.
Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the Ping Identity PT-AM-CPE exam, we’ll refund your payment within 24 hours no questions asked.
Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s Ping Identity PT-AM-CPE exam dumps today and achieve your certification effortlessly!
After installing a PingAM instance with the configuration directory path set to /home/forgerock/am, where is the default directory that contains the debug log files?
When PingAM is installed, it creates a specific directory structure within its Configuration Directory (also known as the AM_HOME or .openamcfg pointer target). This structure is standardized across versions to ensure that administrators and automated scripts can locate critical files.
According to the PingAM 8.0.2 'File System Reference' and 'Debug Logging' documentation:
The primary directory for engine-level troubleshooting files (debug logs) is named debug.17 This directory is located immediately within the root of the configuration directory. Therefore, if the configuration path is explicitly set to /home/forgerock/am, the resulting path for debug files will be /home/forgerock/am/debug (Option D).
It is important to distinguish between Audit Logs and Debug Logs:
Audit Logs: (e.g., access.audit.json) are usually found in the .../openam/log or .../openam/logs directory (making Option A a common distractor).
Debug Logs: (e.g., amAuth, amSession, amCore) are strictly stored in the debug directory.
The var directory (Options B and C) is a convention used in some ForgeRock 'ForgeOps' containerized deployments (like those in Kubernetes) to separate variable data from static config. However, in a standard standalone installation as described in the question, the direct .../debug path is the verified default behavior of the PingAM installation wizard and configurator tool.
An OpenID Connect application makes a request for an ID token with the openid and profile scope. Which set of claim attributes are available with the profile scope?
PingAM 8.0.2 adheres to the OpenID Connect Core 1.0 specification regarding standard scopes and claims. When a client requests the profile scope, the OpenID Provider (PingAM) is expected to return a specific set of claims that describe the user's basic profile.
According to the PingAM documentation on 'Understanding OpenID Connect Scopes and Claims' and the default OIDC Claims Script (which maps internal LDAP attributes to OIDC claims):
The standard claims associated with the profile scope are strictly defined with lowercase, snake_case naming conventions. The default set includes:
name: The user's full name.
given_name: The user's first name.
family_name: The user's surname or last name.
middle_name: (Optional)
nickname: (Optional)
preferred_username: (Optional)
profile: URL to the profile page.
picture: URL to an image.
website: URL.
gender: (Optional)
birthdate: (Optional)
zoneinfo: Timezone.
locale: The user's preferred language/locale.
updated_at: Timestamp.
Option C is the only choice that correctly identifies the snake_case format (given_name, family_name, locale) required by the specification. Options A and B use camelCase or inconsistent naming that does not match the OIDC standard or PingAM's default mapping script. Option D includes preferred_locale, which is incorrect; the standard claim name for a user's language preference in OIDC is simply locale.
Sam wants to start a service provider-initiated single sign-on and redirect to their own application, myapp.com. Which of the following URLs is the correct one to perform this action?
In SAML 2.0 federation with PingAM 8.0.2, there are two ways to initiate SSO: IdP-Initiated (where the user starts at the Identity Provider) and SP-Initiated (where the user starts at the Service Provider).3
According to the 'SAML 2.0 Guide' for PingAM:
SP-Initiated SSO: The correct JSP file for an SP-initiated flow is spSSOInit.jsp. 4This script is used by an SP (in this case, PingAM acting as an SP or a 'Fedlet') to generate a SAML AuthnRequest and send it to the IdP.
Redirecting to the Application: In the SAML 2.0 standard, the mechanism used to preserve state (like the final destination URL) across the redirect-heavy SSO process is the RelayState parameter. When the IdP sends the SAML assertion back to the SP, it also returns the RelayState value. The SP then uses this value to redirect the user to the final application.
While PingAM uses the goto parameter for internal redirects (like standard web login), RelayState is the required parameter name for SAML-related JSPs to ensure interoperability with the SAML specification. Therefore, the correct URL is .../spSSOInit.jsp combined with the RelayState parameter (Option D). Using idpSSOInit.jsp (Options A and B) would trigger an IdP-initiated flow, which is not what the question describes. Option C is incorrect because it uses the non-SAML goto parameter in a SAML initialization context.
Which audit event handler is used by PingAM by default, when audit logging is enabled?
Audit logging is a vital security feature in PingAM 8.0.2 that provides a record of system activity. To make these logs useful for modern analysis tools and to ensure they contain rich metadata, PingAM utilizes structured logging.
According to the PingAM 'Audit Logging Service' documentation:
When an administrator enables audit logging in a new installation, the system is pre-configured with the JSON audit event handler as the default. This handler writes log entries to the local filesystem in a structured JSON format (e.g., access.audit.json).
The choice of JSON (Option D) as the default is strategic:
Structure: JSON allows for complex, nested data structures, which is necessary to capture the full context of an authentication journey or a policy decision.
Interoperability: JSON is the 'native language' of modern log aggregators and SIEM platforms like Splunk, ELK (Elasticsearch/Logstash/Kibana), and Sumo Logic.
Readability: While structured, it remains human-readable for quick manual inspection.
Why other options are incorrect:
CSV (B) and Syslog (C) are available handlers but must be explicitly added or configured; they are not the primary default.
Elasticsearch (A) is a powerful target for audit logs, but PingAM typically sends data there via an external collector reading the JSON files or via a specifically configured Elasticsearch handler, rather than it being the out-of-the-box default for a local installation.
The JSON handler ensures that from the moment logging is turned on, the data is stored in a format that balances detailed reporting with ease of integration.
When a user undergoes a session upgrade, what is the outcome?
Session Upgrade in PingAM 8.0.2 is the mechanism by which a user's current authenticated session is 'elevated' to a higher authentication level (Auth Level). This is commonly triggered by Step-up Authentication requirements, where a user attempts to access a highly sensitive resource that requires a stronger authentication method (such as MFA) than what was used for their initial login.
According to the PingAM documentation on 'Session Upgrade Outcomes,' the process is not merely a modification of the existing session. Instead, when a user successfully completes the additional authentication requirements (the 'Advice'):
Creation of a New Session: PingAM generates a brand-new authenticated session. This new session is assigned a higher authentication level corresponding to the tree or module just completed.
Property Copying: To ensure a seamless user experience, PingAM copies the session properties (attributes, constants, and other metadata) from the original lower-level session into the new higher-level session. This ensures that information gathered during the initial login remains available to applications.
Token Replacement: Because the session ID is part of the session token (SSO Token), a new session implies a new token. PingAM hands the client a new session token to replace the original one. The client (browser or application) must then use this new token for subsequent requests.
If the realm is configured for server-side sessions, the new session is stored in the Core Token Service (CTS). If configured for client-side sessions, a new signed/encrypted JWT is sent to the client as a cookie. The key distinction is that the token changes, and properties are preserved through copying, which distinguishes Option B as the correct technical description of the internal AM lifecycle.
Security & Privacy
Satisfied Customers
Committed Service
Money Back Guranteed