Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. Ping Identity
  3. PAP-001

Ping Identity PAP-001 Exam (page: 2)
Ping Identity Certified Professional - PingAccess
Updated on: 24-Mar-2026

Viewing Page 2 of 10
PAP-001 PDF 70 Questions

Which two options can be changed in the run.properties file? (Choose 2 answers.)

  1. Default logs location
  2. URL for heartbeat endpoint
  3. Operational mode for PingAccess
  4. X-Frame-Options header
  5. Logging levels

Answer(s): C,E

Explanation:

The run.properties file in PingAccess is the primary configuration file that defines system-level runtime behavior. According to PingAccess documentation:
Exact Extract:
"The run.properties file contains configuration properties for PingAccess, including operational mode, logging levels, admin authentication fallback, cluster settings, and system defaults." (PingAccess Administrator's Guide ­ run.properties Reference) From this, we can determine:
C . Operational mode for PingAccess Correct
The property pa.operational.mode in run.properties defines whether the node operates as STANDALONE, CLUSTERED_CONSOLE, CLUSTERED_CONSOLE_REPLICA, or CLUSTERED_ENGINE. This is one of the core configurable options.

E . Logging levels Correct
Properties such as log.level and other logging configurations are explicitly defined in run.properties, allowing administrators to adjust the verbosity of logs (DEBUG, INFO, WARN, ERROR).

Why the others are incorrect:
A . Default logs location Incorrect
The log file path is not controlled via run.properties. It is defined in log4j2.xml, not in run.properties.
B . URL for heartbeat endpoint Incorrect
The heartbeat endpoint (/pa/heartbeat.ping) is a fixed system endpoint and is not configurable in run.properties.
D . X-Frame-Options header Incorrect
Security headers like X-Frame-Options are managed under application security policies or global response headers, not in run.properties.


Reference:

PingAccess Administrator's Guide ­ run.properties Reference (section describing pa.operational.mode and logging configuration properties).



An administrator needs to support SLO (Single Logout) for a protected web application.
What must be configured in a PingAccess Web Session in this situation?

  1. SLO scope
  2. Idle timeout
  3. Validate Session
  4. Refresh User Attributes

Answer(s): A

Explanation:

To enable Single Logout (SLO), the SLO scope must be defined in the PingAccess Web Session configuration. This determines which sessions are ended when a logout request occurs.
Exact Extract:

"The SLO scope option in a web session specifies which applications are included in a logout event when Single Logout is triggered."
Option A (SLO scope) is correct; it explicitly enables SLO support by linking session termination across apps.
Option B (Idle timeout) is unrelated; this controls session expiration, not SLO. Option C (Validate Session) ensures session state is synchronized but does not configure SLO. Option D (Refresh User Attributes) is unrelated; it only controls whether attributes are reloaded.


Reference:

PingAccess Administration Guide ­ Configuring Web Sessions



According to a new business requirement, critical applications require dual-factor authentication when specific resources are accessed in those applications.
Which configuration object should the administrator use in the applications?

  1. UI Authentication
  2. Auth Token Management
  3. Authentication Requirements
  4. Authentication Challenge Policy

Answer(s): C

Explanation:

PingAccess enforces step-up or multi-factor authentication using Authentication Requirements, which can be applied to specific resources within an application.
Exact Extract:
"Authentication requirements allow administrators to configure additional authentication (for example, MFA) when accessing sensitive application resources." Option A (UI Authentication) applies to access to the admin console, not application resources. Option B (Auth Token Management) relates to OAuth token lifetimes and refresh, not MFA enforcement.
Option C (Authentication Requirements) is correct -- these rules enforce MFA or step-up auth for specific URLs/resources.
Option D (Authentication Challenge Policy) governs how failed auth challenges are presented but does not enforce MFA.


Reference:

PingAccess Administration Guide ­ Authentication Requirements



During a business review of an application, the administrator needs to change the Resource Authentication to anonymous.
What are the two effects of making this change to the resource? (Choose 2 answers.)

  1. The resource requires no further authentication, and no rules will apply.
  2. The resource requires no further authentication, and Identity Mappings still apply.
  3. The resource requires no further authentication, and Processing rules still apply.
  4. Requests to this resource are not logged, and Identity Mappings are applied.
  5. The resource requires no further authentication, and all Access Control rules still apply.

Answer(s): B,C

Explanation:

When a resource is configured as anonymous, PingAccess does not challenge the user for authentication. However, certain processing and identity propagation still occur.

Exact Extract:
"Anonymous resources do not require authentication. Identity mappings and request/response processing rules still apply."
Option A is incorrect because rules such as identity mappings and processing still apply. Option B is correct -- Identity Mappings can still forward attributes, even for anonymous access. Option C is correct -- Processing rules (e.g., request/response modifications) still apply. Option D is incorrect -- requests are logged; anonymous does not disable logging. Option E is incorrect -- access control rules (authorization) are not evaluated for anonymous resources.


Reference:

PingAccess Administration Guide ­ Resource Authentication



An administrator is integrating a new PingAccess Proxied Application. The application will use an SSL certificate issued by a publicly trusted Certificate Authority. PingAccess is terminating SSL and is responsible for loading the SSL certificate for that application.
What initial action must the administrator take in PingAccess in this situation?

  1. Import the SSL public key with the full certificate chain into the Certificates.
  2. Import the PKCS#12 file with the full certificate chain into the Certificates.
  3. Import the SSL public key with the full certificate chain into the Key Pairs.
  4. Import the PKCS#12 file with the full certificate chain into the Key Pairs.

Answer(s): D

Explanation:

For PingAccess to terminate SSL for a proxied application, it requires access to the private key and certificate chain. These are stored as Key Pairs.
Exact Extract:
"For SSL termination, you must import the server certificate and its private key as a PKCS#12 file into Key Pairs."
Option A is incorrect -- a public key alone cannot terminate SSL. Option B is incorrect -- PKCS#12 files must go into Key Pairs, not Certificates. Option C is incorrect -- public keys alone are insufficient; PingAccess must have the private key.

Option D is correct -- the PKCS#12 file with full chain and private key is imported into Key Pairs.


Reference:

PingAccess Administration Guide ­ Managing Certificates and Key Pairs



An administrator needs to prevent PingAccess from automatically starting on a Windows Server.
Which command would accomplish this task?

  1. init.bat
  2. uninstall-service.bat
  3. remove-install.bat
  4. wrapper-service.bat

Answer(s): B

Explanation:

PingAccess installs as a Windows service. To remove or prevent automatic startup, the uninstall- service.bat script is used.
Exact Extract:
"On Windows, use install-service.bat to install PingAccess as a service and uninstall-service.bat to remove the service."
Option A (init.bat) initializes environment variables but does not manage services. Option B (uninstall-service.bat) is correct -- it removes the Windows service, preventing auto-start. Option C (remove-install.bat) is not a valid PingAccess script. Option D (wrapper-service.bat) configures wrapper options, not service removal.


Reference:

PingAccess Installation Guide ­ Windows Service Scripts



A protected web application requires that additional attributes be provided once the user is authenticated.
Which two steps must the administrator perform to meet this requirement? (Choose 2 answers.)

  1. Request that the token provider update the ID token with the additional attributes.
  2. Update the Identity Mapping.
  3. Update the Site Authenticator.
  4. Request that the token provider update the access token with the additional attributes.
  5. Update the Web Session.

Answer(s): B,E

Explanation:

When applications require additional attributes:
The Web Session must be configured to retrieve those attributes from the token provider (OIDC or PingFederate).
The Identity Mapping must be updated to forward those attributes to the application (e.g., as headers).
Exact Extract:
"Web sessions define how user attributes are retrieved from the token provider. Identity mappings determine how those attributes are inserted into requests to applications." Option A is not necessarily required; attributes can be retrieved via userinfo endpoint or access token, not only ID tokens.
Option B is correct -- Identity Mappings must be updated to pass attributes to the app. Option C is incorrect -- Site Authenticators define how PingAccess authenticates to apps, not attribute handling.
Option D is incorrect unless the architecture specifically requires access token updates; PingAccess often uses the Web Session to fetch attributes.
Option E is correct -- Web Session must be updated to retrieve additional attributes.


Reference:

PingAccess Administration Guide ­ Web Sessions and Identity Mapping



A modified application now requires additional attributes to be passed in the headers.
What needs to be modified in order to pass the additional attributes?

  1. HTTP Request Header Rule
  2. Header Identity Mapping
  3. JWT Identity Mapping
  4. Web Session Attribute Rule

Answer(s): B

Explanation:

To pass user attributes into HTTP headers for applications, PingAccess uses Identity Mappings.
When attributes need to be passed specifically as headers, the administrator must update the Header Identity Mapping.
Exact Extract:
"Header identity mappings map attributes from a user's web session to HTTP headers that are then sent to the back-end application."
Option A (HTTP Request Header Rule) is incorrect -- this adds or modifies static request headers, not user attributes.
Option B (Header Identity Mapping) is correct -- this maps identity attributes into headers dynamically.
Option C (JWT Identity Mapping) is incorrect -- that's used for passing attributes as claims in JWTs. Option D (Web Session Attribute Rule) is incorrect -- that is for access control evaluation, not propagation of attributes.


Reference:

PingAccess Administration Guide ­ Identity Mapping (Header Identity Mapping)



Viewing Page 2 of 10



Share your comments for Ping Identity PAP-001 exam with other users:

B.Khan 4/19/2022 9:43:00 PM

the buy 1 get 1 is a great deal. so far i have only gone over exam. it looks promissing. i report back once i write my exam.
INDIA


Ganesh 12/24/2023 11:56:00 PM

is this dump good
Anonymous


Albin 10/13/2023 12:37:00 AM

good ................
EUROPEAN UNION


Passed 1/16/2022 9:40:00 AM

passed
GERMANY


Harsh 6/12/2023 1:43:00 PM

yes going good
Anonymous


Salesforce consultant 1/2/2024 1:32:00 PM

good questions for practice
FRANCE


Ridima 9/12/2023 4:18:00 AM

need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
Anonymous


Tanvi Rajput 10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.
UNITED KINGDOM


Anil 7/18/2023 9:38:00 AM

nice questions
Anonymous


Chris 8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions
Anonymous


sachin 6/27/2023 1:22:00 PM

can you share the pdf
Anonymous


Blessious Phiri 8/13/2023 10:26:00 AM

admin ii is real technical stuff
Anonymous


Luis Manuel 7/13/2023 9:30:00 PM

could you post the link
UNITED STATES


vijendra 8/18/2023 7:54:00 AM

hello send me dumps
Anonymous


Simeneh 7/9/2023 8:46:00 AM

it is very nice
Anonymous


john 11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.
Anonymous


Tao 11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
Anonymous


patricks 10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
Anonymous


Ananya 9/14/2023 5:17:00 AM

i need it, plz make it available
UNITED STATES


JM 12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
UNITED STATES


Ronke 8/18/2023 10:39:00 AM

this is simple but tiugh as well
Anonymous


CesarPA 7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
UNITED STATES


Jeya 9/13/2023 7:50:00 AM

its very useful
INDIA


Tracy 10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
Anonymous


James 8/17/2023 4:33:00 PM

real questions
UNITED STATES


Aderonke 10/23/2023 1:07:00 PM

very helpful assessments
UNITED KINGDOM


Simmi 8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam
AUSTRALIA


johnson 10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
GERMANY


Manas 9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups
UNITED STATES


SB 9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
Anonymous


Jagjit 8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam
UNITED STATES


S Mallik 11/27/2023 12:32:00 AM

where we can get the answer to the questions
Anonymous


PiPi Li 12/12/2023 8:32:00 PM

nice questions
NETHERLANDS


Dan 8/10/2023 4:19:00 PM

question 129 is completely wrong.
UNITED STATES