Ping Identity Updated PAP-001 Exam Questions and Answers by ariyan

Applications in PingAccess can be associated with multipleVirtual Hosts. Each virtual host defines an FQDN and port combination through which the application is exposed, allowing protection across multiple domains or hostnames.

Exact Extract:

“Virtual hosts specify the fully qualified domain names (FQDNs) and ports that PingAccess uses to expose applications.”

Option A (Sites)represent the target back-end servers, not the external FQDN.

Option B (Virtual Hosts)is correct — use multiple virtual hosts for multiple domains.

Option C (Redirects)are unrelated to multi-domain application protection.

Option D (Rules)define access policies, not hostnames.

PingAccess installs as a Windows service. To remove or prevent automatic startup, theuninstall-service.batscript is used.

Exact Extract:

“On Windows, useinstall-service.batto install PingAccess as a service anduninstall-service.batto remove the service.”

Option A (init.bat)initializes environment variables but does not manage services.

Option B (uninstall-service.bat)is correct — it removes the Windows service, preventing auto-start.

Option C (remove-install.bat)is not a valid PingAccess script.

Option D (wrapper-service.bat)configures wrapper options, not service removal.

Applications consuming signed JWTs need theJSON Web Key Set (JWKS)endpoint to retrieve the public keys used for validating JWT signatures. PingAccess exposes this at/pa/authtoken/JWKS.

Exact Extract:

“When using JWT identity mapping, applications can obtain the signing keys from the/pa/authtoken/JWKSendpoint to validate the JWT signature.”

Option Ais correct —/pa/authtoken/JWKSprovides the key set for signature validation.

Option Bis incorrect — that’s an administrative API for configuring identity mappings, not a runtime validation endpoint.

Option Cis incorrect —/pa/aidc/cbis the OIDC callback endpoint.

Option Dis incorrect —/pa-admin-api/v3/authTokenManagementis for admin token management, not JWT validation.

PingAccess terminates SSL at theVirtual Hostlevel. To configure an existing certificate, the administrator must assign the appropriateKey Pair(which contains the certificate and private key) to the Virtual Host.

Exact Extract:

“SSL termination occurs on the engine listener through virtual hosts. Assign the certificate’s key pair to the virtual host to secure proxied applications.”

Option Ais correct — assign the key pair to the Virtual Host for SSL termination.

Option Bis incorrect — Require HTTPS enforces secure access but does not configure SSL termination.

Option Cis incorrect — Agent Listener is for PingAccess Agents, not proxied apps.

Option Dis incorrect — secure flag affects cookie settings, not SSL certificates.