Studied by 0 people
Looks like no one added any tags here yet for you.
As long as you are a member of the Vault Admins group, you can grant any permission on any safe that you have access to.
True
False
False
If the AccountUploader Utility is used to create accounts with SSH keys, which parameter do you use to set the full or relative path of the SSH private key file that will be attached to the account?
A KeyPath
B KeyFile
C ObjectName
D Address
B KeyFile
Which item is an option for PSM recording customization?
A.Windows events text recorder with automatic play-back
B.Windows events text recorder and universal keystrokes recording simultaneously
C.Universal keystrokes text recorder with windows events text recorder disabled
D.Custom audio recording for windows events
C.Universal keystrokes text recorder with windows events text recorder disabled
Which of the following PTA detections are included in the Core PAS offering?
Options:
A.Suspected Credential Theft
B.Over-Pass-The Hash
C.Golden Ticket
D.Unmanaged Privileged Access
A.Suspected Credential Theft
B.Over-Pass-The Hash
C.Golden Ticket
D.Unmanaged Privileged Access
Recording and monitoring privileged sessions are crucial for maintaining security and compliance. Here are some best practices to follow:
Best Practices for Recording and Monitoring Privileged Sessions
Comprehensive Session Recording:
Record all privileged sessions, capturing both video and text logs. This provides a detailed audit trail of all actions performed during a session, which is essential for forensic analysis and compliance
Real-Time Monitoring:
Implement real-time monitoring of privileged sessions. This allows security teams to observe activities as they happen and intervene if suspicious behavior is detected2.
Keystroke Logging:
Log all keystrokes entered during privileged sessions. This provides a granular view of user activities and helps detect unauthorized commands or actions1.
Command Filtering:
Use command filtering to audit specific commands executed during sessions. This helps reduce the volume of audit data and focus on critical actions1.
Customizable Recording Settings:
Customize session recording settings to meet your organization's specific needs. For example, you can enable or disable certain types of data capture, such as keystroke logging for sensitive applications1.
Integration with SIEM:
Integrate session recording and monitoring with your Security Information and Event Management (SIEM) system. This centralizes logging and correlation of security events, enhancing visibility and response capabilities2.
Regular Audits and Reviews:
Immutable Logs:
Ensure that logs and records are immutable, meaning they cannot be altered or deleted. This maintains the integrity of the audit trail and ensures compliance with regulatory requirements3.
User Training and Awareness:
Provide training for users and administrators on the importance of session recording and monitoring.
Automated Alerts:
Set up automated alerts for suspicious activities detected during privileged sessions.
In PVWA, you are attempting to play a recording made of a session by user jsmith, but there is no option to ''Fast Forward'' within the video. It plays and only allows you to skip between commands instead. You are also unable to download the video.
What could be the cause?
A Recording is of a PSM for SSH session.
B The browser you are using is out of date and needs an update to be supported.
C You do not have the ''View Audit'' permission on the safe where the account is stored.
D You need to update the recorder settings in the platform to enable screen capture every 10000ms or less.
A Recording is of a PSM for SSH session..
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
A Platform
B Connection Component
C CPM
D Vault
A Platform
Your organization has a requirement to allow users to ''check out passwords'' and connect to targets with the same account through the PSM.
What needs to be configured in the Master policy to ensure this will happen?
A Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
B Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive
C Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active
D Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive
A Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
Which command configures email alerts within PTA if settings need to be changed post install?
A/opt/tomcat/utility/emailConfiguration.sh
B/opt/PTA/emailConfiguration.sh
C/opt/PTA/utility/emailConfig.sh
D/opt/tomcat/utility/emailSetup.sh
A/opt/tomcat/utility/emailConfiguration.sh
You are creating a new Rest API user that utilizes CyberArk Authentication.
What is a correct process to provision this user?
A Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
B Private Ark Client > Tools > Administrative Tools > Directory Mapping > Add
C PVWA > User Provisioning > LDAP Integration > Add Mapping
D PVWA > User Provisioning > Users and Groups > New > User
A Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
Your customer has five main data centers with one PVWA in each center under different URLs. How can you make this setup fault tolerant?
.
A this setup is already fault tolerant
B Install more PVWAs in each data center
C Continuously monitor PVWA status and send users the link to another PVWA if issues are encountered
D Load balance all PVWAs under same urL
D Load balance all PVWAs under same urL
What is the easiest way to duplicate an existing platform?
A From PrivateArk, copy/paste the appropriate Policy.ini file: then rename it.
B from the PVWA, navigate to the platforms page, select the existing platform that is similar to the new target account platform and click Duplicate, name the new platform.
C From PrivateArk, cop/paste the appropriate setting in the PVConfiguration.xml then update the policName variable.
D From the PVWA, navigate to the platforms page, select existing platform that is similar to the new target account platform, manually update the platform settings and click 'Save as' instead of save to duplicate and rename the platform.
B from the PVWA, navigate to the platforms page, select the existing platform that is similar to the new target account platform and click Duplicate, name the new platform.
Which pre-requisite step must be completed before installing a Vault?
A Join the server to the domain
B install a clean operating system
C install anti-virus software
D Copy the master CD to a folder on the Vault server
B install a clean operating system
You have been asked to design the number of PVWAs a customer must deploy. The customer has three data centers with a distributed vault in each, requires high availability, and wants to use all vaults, at all times. How many PVWAs does the customer need?
A six
B four
C two
D three
A six
You are configuring the vault to send syslog audit data to your organization's SIEM solution. What is a valid value for the SyslogServerProtocol parameter in DBPARM.ini file?
A TCP/UDP
B SSH
C SMTP
D SNMP
A TCP/UDP/TLS
CyberArk user Neil is trying to connect to the Target Linux server 192.168.1.64 using a domain account ACME/linuxuser01 on Domain Acme.corp using PSM for SSH server 192.168.65.145. What is the correct syntax?
A Ssh neil@linuxuser01:acme.corp@192.168.1.64@192.168.1.45
B Ssh neil@linuxuser01#acme.corp@192.168.1.64@192.168.1.45
C Ssh neil@linuxuser01@192.168.1.64@192.168.65.145
D Ssh neil@linuxuser01@acme.corp@192.168.1.64@192.168.1.45
This command specifies:
neil: The Vault user.
ACME/linuxuser01: The target user.
Acme.corp: The domain.
192.168.1.64: The target machine.
192.168.65.145: The PSM for SSH server.
B Ssh neil@linuxuser01#acme.corp@192.168.1.64@192.168.1.45
Before the hardening process, your customer identified a PSM Universal Connector executable that will be required to run on the PSM. Which file should you update to allow this to run?
A. PSMConfigureAppLocker.xml
B. PSMHardening.xml
C. PSMAppConfig.xml
D. PSMConfigureHardening.xml
A. PSMConfigureAppLocker.xml
As Vault Admin, you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?
A. Audit Users and Add Network Areas
B. Audit Users and Manage Directory Mapping
C. Audit Users and Add/Update Users
D. Audit Users and Activate Users
B. Audit Users and Manage Directory Mapping
In the screenshot displayed, you just configured the usage in CyberArk and want to update its password.What is the least intrusive way to accomplish this?
A. Use the "change" button on the usage's details page
B. Use the "change" button on the parent account's details page
C. Use the "sync" button on the usage's details page.
D. Use the "reconcile" button on the parent account's details page.
D. Use the "reconcile" button on the parent account's details page.
Arrange the steps to complete CPM Hardening for Out-of-Domain Deployment in the correct sequence
Locate the CPM_Hardnering.ps1 script in the installation media Review the Script log call hardeningscript Log
Review the script log called CYBRHardneringsecedit.log
Open PowerShell as administrator and run the scrip
Locate the CPM_Hardnering.ps1 script in the installation media Review the Script log call hardeningscript Log
Review the script log called CYBRHardneringsecedit.log
Open PowerShell as administrator and run the scrip
Which certificate type do you need to configure the vault for LDAP over SSL?
A. the CA Certificate that signed the certificate used by the External Directory
B. a CA signed Certificate for the Vault server
C. a CA signed Certificate for the PVWA server
D. a self-signed Certificate for the Vault
A. the CA Certificate that signed the certificate used by the External Directory
You are creating a new Rest API user that utilizes CyberArk Authentication. What is a correct process to provision this user?
A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
B. Private Ark Client > Tools-> Administrative Tools > Directory Mapping > Add
C. PVWA > User Provisioning > LDAP Integration > Add Mapping
D. PVWA > User Provisioning > Users and Groups > New > User
A. Private Ark Client > Tools > Administrative Tools > Users and Groups > New > User
What is mandatory for a PVWA Installation?
A. A DNS entry for the PVWA url must be created.
B. A company-signed TLS certificate must be imported into the server.
C. A Vault Administrative User must be used to register the PVWA.
D. Data Execution Prevention must be disabled.
C. A Vault Administrative User must be used to register the PVWA.
Your organization requires all passwords be rotated every 90 days.Where can you set this regulatory requirement?
A. Master Policy
B. Safe Templates
C. PVWAConfig.xml
D. Platform Configuration
A. Master Policy
When running a "Privileged Accounts inventory" Report through the Reports page in PVWA on a specific safe, which permission/s are required on that safe to show complete account inventory information?
A. List Accounts, View Safe Members
B. Manage Safe Owners
C. List Accounts, Access Safe without confirmation
D. Manage Safe, View Audit
A. List Accounts, View Safe Members
In a rule using "Privileged Session Analysis and Response" in PTA, which session options are available to configure as responses to activities?
A. Suspend, Terminate, None
B. Suspend, Terminate, Lock Account
C. Pause, Terminate, None
D. Suspend, Terminate
A. Suspend, Terminate, None
In addition to disabling Windows services or features not needed for PVWA operations, which tasks does PVWA_Hardening.ps1 perform when run?
A. performs IIS hardening; imports the CyberArk INF configuration
B. performs IIS hardening; configures all group policy settings
C. performs IIS hardening; renames the local Administrator Account
D. configures Windows Firewall; removes all installation files
A. performs IIS hardening; imports the CyberArk INF configuration
A customer has two data centers and requires a single PVWA URL. Which deployment provides the fastest time to reach the PVWA and the most redundancy?
A. Deploy two PVWAs behind a global traffic manager.
B. Deploy one PVWA only.
C. Deploy two PVWAs in an active/standby mode.
D. Deploy two PVWAs using DNS round robin.
A. Deploy two PVWAs behind a global traffic manager.
What is the recommended method to determine if a PVWA is unavailable and must be removed from the load balancing pool?
A. Monitor port 443 on the PVWA server.
B. Monitor port 1858 on the PVWA server.
C. Ping the PVWA server
D. Monitor port 3389 on the PVWA server.
A. Monitor port 443 on the PVWA server.
CyberArk User Neil is trying to connect to the Target Linux server 192.168.1.164 using a domain account ACME/linuxuser01 on domain acme.corp using PSM for SSH server 192.168.65.145.What is the correct syntax?
A. ssh neil@linuxuser01:acme.corp@192.168.1.164@192.168.65.145
B. ssh neil@linuxuser01#acme.corp@192.168.1.164@192.168.65.145
C. ssh neil@linuxuser01@192.168.1.164@192.168.65.145
D. ssh neil@linuxuser01@acme.corp@192.168.1.164@192.168.65.145
B. ssh neil@linuxuser01#acme.corp@192.168.1.164@192.168.65.145
To use PSM connections while in the PVWA, what are the minimum safe permissions a user or group will need?
A. List Accounts, Use Accounts
B. List Accounts, Use Accounts, Retrieve Accounts
C. Use Accounts
D. List Accounts, Use Accounts, Retrieve Accounts, Access Safe without confirmation
A. List Accounts, Use Accounts
Which PTA sensors are required to detect suspected credential theft?
A. Logs, Vault Logs
B. Logs, Network Sensor, Vault Logs
C. Logs, PSM Logs, CPM Logs
D. Logs, Network Sensor, EPM
B. Logs, Network Sensor, Vault Logs
Which component must be installed on the Vault if Distributed Vaults is used with PSM?
A. RabbitMQ
B. Disaster Recovery
C. Remote Control Client
D. Distributed Vault Server
D. Distributed Vault Server
You are configuring the Vault to send syslog audit data to your organization's SIEM solution.What is a valid value for the SyslogServerProtocol parameter in DBPARM.INI file?
A. TLS TCP or UDP
B. SSH
C. SMTP
D. SNMP
A. TLS TCP or UDP
Users are unable to launch Web Type Connection components from the PSM server. Your manager asked you to open the case with CyberArk Support.Which logs will help the CyberArk Support Team debug the issue? (Choose three.)
A. PSMConsole.log
B. PSMDebug.log
C. PSMTrace.log
D.
E. PMconsole.log
F. ITAlog.log
B. PSMDebug.log
C. PSMTrace.log
D.
Which usage can be added as a service account platform?
A. Kerberos Tokens
B. IIS Application Pools
C. PowerShell Libraries
D. Loosely Connected Devices
B. IIS Application Pools
To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found; what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe
C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit
D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit
A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
You are logging into CyberArk as the Master user to recover an orphaned safe.Which items are required to log in as Master?
A. Master CD, Master Password, console access to the Vault server, Private Ark Client
B. Operator CD, Master Password, console access to the PVWA server, PVWA access
C. Operator CD, Master Password, console access to the Vault server, Recover.exe
D. Master CD, Master Password, console access to the PVWA server, Recover.ex
A. Master CD, Master Password, console access to the Vault server, Private Ark Client
PTA System Logs
opt\tomcat logs
PSM for SSH PSMP logs
/var/opt/CARKpsmp/logs/
Disaster Recovery logs
C:\Programfiles(x85)\PrivateArk\Server\PADR
You are creating a Dual Control workflow for a team's safe. Which safe permissions must you grant to the Approvers group?
A. List accounts, Authorize account request
B. Retrieve accounts, Access Safe without confirmation
C. Retrieve accounts, Authorize account request
D. List accounts, Unlock accounts
A. List accounts, Authorize account request
Arrange the steps to install the Password Vault Web Access (PVWA) in the correct sequence
A Run the PVWAInstallation.spI script in PowerShell as Administrator.
B Run the PVWA_Prerequisites.ps1 script in Powershell as Administrator.
C Run the PVWARegisterComponent.ps 1 script with the Vault password
To install the Password Vault Web Access (PVWA), the steps should be arranged in the following sequence:
B. Run the PVWA_Prerequisites.ps1 script in PowerShell as Administrator: This step ensures that all necessary prerequisites are installed and configured.
A. Run the PVWAInstallation.ps1 script in PowerShell as Administrator: This step installs the PVWA application.
C. Run the PVWARegisterComponent.ps1 script with the Vault password: This step registers the PVWA with the Vault, completing the installation process12.
A company requires challenge/response multi-factor authentication for PSMP sessions.Which server must you integrate with the CyberArk Vault?
A. LDAP
B. PKI
C. SAML
D. RADIUS
D. RADIUS
A customer asked you to help scope the company's PSM deployment.What should be included in the scoping conversation?
A. Recordings file path
B. Recordings codec
C. Recordings retention period
D. Recordings file type
C. Recordings retention period
detecting insider threats using Privileged Threat Analytics
Detecting insider threats using CyberArk's Privileged Threat Analytics (PTA) involves several key components and methodologies:
Behavioral Analytics: PTA uses advanced behavioral analytics to establish a baseline of normal user behavior. By continuously monitoring user activities, it can detect deviations from these patterns, which may indicate potential insider threats
1
.
Real-Time Monitoring: PTA provides real-time monitoring of privileged account activities. It collects and analyzes data from various sources, such as SIEM systems, network sensors, and Vault logs, to identify suspicious activities
2
.
Anomaly Detection: The system employs machine learning algorithms to detect anomalies in user behavior. This includes unusual access patterns, abnormal login times, and unexpected changes in user activity
2
.
Risk Scoring: PTA assigns risk scores to activities based on their potential threat level. High-risk activities trigger alerts, allowing security teams to investigate and respond promptly
1
.
Integration with Security Tools: PTA integrates with other security tools and systems, such as SIEM solutions, to provide a comprehensive view of potential threats. This integration enhances the ability to detect and respond to insider threats effectively
3
.
Automated Responses: PTA can be configured to take automated actions in response to detected threats, such as locking accounts or alerting security personnel
3
.
Key Capabilities of PSM
Session Isolation and Control: PSM isolates privileged sessions, ensuring that administrators can only access target systems through a secure gateway. This prevents direct access to sensitive systems and reduces the risk of credential theft
1
.
Session Recording: PSM records all privileged sessions, capturing both video and text logs. These recordings provide a detailed audit trail of all actions performed during a session, which is crucial for forensic analysis and compliance
2
.
Real-Time Monitoring: Security teams can monitor privileged sessions in real-time, allowing them to intervene if suspicious activities are detected. This proactive approach helps in mitigating potential security breaches
3
.
Keystroke Logging: PSM logs all keystrokes entered during a session, providing a granular view of user activities. This is particularly useful for detecting unauthorized commands or actions
2
.
Command Filtering: PSM can filter and audit specific commands executed during sessions, such as SQL commands. This helps in reducing the volume of audit data and focusing on critical actions
2
.
Integration with SIEM: PSM integrates with Security Information and Event Management (SIEM) systems, enabling centralized logging and correlation of security events. This integration enhances the overall visibility and response capabilities of the security team
3
.
Enhancing Security Auditing
Comprehensive Audit Trails: By recording all privileged sessions and logging keystrokes, PSM provides comprehensive audit trails that are essential for compliance with regulatory requirements and internal security policies2.
Detailed Forensic Analysis: The detailed session recordings and logs enable thorough forensic analysis in the event of a security incident, helping to identify the root cause and take corrective actions2.
Proactive Threat Det
Auditing privileged account usage is crucial for maintaining security and compliance. Here are some of the most effective methods:
Comprehensive Logging and Monitoring: Ensure that all actions performed by privileged accounts are logged. This includes login attempts, command executions, and changes to system configurations. Tools like CyberArk, ManageEngine ADAudit Plus, and BeyondTrust can help with this
1
2
.
Session Recording: Record all privileged sessions to capture both video and text logs. This provides a detailed audit trail and helps in forensic analysis. CyberArk's Privileged Session Manager (PSM) is an example of a tool that offers this capability
3
.
Real-Time Alerts: Set up real-time alerts for suspicious activities, such as access outside of normal hours or from unusual locations. This allows for immediate response to potential threats
2
.
Regular Audits: Conduct regular audits of privileged accounts to ensure that access controls are up-to-date and that no unauthorized accounts exist. This includes reviewing account permissions and usage patterns
1
.
Behavioral Analytics: Use behavioral analytics to detect anomalies in user behavior. This involves establishing a baseline of normal activities and identifying deviations that may indicate malicious intent
2
.
Integration with SIEM: Integrate privileged account monitoring with your Security Information and Event Management (SIEM) system. This centralizes logging and correlation of security events, enhancing visibility and response capabilities
3
.
Least Privilege Principle: Enforce the principle of least privilege, ensuring that users have the minimum level of access necessary to perform their duties. This reduces the risk of misuse of privileged accounts
.
CyberArk's Vault technology is designed to provide robust security for storing and managing sensitive information. Here are the key encryption methods and security features:
Encryption Methods
Symmetric Encryption: Every password and file stored in the Vault is encrypted using a unique symmetric encryption key. Each version of a password or file has its own encryption key, ensuring that even if one key is compromised, other data remains secure
.
TLS Encryption: All data transmitted to and from the Vault is encrypted using TLS (Transport Layer Security). This ensures that data in transit is protected from interception and tampering
.
Security Features
Firewall & Code-Data Isolation: The Vault runs on a dedicated server with a built-in firewall that only allows communication through the authenticated Vault protocol. This isolation ensures a sterile environment, free from third-party vulnerabilities
.
VPN Integration: The Vault can integrate with VPNs to encrypt all network transmissions. This offloads most encryption processes to the client side, allowing for higher throughput and enhanced security
Strong Authentication: Access to the Vault requires strong two-way authentication. Supported methods include passwords, PKI digital certificates, RSA SecurID tokens, RADIUS protocol, USB tokens, and Windows authentication
.
Access Control: The Vault provides a built-in access control mechanism, allowing administrators to define who can read, write, delete, or administer data. Users are unaware of passwords or information not intended for their use
.
Tamper-Proof Audit Records: The Vault maintains tamper-proof audit records of all activities. This ensures that any changes or access to sensitive information are logged and can be reviewed for compliance and security purposes
Secure Key Management: The Vault handles all key management internally, so users and administrators do not need to manage encryption keys. Keys are securely delivered only to authenticated users with appropriate access rights
Implementing least privilege access using CyberArk tools involves several steps to ensure that users have the minimum level of access necessary to perform their duties. Here's how you can achieve this:
Steps to Implement Least Privilege Access
Identify Privileged Accounts and Access:
Assess and Define Access Requirements:
Use CyberArk's Privileged Access Security Solution:
CyberArk Vault: Store and manage privileged credentials securely in the CyberArk Vault. This ensures that credentials are only accessible to authorized users.
Privileged Session Manager (PSM): Use PSM to control and monitor privileged sessions. PSM provides session isolation, recording, and real-time monitoring, ensuring that users only access what they need.
Privileged Threat Analytics (PTA): Leverage PTA to detect and respond to suspicious activities. PTA uses behavioral analytics to identify anomalies and potential threats, helping to enforce least privilege principles.
Enforce Role-Based Access Control (RBAC):
Implement RBAC to assign permissions based on roles rather than individual users. This simplifies the management of access rights and ensures that users only have access to the resources they need.
Regularly Review and Adjust Access:
Conduct regular reviews of access permissions to ensure they are still appropriate. Remove or adjust access rights as necessary to maintain the principle of least privilege.
Implement Just-In-Time (JIT) Access:
Use JIT access to provide temporary, time-bound access to privileged accounts. This reduces the risk of long-term exposure of privileged credentials.
Monitor and Audit Access:
Continuously monitor and audit privileged access to ensure compliance with security policies. Use CyberArk's auditing capabilities to track and log all access activities.
Imagine you have a team of database administrators who need access to certain databases. Here's how you can apply least privilege access using CyberArk tools:
Identify: Determine which databases each administrator needs to access.
Assess: Define the specific actions each administrator needs to perform (e.g., read, write, execute).
Store Credentials: Store the database credentials in the CyberArk Vault.
Control Sessions: Use PSM to control and monitor database access sessions.
Assign Roles: Implement RBAC to assign database access based on the administrator's role.
Review Access: Regularly review and adjust access permissions as needed.
Monitor Activities: Use PTA to monitor and detect any suspicious activities.
Troubleshooting a failed password rotation involves several steps to identify and resolve the underlying issues. Here's a structured approach:
Steps to Troubleshoot a Failed Password Rotation
Check Service Status:
Ensure that the CyberArk Password Manager (CPM) service is running on the CPM server. If the service is not running, start it and check for any errors in the logs1.
Review Logs:
Examine the PasswordManager.log and PasswordManager_error.log files located on the CPM server. These logs can provide insights into why the password rotation failed2.
Verify Account Permissions:
Ensure that the CPM user has the necessary permissions on the safe. The CPM user should have at least the following permissions: List Accounts, Retrieve Accounts, and Update Account Content2.
Check Platform Settings:
Verify that the platform settings are correctly configured. This includes checking the AllowedSafes parameter to ensure it recognizes the safe used by the target account2.
Review Policy Files:
Check for any syntax errors in the policy files. Ensure that the PolicyID in the policy file matches what is listed in the Vault's Policies.xml file2.
Network Connectivity:
Confirm that there are no network connectivity issues between the CPM server and the target system. Ensure that firewalls or network configurations are not blocking the necessary ports1.
Account Configuration:
Verify that the target account is configured correctly. This includes checking that the account is not locked, expired, or restricted from changing its password1.
Third-Party Interference:
Ensure that no third-party applications or password filters are interfering with the password rotation process. If such tools are present, consider temporarily disabling them to see if the issue is resolved1.
Retry the Rotation:
After addressing any identified issues, retry the password rotation process. Monitor the logs and system behavior to confirm that the rotation completes successfully2.
Identifying Anomalous Behavior
Behavioral Baselines:
PTA establishes a baseline of normal behavior for each privileged account by analyzing historical activity. This includes typical login times, accessed systems, and performed actions1.
Anomaly Detection:
PTA uses advanced machine learning algorithms to detect deviations from established baselines. Anomalies might include unusual login times, access from unfamiliar locations, or atypical commands executed2.
Risk Scoring:
Each detected anomaly is assigned a risk score based on its severity and potential impact. High-risk activities trigger alerts, allowing security teams to prioritize their response2.
Indicators of Compromise (IoCs):
Sudden Increase in Access: A significant increase in the number of privileged accounts accessed by a user or system can indicate credential theft or misuse1.
Atypical Access Patterns: Accessing highly privileged accounts or secrets that are not typically used by the user can be a red flag1.
Unusual Times or Locations: Logins from unusual times of day or from unexpected geographic locations can suggest compromised credentials2.
High Volume of Access: Accessing a large number of privileged accounts in a short period can indicate automated attacks or malicious intent1.
The most secure method to rotate passwords for high-privilege accounts is
automated password rotation. Here's why and how it fits into best practices for managing privileged accounts:
Why Automated Password Rotation?
Minimizes Human Error: Automated systems reduce the risk of human error, ensuring that passwords are rotated correctly and consistently1.
Enhances Security: By frequently changing passwords, automated rotation limits the time a compromised password can be used, reducing the risk of unauthorized access2.
Compliance: Automated rotation helps meet regulatory requirements and internal security policies by ensuring regular password updates2.
Best Practices for Managing Privileged Accounts
Strong Password Policies: Implement strong password policies that require complex, unique passwords for all privileged accounts1.
Multi-Factor Authentication (MFA): Use MFA to add an extra layer of security, ensuring that even if a password is compromised, additional authentication is required1.
Role-Based Access Control (RBAC): Assign permissions based on roles rather than individual users to simplify management and enforce the principle of least privilege1.
Just-In-Time (JIT) Access: Provide temporary, time-bound access to privileged accounts to reduce the risk of long-term exposure2.
Regular Audits: Conduct regular audits of privileged accounts to ensure that access controls are up-to-date and no unauthorized accounts exist1.
Session Recording and Monitoring: Record and monitor privileged sessions to maintain a detailed audit trail and detect any suspicious activities1.
Arrange the steps to complete CPM Hardening for Out-of-Domain Deployment in the correct sequence
1️⃣ Locate the CPM_Hardening.ps1 script in the installation media.
2️⃣ Open PowerShell as administrator and run the script.
3️⃣ Review the script log called hardeningscript.log to check the execution details.
4️⃣ Review the script log called CYBRHardeningSecEdit.log for security-related hardening changes.
Correct Order
1️⃣ Locate the CPM_Hardening.ps1 script in the installation media.
2️⃣ Open PowerShell as administrator and run the script.
3️⃣ Review the script log called hardeningscript.log to check the execution details.
4️⃣ Review the script log called CYBRHardeningSecEdit.log for security-related hardening changes.
You are configuring CyberArk to use HTML5 gateways exclusively for PSM connections.In the PVWA, where do you set DefaultConnectionMethod to HTML5?
A. Options > Privileged Session Management UI
B. Options > Privileged Session Management
C. Options > Privileged Session Management Defaults
D. Options > Privileged Session Management Interface
A. Options > Privileged Session Management UI
Where can you check that the LDAP binding is using TCP/636?
A. in Active Directory under "Users OU" => "User Properties" => "External Bindings" => "Port"
B. in PVWA, under "LDAP Integration" => "LDAP" => "Directories" => "" => "Hosts" => "Host"
C. in PrivateArk Client, under "Tools" => "Administrative Tools" => "Directory Mapping" => ""
D. From the PVWA, connect to the domain controller using Test-NetConnection on Port 636.
B. in PVWA, under "LDAP Integration" => "LDAP" => "Directories" => "" => "Hosts" => "Host"
Your organization has a requirement to allow users to ''check out passwords'' and connect to targets with the same account through the PSM.
What needs to be configured in the Master policy to ensure this will happen?
A Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
B Enforce check-in/check-out exclusive access = inactive; Require privileged session monitoring and isolation = inactive
C Enforce check-in/check-out exclusive access = inactive; Record and save session activity = active
D Enforce check-in/check-out exclusive access = active; Record and save session activity = inactive
A Enforce check-in/check-out exclusive access = active; Require privileged session monitoring and isolation = active
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
A Platform
B onnection Component
C CPM
D Vault
A Platform
Which usage can be added as a service account platform?
A. Kerberos Tokens
B. IIS Application Pools
C. PowerShell Libraries
D. Loosely Connected Devices
B. IIS Application Pools
To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found; what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
A. List Accounts, View Safe members, Add accounts (includes update properties), Update Account content, Update Account properties
B. List Accounts, Add accounts (includes update properties), Delete Accounts, Manage Safe
C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit
D. View Accounts, Update Account content, Update Account properties, Access Safe without confirmation, Manage Safe, View Audit
C. Add accounts (includes update properties), Update Account content, Update Account properties, View Audit
Why is user "EMEALevel2Support" unable to change the password for user "Operator"?
A. EMEALevel2Support's hierarchy level is not the same or higher than Operator.
B. EMEALevel2Support does not have the "Manage Directory Mapping" role.
C. Operator can only be reset by the Master user.
D. EMEALevel2Support does not have rights to reset passwords for other users.
A. EMEALevel2Support's hierarchy level is not the same or higher than Operator.
Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment. How do you accomplish this?
A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
B. Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording
C. Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies
D. Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies
A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
Which combination of Safe member permissions will allow end users to log in to a remote machine transparently but NOT show or copy the password?
A.Use Accounts, Retrieve Accounts, List Accounts
B.Use Accounts, List Accounts
C.Use Accounts
D.List Accounts, Retrieve Accounts
B.Use Accounts, List Accounts
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the CPM could resume management automatically?
A. Configure the Provider to change the password to match the Vault's Password
B. Associate a reconcile account and configure the platform to reconcile automatically
C Associate a logon account and configure the platform to reconcile automatically
D. Run the correct auto detection process to rediscover the password
B. Associate a reconcile account and configure the platform to reconcile automatically
When onboarding multiple accounts from the Pending Accounts list, which associated setting must be the same across the selected accounts?
A.Platform
B.Connection Component
C.CPM
D.Vault
A.Platform
Users can be restricted to using certain CyberArk interfaces (e.g.PVWA or PACLI).
A.TRUE
B.FALSE
A.TRUE
Which parameter controls how often the CPM looks for accounts that need to be changed from recently completed Dual control requests.
A.HeadStartInterval
B.Interval
C.ImmediateInterval
D.The CPM does not change the password under this circumstance
B.Interval
Match the built-in Vault User with the correct definition.
Which of the following PTA detections require the deployment of a Network Sensor or installing the PTA Agent on the domain controller?
A.Suspected credential theft
B.Over-Pass-The-Hash
C.Golden Ticket
D.Unmanaged privileged access
C.Golden Ticket
When managing SSH keys, the CPM stores the Public Key
A.In the Vault
B.On the target server
C.A & B
D.Nowhere because the public key can always be generated from the private key.
B.On the target server
Which type of automatic remediation can be performed by the PTA in case of a suspected credential theft security event?
A.Password change
B.Password reconciliation
C.Session suspension
D.Session termination
A.Password change
A new HTML5 Gateway has been deployed in your organization.
Where do you configure the PSM to use the HTML5 Gateway?
A.Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details > Add PSM Gateway
B.Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers
C.Administration > Options > Privileged Session Management > Configured PSM Servers > Add PSM Gateway
D.Administration > Options > Privileged Session Management > Configured PSM Servers > Connection Details
B.Administration > Options > Privileged Session Management > Add Configured PSM Gateway Servers
When on-boarding account using Accounts Feed, Which of the following is true?
A.You must specify an existing Safe where are account will be stored when it is on boarded to the Vault
B.You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.
C.You can specify the name of a new Platform that will be created and associated with the account
D.Any account that is on boarded can be automatically reconciled regardless of the platform it is associated with.
B.You can specify the name of a new sale that will be created where the account will be stored when it is on-boarded to the Vault.
In order to connect to a target device through PSM, the account credentials used for the connection must be stored in the vault?
False PSM will prompt for user name and password when using an ad-hoc connection
As vault Admin you have been asked to configure LDAP authentication for your organization's CyberArk users. Which permissions do you need to complete this task?
A.Audit Users and Add Network Areas
B.Audit Users and Manage Directory Mapping
C.Audit Users and Add/Update Users
D.Audit Users and Activate Users
B.Audit Users and Manage Directory Mapping
Which one the following reports is NOT generated by using the PVWA?
A.Accounts Inventory
B.Application Inventory
C.Sales List
D.Convince Status
C.Sales List
One can create exceptions to the Master Policy based on ____________________.
A.Safes
B.Platforms
C.Policies
D.Accounts
B.Platforms
If a customer has one data center and requires high availability, how many PVWA's should be deployed.
A.Two
B.One PVWA cluster
C.One
D.Two PVWA Cluster
A.Two
What is mandatory for a PVWA installation?
A.A DNS entry for PVWA url must be created.
B.A company signed TLS certificate must be imported into the server
C.A vault Administrator user must be used to register the PVWA
D.Data Execution Prevention must be disabled.
C.A vault Administrator user must be used to register the PVWA
Which user(s) can access all passwords in the Vault?
A.Administrator
B.Any member of Vault administrators
C.Any member of auditors
D.Master
D.Master
You are installing HTML5 gateway on a Linux host using the RPM provided. After installing the Tomcat webapp, what is the next step in the installation process?
A.Deploy the HTML5 service (guacd)
B.Secure the connection between the guacd and the webapp
C.Secure the webapp and JWT validation endpoint
D.Configure ASLR
A.Deploy the HTML5 service (guacd)
The Master Policy in CyberArk serves as a centralized framework for defining and enforcing security and compliance standards across all privileged accounts within an organization. It allows administrators to establish baseline rules that govern privileged access workflows, password management, and session management.
Key Components Configurable in the Master Policy:
Privileged Access Workflows:
Dual Control: Requires multiple approvals before granting access to sensitive accounts, enhancing security through enforced oversight.
Ticketing Integration: Ensures that access requests are linked to authorized service tickets, promoting accountability and streamlined operations.
Password Management:
One-Time Passwords (OTP): Generates unique passwords for each session, reducing the risk associated with password reuse.
Password Reconciliation: Automatically synchronizes and updates passwords when discrepancies are detected, maintaining consistency across systems.
Exclusive Passwords: Restricts password access to a single user at a time, preventing concurrent usage and potential conflicts.
Session Management:
Monitoring and Recording: Enables real-time oversight and recording of privileged sessions, facilitating audits and compliance checks.
Custom Connection Components: Allows the integration of specialized tools or protocols for session management, catering to unique organizational needs.
Required Properties:
Mandates specific attributes or metadata for each account, such as owner information or purpose, ensuring comprehensive documentation and facilitating efficient management.
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
A.PSM (i.e., launching connections by clicking on the "Connect" button in the PVWA)
B.PSM for Windows (previously known as RDP Proxy)
C.PSM for SSH (previously known as PSM SSH Proxy)
D.All of the above
D.All of the above
Which built-in report from the reports page in PVWA displays the number of days until a password is due to expire?
A.Privileged Accounts Inventory
B.Privileged Accounts Compliance Status
C.Activity Log
D.Privileged Accounts CPM Status
B.Privileged Accounts Compliance Status
Which components support fault tolerance.
A.CPM and PVWA
B.PVWA and PSM
C.PSM and PTA
D.CPM and PTA
B.PVWA and PSM
Which of the following PTA detections are included in the Core PAS offering?
Options:
A.Suspected Credential Theft
B.Over-Pass-The Hash
C.Golden Ticket
D.Unmanaged Privileged Access
A.Suspected Credential Theft
B.Over-Pass-The Hash
C.Golden Ticket
D.Unmanaged Privileged Access
Due to network activity, ACME Corp's PrivateArk Server became active on the OR Vault while the Primary Vault was also running normally. All the components continued to point to the Primary Vault.
Which steps should you perform to restore DR replication to normal?
AReplicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
B.Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
C.Shutdown PrivateArk Server on Primary Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
D.Shutdown PrivateArk Server on DR Vault > Replicate data from DR Vault to Primary Vault > Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
.
B.Shutdown PrivateArk Server on DR Vault > Start replication on DR vault
Which option in the Private Ark client is used to update users' Vault group memberships?
A.Update > General tab
B.Update > Authorizations tab
C.Update > Member Of tab
D.Update > Group tab
C.Update > Member Of tab
Which CyberArk group does a user need to be part of to view recordings or live monitor sessions?
A.Auditors
B.VaultAdmin
C.DR Users
D.Operators
A.Auditors
B.VaultAdmin
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?
A.Configure each CPM to use the correct logon account.
B.Configure each CPM to use the correct reconcile account.
C.Configure the UNIX platform to use the correct logon account.
D.Configure the UNIX platform to use the correct reconcile account.
C.Configure the UNIX platform to use the correct logon account.
Can the 'Connect' button be used to initiate an SSH connection, as root, to a Unix system when SSH access for root is denied?
A.Yes, when using the connect button, CyberArk uses the PMTerminal.exe process which bypasses the root SSH restriction.
B.Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.
C.Yes, if a logon account is associated with the root account.
D.No, it is not possible.
B.Yes, only if a logon account is associated with the root account and the user connects through the PSM-SSH connection component.
The password upload utility must run from the CPM server
Options:
A.TRUE
B.FALSE
B.FALSE
Which service should NOT be running on the DR Vault when the primary Production Vault is up?
Options:
A.PrivateArk Database
B.PrivateArk Server
C.CyberArk Vault Disaster Recovery (DR) service
D.CyberArk Logical Container
B.PrivateArk Server
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.
Options:
A.the vault will not allow this situation to occur.
B.only those permissions that exist on the group added to the safe first.
C.only those permissions that exist in all groups to which the user belongs.
D.the cumulative permissions of all groups to which that user belongs.
D.the cumulative permissions of all groups to which that user belongs.
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group Operations Staff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of Operations Managers never need to be able to use the show, copy or connect buttons themselves.
Which safe permission do you need to grant Operations Staff? Check all that apply.
A.Use Accounts
B.Retrieve Accounts
C.Authorize Password Requests
D.Access Safe without Authorization
A.Use Accounts
B.Retrieve Accounts
C.Authorize Password Requests
Which utilities could you use to change debugging levels on the vault without having to restart the vault. Select all that apply.
A.PAR Agent
B.PrivateArk Server Central Administration
C.Edit DBParm.ini in a text editor.
D.Setup.exe
A.PAR Agent
B.PrivateArk Server Central Administration
Due to corporate storage constraints, you have been asked to disable session monitoring and recording for 500 testing accounts used for your lab environment.How do you accomplish this?
A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
B. Administration>Platform Management>select the platform(s)>disable Session Monitoring and Recording
C. Polices>Access Control (Safes)>select the safe(s)>disable Session Monitoring and Recording policies
D. Administration>Configuration Options>Options>select Privilege Session Management>disable Session Monitoring and Recording policies
A. Master Policy>select Session Management>add Exceptions to the platform(s)>disable Session Monitoring and Recording policies
Where can you check that the LDAP binding is using TCP/636?
A. in Active Directory under "Users OU" => "User Properties" => "External Bindings" => "Port"
B. in PVWA, under "LDAP Integration" => "LDAP" => "Directories" => "" => "Hosts" => "Host"
C. in PrivateArk Client, under "Tools" => "Administrative Tools" => "Directory Mapping" => ""
D. From the PVWA, connect to the domain controller using Test-NetConnection on Port 636.
B. in PVWA, under "LDAP Integration" => "LDAP" => "Directories" => "" => "Hosts" => "Host"
Note 
Flashcard (126)