For an account attached to a platform that requires Dual Control based on a Master Policy exception, how would you configure a group of users to access a password without approval.
Correct Answer:
D
Dual Control is a feature that requires the approval of another user before accessing a password. It is based on a Master Policy rule that applies to all accounts attached to platforms that have this rule enabled. However, there may be situations where a group of users needs to access a password without approval, such as in an emergency or for troubleshooting purposes. In this case, an exception can be made by granting the group the ‘Access safe without confirmation’ authorization on the safe in which the account is stored. This authorization bypasses the Dual Control workflow and allows the group to retrieve the password without waiting for approval. However, the password retrieval will still be audited and recorded in the Vault.
A user needs to view recorded sessions through the PVWA.
Without giving auditor access, which safes does a user need access to view PSM recordings? (Choose two.)
Correct Answer:
AB
To view recorded sessions through the PVWA without having auditor access, a user needs access to two specific safes: the Recordings safe and thesafe the account is in. The Recordings safe is where the PSM session recordings are stored, and users need permission to access this safe to view the recordings. Additionally, users need access to the safe where the account associated with the recorded session is stored, as this is where the session details and permissions are managed12.
References:
✑ CyberArk Docs - Configure video and text recordings3
✑ CyberArk Community - Viewing PSM recorded sessions1
Which PTA sensors are required to detect suspected credential theft?
Correct Answer:
B
Suspected credential theft is a detection that PTA reports when a user connects to a machine or a cloud service without first retrieving the required credentials from the Vault. To detect this event, PTA requires the following sensors:
✑ Logs: This sensor collects log data from various sources, such as SIEM, Unix, AWS, and Azure, and forwards it to the PTA Server for analysis.
✑ Network Sensor: This sensor taps the network and collects network traffic data, which is used by the PTA Server to run deep packet inspection algorithms and detect cyber attacks, such as PAC, OverPass the Hash, and Golden Ticket.
✑ Vault Logs: This sensor collects log data from the Vault and forwards it to the PTA Server for analysis. The Vault logs contain information about the users’ activities in the Vault, such as password retrieval, session initiation, and audit records.
References: What Detections Does PTA Report?, PTA Network Sensors
Which user is automatically added to all Safes and cannot be removed?
Correct Answer:
C
The user that is automatically added to all Safes and cannot be removed is the Master user. The Master user is a predefined user that is created during the Vault installation and has full permissions on all Safes and accounts. The Master user is the only user that can perform certain tasks, such as creating other predefined users, managing the Vault configuration, and restoring the Vault from a backup. The Master user cannot be deleted or modified by any other user, and is always a member of every Safe12. References:
✑ Predefined users and groups - CyberArk, section “Master”
✑ Safes and Safe members - CyberArk, section “Safe members overview”
What is the chief benefit of PSM?
Correct Answer:
D
According to the web search results, the chief benefit of PSM is to provide both privileged session isolation and privileged session recording. Privileged session isolation means that the PSM server acts as a proxy between the user and the target machine, preventing the user from directly accessing the target machine or exposing the privileged account credentials. Privileged session recording means that the PSM server captures and stores a video and a transcript of the user’s activity on the target machine, enabling auditing and monitoring of the privileged session. These benefits help to enhance the security and compliance of the privileged access management solution, as they prevent credential exposure, restrict unauthorized access, detect malicious activity, and provide evidence for forensic analysis
