In a default CyberArk installation, which group must a user be a member of to view the "reports" page in PVWA?
Correct Answer: A
Question 2
Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose three.)
Correct Answer: A,B,D
Explanation * A. Store the CD in a physical safe and mount the CD every time Vault maintenance is performed. This option ensures that the CD is kept in a secure location when not in use, and that the keys are available when needed. This is the default option suggested by CyberArk1. * B. Copy the entire contents of the CD to the system Safe on the Vault. This option allows the Vault to access the keys from the system Safe, which is a special Safe that stores the Vault configuration files and keys. The system Safe is encrypted and protected by the Vault, and can only be accessed by authorized users2. * D. Store the server key in a Hardware Security Module (HSM) and copy the rest the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions. This option provides an additional layer of security for the server key, which is the most critical key for the Vault. An HSM is a physical device that stores and manages cryptographic keys in a tamper-resistant and isolated environment. The Vault can integrate with an HSM to store and retrieve the server key3. The rest of the keys can be stored in a folder on the Vault Server and secured with NTFS permissions, which restrict access to authorized users and groups. The following option is not secure and should be avoided: * C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions. This option exposes the keys to potential risks, such as unauthorized access, data corruption, or deletion. NTFS permissions are not sufficient to protect the keys from malicious or accidental actions. Moreover, this option does not comply with the CyberArk best practices, which recommend to store the keys on a removable media or an HSM
Question 3
Match each automatic remediation to the correct PTA security event.
Correct Answer:
Explanation * Add To Pending: Unmanaged privileged account * Rotate Credentials: Suspected credential theft * Reconcile Credentials: Suspicious password change Comprehensive Explanation: In CyberArk's Privileged Threat Analytics (PTA), automatic remediations are actions that can be configured to respond to specific security events. For the event of an unmanaged privileged account, the remediation "Add To Pending" is used to add the account to the pending accounts queue. When there is a suspected credential theft, "Rotate Credentials" is the remediation that initiates a password change. Lastly, for a suspicious password change event, "Reconcile Credentials" is the remediation that ensures the credentials are correct and valid1. References: * CyberArk Docs: Configure security events
Question 4
Which statement is true about setting the reconcile account at the platform level?
Correct Answer: C
Explanation Setting the reconcile account at the platform level allows for flexibility in how the reconcile account is specified. A rule can be used to dynamically determine the appropriate reconcile account, or a specific reconcile account can be selected and configured directly in the platform settings. This approach provides the ability to manage reconciliation accounts more efficiently and adapt to different scenarios1. References: * CyberArk Community - Associate reconcile account with a specific platform
Question 5
If a user is a member of more than one group that has authorizations on a safe, by default that user is granted________.
