CyberARK interview questions and

answers

ℜ𝔞𝔪 𝔇𝔦𝔵𝔦𝔱 ✅

15𝐊 𝐟𝐨𝐥𝐥𝐨𝐰𝐞𝐫𝐬 ||𝐙𝐬𝐜𝐚𝐥𝐞𝐫 || 𝐏𝐂𝐍𝐒𝐄||𝐂𝐈𝐒𝐂𝐎 𝐈𝐒𝐄 || 𝐅𝟓 ||

𝐅𝐨𝐫𝐞𝐬𝐜𝐨𝐮𝐫𝐭 ||𝐑&𝐒 || 𝐀𝐒𝐀|| 𝐂𝐲𝐛𝐞𝐫 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 ||𝐒𝐢𝐞𝐦#𝐤𝐚𝐥𝐢𝐥𝐢𝐧𝐮𝐱 ||
𝓔𝓽𝓱𝓲𝓬𝓪𝓵 𝓗𝓪𝓬𝓴𝓮𝓻
May 29, 2024

for more content visit your website- https://www.techclick.in

CyberARK Interview questions and answers

1. What are privileged accounts?

ANS: A privileged account is a user account that has more privileges than
ordinary users. There are many kinds of privileged accounts like Root and
administrator accounts are typically used for installing and removing
software and changing configuration. They are super user accounts.

Examples: Root -Linux

Administrator-Windows

SA-Oracle

Enable-Cisco

2. What are the different types of accounts?

ANS: They are different account is there

1. Local account

2. Domain account

3. Service account

4. Shared account
Local accounts: A local account controls access to one single, physical
computer. Your local account credentials (username, password, and
SID/UID) are stored locally on the computer’s hard drive, and the
computer checks its own files to authenticate your login. … A local
account allows you some level of access to an individual computer.

Domain account: A domain user is one whose username and password

are stored on a domain controller rather than the computer the user is
logging into. When you log in as a domain user, the computer asks the
domain controller what privileges are assigned to you.

Service account: A service account is a special user account that an

application or service uses to interact with the operating system. Services
use the service accounts to log on and make changes to the operating
system or the configuration. Through permissions, you can control the
actions that the service can perform.

Shared account: Shared accounts are any resource that uses a single
pair of credentials to authenticate multiple users. … The challenges
shared accounts hold for IT: Activity Tracking and visibility: The basic
premise of identity and access management (IAM) knows who accessed
which resource.

3. What is identity access management (IAM)?

ANS: Identity and access management is the information security

discipline that allows users access to appropriate technology resources, at
the right time. … Once a user successfully completes the authentication
process, the IAM system must then verify the user’s authorization to
perform the requested activity.

Identity and access management (IAM) in enterprise IT is about defining

and managing the roles and access privileges of individual network users
and the circumstances in which users are granted (or denied) those
privileges. Those users might be customers (customer identity
management) or employees (employee identity management. The core
objective of IAM systems is one digital identity per individual. Once that
digital identity has been established, it must be maintained, modified and
monitored throughout each user’s “access lifecycle.”

4. What is EPV?

ANS: Enterprise Password Vault — CyberArk’s Enterprise Password

Vault (EPV) enables organizations to secure, manage, automatically

change and log

All activities associated with all types of Privileged Passwords.

It uses a highly secure central repository to store and protect both SSH
keys and passwords for use in on-premises, hybrid and cloud
environments. In addition, its auditing and control features mean you can
track and identify the misuse of any privileged accounts.

Administer, secure, rotate and control access to privileged account

passwords.

5. What are the system requirements for installing digital vault

server?

ANS: Before installing the Vault, make sure that you have the following:

6. What are prerequisites for installing digital vault server?

ANS:

 Vault Installation Package

 The CyberArk Vault installation CD
 Master CD
 Operator CD
 License file
 Installation documentation

Software prerequisites

Windows 2016 server

Windows 2012 server

.NET Framework 4.5.2.

7. What are vault security layers?

ANS:
Firewall & Code Data Isolation-The Vault must run on a dedicated
server, eliminating security holes in third party Product. This is enforced
by the CyberArk firewall, which doesn’t let any communication into the
server or out of it other than its own authenticated protocol — the Vault
protocol. No other component is able to communicate with the outside
world, except for the

Storage Engine. The fact that the Vault’s code is the only code that runs
on the dedicated

Server assures a sterile environment and total control over the server by
the security System.

Encrypted Network Communication & Visual Security Audit Trail-

Every password and file stored on the Vault is encrypted, using an
encryption infrastructure that is totally hidden from the end user. This
means that neither users nor administrators need to concern themselves
with any key management issues.

The Vault’s Visual Security is the first and only technology that lets Users
see activities Carried out in their Safes by other Users. Real-time
monitoring of who is logged on to the Safe and the information they have
retrieved enables Users to track passwords and files in the Vault. Other
Visual Security features inform Users whenever activity occurs in the
Vault, and mark passwords and files so that those that have been
accessed by other Users are noticeable immediately.

Strong Authentication & Granular Access Control-Every access to

the Vault must be authenticated. The Privileged Account Security Solution
uses a strong two-way authentication protocol. Authentication is based on
Passwords, PKI digital certificates, RSA SecurID tokens, RADIUS protocol,
USB Tokens, or Windows authentication. Taking the latter approach
requires no additional Authentication to be made by the end-user. The
Privileged Account Security solution also supports third-party
authentication that can be integrated into the organization’s existing
Authentication server.

The Privileged Account Security solution provides a built-in access control

mechanism. Users are totally unaware of passwords or information that is
not intended for their use. Users can be permitted to read, write, delete,
or administer data according to the access Control rules.

File Encryption & Dual Control Security-Every password and file

stored on the Vault is encrypted, using an encryption infrastructure that is
totally hidden from the end user. This means that neither users nor
administrators need to concern themselves with any key management
issues.

8. What does license.xml contains?

ANS: .XML contains

 Customer’s unique ID.

 The type of Vault that is installed.
 The version of the license.
 The expiry date of the license.
 The license key.
 Licensed components.
 The number of EPV Users permitted to work with the CyberArk Vault
 Whether or not to enable high availability clustering.
 Whether or not to enable a connection with an external directory.
 Whether or not to enable Disaster Recovery features.
 Whether or not to enable Remote Monitoring in the Vault.
 Whether or not to enable backup by third party software
 The types of authentication that are permitted by the Vault.
 The types of Clients that the Vault will recognize.

9. What does master CD & operator CD contains?

ANS:

Master CD contains:-

Recovery private key

Recovery public key

Random database key

Server key

Operator CD contains:- Recovery public key

Random database key

Server key

10. What is the latest version available in market?

ANS: Present 11.3 latest versions available in market.

11. What are the silent features of 11 versions?

ANS: Silent upgrade for PVWA and CPM for automation to help our
customers deploy faster in an automated manner, we provide a silent
upgrade option that can be automated with a customer’s automation tools
for a faster deployment process.

New connection component to support SQL Server Management Studio 18

A new PSM connection component was added to the PSM installation and
to CyberArk Marketplace to enable secure access to SQL Server
Management Studio (SSMS) 18.

Support deploying Vault on AWS on Windows 2016 CyberArk now supports

deployment of Vault installed on AWS on Windows 2016 Server.

12. What is the remote control agent?

ANS: The Enterprise Remote Control Agent is the software that allows you
to take control of a PC. The CyberArk Vault Remote Control feature
enables users to carry out several Operations on Vault components from a
remote terminal.

Managing the Vault, DR Vault, ENE, and CVM from a Remote Location The
following table displays the commands that can be used with the
PARClient utility to manage the Vault, DR Vault, ENE, and CVM from a
remote physical location.

13. What is safe and what does it contains?

ANS: A safe is a logical container for storing passwords. Safes are

typically created based on who will need access to the privileged accounts
whose passwords will be stored within the safe. For instance, you might
create a safe for a business unit or for a group of administrators

14. What is cyber ark hardening?

ANS: CyberArk installs the Vault Server on a hardened operating system,
based on Microsoft Bastion Host server recommendations which define a
highly secured Windows server. The hardening process is performed as
part of the Vault installation and results in disablement of many operating
system services. The hardened Vault Server is designed to serve only
CyberArk protocol requests. As such, it may not function as a regular
domain member in a Windows network. In addition, the hardening process
also strips the permissions from existing and built-in Windows users
(except the user that runs the installation).

15. Is it possible to remove the hardening once digital vault

hardened?

ANS: Not possible we have to re-build the OS.

16. What are the default safes that are created after vault
installation?

ANS: Default safes are

1. System Safe

2. Vault internal

3. Notification Engine

17. What is the purpose of master account?

ANS: Master account is used for retrieving the Administrator accounts.

Whenever Administrator accounts are blocked / suspended by using
master account we can activate the administrator account.

18. What are the log files related to vault server?

ANS: Log files related to vault server are ITA.log, trace logs

19. What are the services related to vault server?

ANS:

 Cyberark event notification engine.

 Cyberark logic container.
 Private ark database.
 Private ark remote control agent.
 Private ark server.
 Cyberark windows hardened firewall.

20. What are the configuration files of vault server?

ANS: Vault configuration files are

 Dbparm
 Paragent(Remote control agent)-9022
 Passparm(Password management)
 Tsparm(safes directory)
 Vault

21. What does system safe contains?

ANS: System safe contains configuration files, license file and log files of
vault server.

 dbparm.ini
 italog
 license.xml
 paragant.log
 passparm.ini
 tsparm.ini

22. What does vault internal safe contains?

ANS: LDAP configuration details.

23. What re built in users and groups that are created after cyber
ark implementation?

ANS: After cyberark implementation default users and groups are:

 Auditor
 Administrator
 Batch
 Master
 NotificationEngine
 PSMApp_WIN
 PVWAAppUser
 PVWAGwUser
 Auditors groups
 Notification Engines group
 PSMAppUsers group
 PSMLiveSessionTerminators group
 PSMMaster group
 PVWAGWAccounts group
 PVWAMonitor group
 PVWAUsers group

24. What are the prerequisites of installing CPM?

ANS: Install .net Framework 4.5.2.

25. What are the system requirements for installing CPM?

ANS: TCP/IP connection to the Digital Vault Server.

26. What are the default safes that are created after CPM
installation?

ANS: Default safes of CPM are

 PasswordManager
 PasswordManager_ADInternal
 PasswordManager_Info
 PasswordManager_Pending
 PasswordManager_workspace
 PasswordManagerShared

27. What does password manager safe contains?

ANS: Password manager safe contains ADConfiguration.xml, cpm.ini files.

28. What are the services related to CPM?

ANS: CPM services are CyberArk Password Manager ,CyberArk Central

Policy manager Scanner.

29. What are log files related to CPM?

ANS:

 PM
 PM_error
 PMConsole
 PMTrace
 ThirdParty levels

Activity Log (logs folder)- pm.log –contains all the log messages,
including general and informative messages, errors, and warnings.

pm_error.log –contains only warning and error messages.

Third part Logs- Generated by the Central Password Manager built-in

password generation plug-ins when an error occurs. Root log, console log,
expect log and debug log.

History Log files- After a log file has been uploaded into the Safe, it is
renamed and moved into the History subfolder.

30. What are the process &prompt files and where does it
contains?
ANS: Bin folder

31. What is the order of installation of cyber ark?

ANS: Cyberark order of installation in below

< 10.8:-

 Vault
 CPM
 PVWA
 PSM

> 10.8:-

 Vault
 PVWA
 CPM
 PSM

32. What are prerequisites for PVWA?

ANS: IIS server (internet information services), Windows Server must be a

domain member.

33. What are system requirements of PVWA?

ANS: The minimum requirements for the PVWA are as follows:

34. What is the default port of cyber ark in which all the
components will communicate to vault?

ANS: Default port of Cyberark Vault TCP/IP port number is 1858.

35. What are the services related to PVWA?

ANS: PVWA services are:-

 IIS Admin Service(IIS ADMIN)

 Windows Process Activation Service
 World Wide Web Publishing Service.

36. What are log files related to PVWA?

ANS: PVWA log files are

 CyberArk.Web console.log
 CyberArk.WebApllication.log
 CyberArk.WebTaskEngine.log
37. What is the configuration file of PVWA?

ANS: Configuration file of PVWA is Web.config

38. What are the safes created after PVWA installation?

ANS: PVWA default safes are

 PVWAConfig
 PVWAPrivateUserPrefs
 PVWAPublicData
 PVWAReports
 PVWATaskDefinations
 PVWATicketingSystem
 PVWAUserPrefs

39. What does PVWA config safe contains?

ANS: Polices.xml (.ini files is used to assign in Platform Level) and

PVConfiguration.xml

40. What are the system requirements for installing PSM?

ANS:

 TCP/IP connection to the CyberArk Password Vault Server

 Windows 2012
 PSM setup
 Windows Server must be a domain member.

41. What are the prerequisites for installing PSM?

ANS: Prerequisites of PSM are RD Web access, RD Connection broker and

RD Session host,

Only Windows Server 2012 R2, Windows Server must be a domain

member, User logged in during installation must be a Domain User with
local admin rights.

 RD Web access: Remote desktop web access enables user to

connect to resources provided by session collections and virtual
desktop collections by using the start menu or web browser.
 RD connection broker: Remote Desktop connection broker connects
or reconnects a client device to RemoteApp programs, session
based desktops and virtual desktops.
 RD session host: Remote desktop session host enables a server to
host RemoteApp programs or session based desktops.

42. Why do we need remote desktop licensing server?

Ans1: (it will Lunch the RD Licence on PSM Server)

Ans 2: The Remote Desktop Connection Broker is used to connect users

to existing virtual desktops and apps. The Remote Desktop License Server
manages the RDS Client Access Licenses (CALs) that are required by client
devices to connect to the RD session host.

43. What are the default users of PVWA & PSM that are created
after installation?

ANS: Default users of PVWA after installation PVWAAppUsers and

PVWAGWUsers

PVWAAppUser is used by the Password Vault Web Access for internal

Processing.

PVWAGWUseris the Gateway user through which users will access the
Vault

In PSM PSMAppUsers and PSMGWUsers.

This user is used by the PSM for internal processing. The credentials file
for this user is PSMApp.ini and is stored in the PSM server

This is the Gateway user through which the PSM user will access the Vault
to retrieve the target machine password. The credentials file for this user
is stored on the PSM Server in a file named: PSMGW.ini
44. What is the default safe where recordings will be stored?

ANS: All the recordings will be stored in PSMRecordings.

45. Name the services related to PSM?

ANS: CyberArk Privileged Session Manager.

46. What are log files related to PSM?

ANS: PSM log files are PSMConsole and PSMTr

ce

47. What is the configuration file of PSM?

ANS: basic_psm

48. What are default safes that are created after PSM
installation?

ANS: Default safes that are created after PSM installation

 PSM
 PSMLiveSession
 PSMUnamanagedAccounts
 PSMRecordings
49. What does PSM safe contains?

ANS: PSM Safe contains PSMAdmin and PSMServer.

50. What is the formula for calculating storage of PSM
recordings?

ANS:
51. What is the functionality of Vault, CPM, PVWA and PSM?

ANS:

 Vault: It is the secure repository of all sensitive information, and it

is responsible for securing this information, managing and
controlling all access to this information, and maintaining and
providing tamper-proof audit records.
 CPM: The Privileged Account Security solution provides a
revolutionary breakthrough in password management with the
CyberArk Central Policy Manager (CPM), which automatically
enforces enterprise policy. … The CPM generates new random
passwords and replaces existing passwords on remote machines.
 PVWA: The Password Vault Web Access Interface is a complete
featured web interface providing a single console for requesting,
accessing, and managing privileged account credentials passed
throughout the enterprise by both end users and system
administrators.
 PSM: CyberArk’s Privileged Session Manager (PSM) is a central point
of control for protecting target systems accessed by privileged users
and accounts. It’s a single solution that isolates controls and
monitors all privileged activity across the data center with recording
and monitoring activity.

52. What is the difference between standalone configurations and

HA cluster configuration?

ANS:

53. How will you implement cyber ark HA cluster?

ANS:

 Make sure all prerequisites are in place.

 Install vault server on node A
 Do the cluster configuration in cluster vault.ini file
 Copy the operator keys to node B
 Stop the CVM on node A and make sure the disks are in offline.
 Install the vault server on node B.
 Do the cluster configuration in cluster vault.ini file
 Vault id and server id should be same on both nodes.
 Start CVM on node A
 Do the failover from active node to passive node and vice versa.
 Now install the components in the following order.
 PVWA,CPM and PSM

54. What is the configuration file of cluster vault & what does it
contains?

ANS: ClusterVault.ini

55. What is Quorum?

ANS: In order to prevent split brain scenarios in case of communication

errors and, we are going to use the Quorum mechanism.

The Quorum uses a separate disk on the shared storage.

Quorum disk will always stay offline during normal Cluster Vault operation
(except during installation) but remain reserved for the active node.

56. What are the log files of HA-cluster?

ANS: Log files of HA-Cluster are

 ClusterVaultConsole.log
 ClusterVaultTrace.lo
57. Name the services related to HA-cluster?

ANS: ClusterVaultmanager

58. What are the prerequisites of HA-cluster?

ANS: Prerequisites of HA-Cluster is

 Dedicated SAN and Shared Storage

 Two identical vault servers
 Virtual IP address
 Each node should have only one single static IP
 It is highly recommended that both nodes have the same amount of
physical memory
 The clocks on both cluster nodes must be synchronized
 The two Cluster Vault Nodes must be connected directly via a
private network or cross-over cable.
 If the storage is based on iSCSi(network storage) then a Windows
update (KB2955164) should be installed in order to ensure database
stability.
 Ensure that the drive letters for the Quorum and Storage disks are
identical in both nodes.
 Ensure that the shared storage resources are only online in one
node.
 Make sure that servers are reachable via public ip, private ip and
virtual ip.
 Vault Servers (Primary, DR, Satellite) For each HA Cluster Pair, 2x
Vault Servers (Node 1 and Node 2) — Windows 2012 R2 64-bit
Standard Edition:
 The Vault servers is highly recommended to be on physical servers
for security and performance purposes. If this is an issue, please
contact CyberArk Professional Services.
 The server should be installed as a clean image from ISO, rather
than a normal domain image that’s been cleaned to avoid any GPO
impact
 .NET Framework 4.5.2 Feature Installed
 2x shared disks via SCSI or Fiber (SAN) attached storage
 Primary disk for data storage based on Vault data size calculations
 Secondary disk for Quorum verification with at least 500MB
 These disks should not be used by any other system
 If SAN is used, these should be on separate LUNs
 Both the Quorum and the Data disks MUST be provisioned as an
MBR partition table, NOT a GPT partition table
 Public and Private NICs
 Private NICs should be connected by a crossover cable or be on an
isolated /30 VLAN
 Three (3) public IPs, 2 private IPs
 Node 1 public, Node 2 public, Vault VIP
 Node 1 private, Node 2 private
 2 IPs for Out-of-Band management (iLo/DRAC)
 DO NOT install any third party software; this includes Antivirus,
Spyware, Backup, Monitoring software.
 The server should not be part of the domain.
 Install the latest Microsoft Patches and updates and verify that they
do not have MS Windows Update active (setup to “Never Check”)

59. How the nodes will communicate in HA-cluster?

ANS: HA clusters usually use a heartbeat private network connection

which is used to monitor the health and status of each node in the cluster.

60. In which node storage will be in online?

ANS: Only onActive Node storage is in online condition.

61. Why the vault server should not be part of domain?

ANS: The Vault’s DNS sever settings should remain empty to eliminate
the risk of attack initiated through compromised DNS servers.

62. What is DEP and why do you we need disable DEP in CPM
server?

ANS: Data Execution Prevention (DEP) is a security feature that can help
prevent damage to your computer from viruses and other security threats.
Harmful programs can try to attack Windows by attempting to run (also
known as execute) code from system memory locations reserved for
Windows and other authorized programs.

63. What is the purpose of cyber ark CPM scanner services?

ANS: CPM Scanner service is used for Accounts discovery.

64. What are the logs we can see under third party logs?

ANS: Third Party logs are root logs, console log, expect log and debug
log.
65. What does password manager shared contains?

ANS: Password manager shared contains all policy files.

66. What does PVWA config safe contains?

ANS: The Policies.xml contains the “UI & Workflow” settings for all
platforms.

The PlatformBaseID, ties the platforms listed in the Policies.xml with the
platforms contained in the PasswordManagerSharedsafe.
67. What is the purpose of remote connection broker?

ANS: Remote Desktop connection broker connects or reconnects a client

device to RemoteApp programs, session based desktops and virtual
desktops.

68. What is the purpose of session collection?

ANS:

69. What is network layer authentication?

ANS: Network Level Authentication (NLA) is an authentication tool used in

Remote Desktop Services (RDP Server) or Remote Desktop Connection
(RDP Client), introduced in RDP 6.0 in Windows Vista and above. NLA is
sometimes called front authentication as it requires the connecting user to
authenticate themselves before a session can be established with the
remote device.

70. What is PSM connect and PSM admin connect?

ANS: During installation, the following users are created locally on the
PSM machine:
•PSMConnect–used by end users to launch a session via the PSM.

•PSMAdminConnect–used by auditors to monitor live sessions.

71. Is it possible to customize recording safes?

ANS: Custom recording safes can be defined at the platform level and are
created automatically by the PSM when it uploads the first recordings to
the Vault.

72. How will you grant access for getting reports tab?

ANS: We will get a reports tab after adding into PVWAMonitor group.

73. How will you integrate AD in cyber ark?

ANS: Create an LDAP Bind account with READ ONLY access to the
directory.

 Have the User Name, Password, and DN available

 Create three LDAP groups for granting access to the vault.
 CyberArk Administrators
 CyberArk Auditors
 CyberArk Users
 We strongly recommend you use LDAP/S
 This insures that all of the traffic between the Domain Controller or
LDAP authenticating Server and the Vault is encrypted
 Install the Root Certificate for the CA that issued the certificate on
the directory servers to the Vault Servers.
 Create a hosts file on the vault servers to manually resolve directory
server names.

74. What are default ports of LDAP?

ANS: The default port of LDAP is 389 and SSL authentication is 636.

75. What is the purpose of Bind user?

ANS: Bind operations are used to authenticate clients (and the users or
applications behind them) to the directory server, to establish an
authorization identity that will be used for subsequent operations
processed on that connection, and to specify the LDAP protocol version
that the client will use.

Binding is the step where the LDAP server authenticates the client and, if
the client is successfully authenticated, allows the client access to the
LDAP server based on that client’s privileges. Rebinding is simply doing
the process over to authenticate the client.
76. How LDAP directory mapping can be done?

ANS:

77. What are the predefined users & groups that are added after
safe creation?

ANS: Administrator, DR user and Batch.

78. What is the safe? How many ways safes can be created?

ANS: Safe is a logical container it stores privileged accounts stored in the

form of files.

Safes can be created in the following ways

 Privateark client
 PVWA
 Pacli script

79. What is safe retention period?

ANS: Note that version will not be deleted while still in the safe object
history retention period which is defined below.

80. How will you grant safe ownership?

ANS: Go to the private ark client go to respective user and add safe
required ownership .From PVWA go to the respective safes and add
members or the groups mapped from AD.

81. What are the roles and permissions that we can see at safe
level?

ANS: Roles and permissions at safe level are:-

Access:-

 Use accounts
 Retrieve accounts
 List accounts

Account management:-

 Add accounts (includes update properties)

 Update account content
 Update account properties
 Initiate CPM account management operations
 Specify next account content
 Rename accounts
 Delete accounts
 Unlock accounts

Safe management:-

 Manage safe
 Manage safe members
 Backup safe

Monitor:-

 View audit log

 View safe members

Work flow:-

 Authorize account requests (Level 1, Level 2)

 Access safe without confirmation

Advanced:-

 Create folders
 Delete folders
 Move accounts/folders

82. What is the platform and why do we need to duplicate

platform?

ANS: Introduction to Policy by Platform the Policy by Platform view

enables you to easily see the settings that will be applied to each platform
and gives you an ‘at a glance’ picture of the effective policy that manages
associated accounts.

You can see the base line of compliance-related settings implemented at

system level through the Master Policy, combined with exceptions for
specific platforms

There are two types of Account Platforms:

Account Platforms:-

 Define the technical settings required to manage the account

 User to define exceptions to the Master Policy
 Every account is associated with one platform

Target Account Platforms:-

 Service Account platforms define additional service accounts that
are required for use in different resources, such as Windows
services or Windows scheduled tasks.
 Service accounts will be tied to target accounts
 TARGET ACCOUNT PLATFORMS
 Target Account Platforms are used to provide two main
functionalities22
 Technical settings required to login into and change passwords on
the various types of systems.
 There will be a separate Platform for each type of Account we will
manage
 Example -How you login to and change a password on a Unix server
is much different that how you do the same thing on a windows
server
 Basis for exceptions to the Master Policy
 Example -There may be multiple Platforms that are used to manage
accounts on Unix via ssh servers. The technical settings may be the
same.
 Exceptions can be made to the Master Policy so that accounts
associated with one of the UNIX via sshPlatforms require Dual
Control.
 How we associate Accounts with Platforms will be covered later in
this section.

83. What are privileged accounts and different types of account?

ANS: There are 6 types of accounts

 Local Admin accounts: These accounts are typically non-personal

and provide administrative access to the local host. These accounts
are typically used by the IT staff to perform maintenance or to set
up new workstations. Often, these accounts will have the same
password across the platform or organizations.
 Privileged user accounts: These are the most obvious accounts.
These give administrative privileges to one or more systems. They
are the most common form and usually have unique and complex
passwords giving them power across the network. These are the
accounts that need to be monitored closely. These accounts should
be monitored for who has access, what they have access to, and
how often they request access.
 Emergency accounts: Emergency accounts provide unprivileged
users with admin access to secure systems in case of an
emergency. These are also referred to as “fire call” or “break glass”
accounts. While these accounts should require managerial approval,
the process is usually manual and lacks the appropriate record
keeping needed for compliance audits.
 Domain Admin accounts: Domain admin’s have privileged access
across all workstations and servers on a Windows domain. These are
the most extensive and robust accounts across your network
because they have complete control over all domain controllers and
the ability to modify membership of every administrative account
within the domain.
 Service accounts: These accounts are privileged local or domain
accounts that are used by an application or service to interact with
the operating system. Typically, they will only have domain access if
it is required by the application being used. Local service accounts
are more complicated because they typically interact with multiple
Windows components.
 Application accounts: these accounts are used by applications to
access databases and provide access to other applications. These
accounts usually have broad access to the company information
because of their need to work across the network.

84. In how many ways accounts can be on boarded?

ANS: Accounts can be on boarded in following ways

 Manually
 Password upload utility
 Accounts discovery
 Rest API

85. What is password upload utility and how will you on board
account on PUU?

ANS: Password Upload utility is used to on board the target servers in

bulk. You have to prepare a csv file where you can add a separate line for
each target server. Each line will have different fields such as IP address
of the server, account name, password, safe to which the server to be
added etc. Once you run the utility, accounts will be added to PIM.

The PUU contains the executables and configuration files required to run
the utility.

 Create the csv file.

 Configure the vault address in vault.ini file

 Configure the credential file the running command

createAuthFile.exe user.ini

 Specify the csv file name in conf.ini file

 run command passwordupload.exe conf.ini

86. What is the log file related to PUU?

ANS: Related log file of PUU is Password upload error.

87. What is dual control access approval and how will you enable?

ANS: End users will require authorization before accessing privileged

accounts. Depending on advanced configuration, access authorization
must be given by one or more managers or Peers.

Dual Control: -The Master Policy enables organizations to ensure that

passwords can only be retrieved after permission or ‘confirmation’ has
been granted from an authorized Safe Owner(s).Authorized Safe Owners
can either grant or deny requests. This feature adds an additional
measure of protection, in that it enables you to see who wants to access
the information in the Safe when, and for what purpose.

Note: The first group member who confirms or rejects a request doe’s so
on behalf of the entire group. If more than one confirmation is required,
each group is equivalent to a single authorized user and will count as a
single confirmation/rejection. As soon as users receive confirmation for a
request from an authorized user, they can access the password or file that
the request was created for.

The manual security workflow comprises the following steps:

1. The user creates a request: A user who wishes to access an account in

an environment where the Master Policy enforces Dual Control must first
create a request. In the request, the user specifies the reason for
accessing the account, whether they will access it once or multiple times,
and the time period during which they will access it. A notification about
the request is sent to users who are authorized to confirm this request.

2. The request is confirmed or rejected by the authorized user: Through

the notification, authorized users can access the request and view its
details. Based on these details, authorized users either confirm or reject
the request. The number of authorized users who are required to confirm
requests is defined in the Master Policy.

3. The user connects to the account: Each time an authorized user

responds to the request, the user who created it receives a notification.
When the total number of required confirmations is received for the
request, this user receives final notification. The user can now activate the
confirmation and access the

Account according to the request specifications.

88. What is check in check out policy and how will you enable it?

ANS: Enforce check-in/check-out exclusive access — Users can check out

an account and lock it so that no other users can retrieve it at the same
time. After the user has used the password, they check the password back
into the Vault. Together with enforcing one-time password access, this
restricts access to a single user, ensuring exclusive usage of the
privileged account and guaranteeing accountability. By default, this rule is
inactive.

Accounts Check-out and Check-in:

Auditing and control requirements demand full identification and

monitoring of users who access privileged accounts during any given
period. In addition, to guarantee accountability, each user who accesses a
privileged account must be the only one to do so.

The Master Policy enables organizations to permit users to check out a

‘one-time’ password and lock it so that no other users can retrieve it at
the same time. After the user has used the password, he checks the
password back into the Vault. This ensures exclusive usage of the
privileged account, enabling full control and tracking for the password.

If the organizational policy determines that a password can only be used

once, the Master Policy can also be configured to change the password’s
value before unlocking it and making it available to other users. If a CPM
is installed, this can be done automatically.

89. What is one time password access and how will you enable it?

ANS: Enforce one-time password access: Accounts can be retrieved for

one time use only, and the password stored inside must be changed after
each use before the account is released and can be used again.
Passwords can be changed automatically by the Privileged Account
Security solution’s password management capability.

90. What is the purpose of allow EPV connections?

ANS: Quick to connect.

Allow EPV transparent connections (‘click to connect’) — Users can connect

to remote devices without needing to know or specify the required
password. This prevents the password from being exposed to the user and
maintains productivity as the user does not have to open a login session
and then copy and paste the password credentials into it. In addition,
advanced settings define whether or not users are permitted to view
passwords. This enforces strong authentication for accessing managed
devices and restricts user access to passwords according to granular
access control.

91. How will you do CPM password management via PUU?

ANS:
92. What is reconcile account and how will you associate account
via PUU?

ANS:

 Used for ‘lost’ or unknown passwords

 Should be used infrequently
 Needs to have elevated privileges (i.e. Domain Admin)
 This account is usually a service account reserved for this purpose
 Reconcile accounts for Unix require a custom plug-in

Reconciling Passwords

Passwords in the Vault must be synchronized with corresponding

passwords on remote devices to ensure that they are constantly available.
Therefore, the CPM runs a verification process to check that passwords
are synchronized. If the verification process discovers passwords that are
not synchronized with their corresponding password in the Vault, the CPM
can reset both passwords and reconcile them. This ensures that the
passwords are resynchronized automatically, without any manual
intervention.

The platform contains rules that determine whether automatic

reconciliation will take place when a password is detected as
unsynchronized, or whether it is launched only through a manual
operation by an end user/system admin. A reconciliation account
password that will be used to reset the unsynchronized password can be
defined either in the platform or at account level. This account can be
stored in a separate Safe, where it is only accessible to the CPM for
reconciliation purposes. During password verification, the CPM plug-ins
return a list of predefined errors to the CPM. Each platform specifies the
specific errors that will launch a reconciliation process for passwords
linked to that platform. This enables each enterprise to specify its own
prompts for reconciling passwords and gives maximum flexibility to
individual needs.

During password reconciliation, the unsynchronized password is replaced

in the Vault and in the remote device with a new password that is
generated according to the relevant platform. As soon as reconciliation is
finished successfully, all standard verifications and changes can be carried
out as usual. Users can see details of the last reconciliation process in the
Operational Views in the Accounts List.

To Define a Reconciliation Account Password At platform level — All

accounts attached to a specific platform will use the reconciliation account
password specified in the platform.

93. What is logon account and how will you associate account via
PUU?
ANS:

 Used when a user is prevented from logging on but password is

known
 Used on a regular basis –i.e. it is common to block root access via
SSH
 A ‘super user’, such as root, should not be used as a logon account

Associating Logon Accounts

The CPM associates logon accounts to enable users to log onto remote
machines where they can perform identity management tasks. Logon
accounts can be configured in either of the following ways:

At platform level — All accounts attached to a specific platform will use the
logon Account specified in the platform.

At account level — A logon account can be initiated manually in the

Account Details page. The following parameters in the Privileged Account
Management parameters specify the default logon account that will be
associated with each new account.

LogonAccountSafe — The name of the Safe or a dynamic rule that specifies

it, where the default logon account that will be used for accounts
associated with this platform is stored.

Note: PSM cannot access logon accounts if the Master Policy is configured
to enforce dual control password access approval.

LogonAccountFolder — The name of the folder or a dynamic rule that

specifies it, where the default logon account that will be used for accounts
associated with this platform is stored.

LogonAccountName — The name of the default logon account that will be

used for accounts associated with this platform.

94. What is the default port of remote control agent (SNMP)?

ANS: Default port of Remote control agent is 9022.

95. What is the functionality of CPM?

ANS: The Privileged Account Security solution provides a revolutionary

breakthrough in password management with the CyberArk Central Policy
Manager (CPM), which automatically enforces enterprise policy. The CPM
generates new random passwords and replaces existing passwords on
remote machines.

96. What is the functionality of PVWA?

ANS: The Password Vault Web Access (PVWA) enables both end users and
administrators to access and manage privileged accounts.

97. What is the functionality of PSM?

ANS:

99. How will you enable PSM?

ANS:

99. How will you change recording safe retention period?

ANS: Reports Safes and PSM Recording Safes are created automatically
with the following setting:

Auto-purge is enabled — Files in this Safe will automatically be purged

after the Object History Retention Period defined in the Safe properties.
Audit — This rule enables you to determine how Safe audits are retained.

Activities audit retention period — The Master Policy controls the number
of days that Safe activities audits are retained. By default, audits of
activities are kept for 90 days.

Note: If this parameter is set to zero, activities in the Safe will not be
written in an audit log.

Protect or unprotect the recording — You can protect important recording

from being deleted automatically after the Safe retention period on the
Recordings Safe has expired.

To protect a recording, click Protect on the toolbar; the recording will be

stored in the Safe either until you delete it or until you remove the
protection.

To unprotect a recording, click Unprotect on the toolbar; the recording will

be deleted from the Safe the next time that expired Safe history is erased
from the Safe The retention period setting can be modified in the Safe
properties.

100. How will you monitor the live session?

ANS: PSMMaster and Auditors group member can monitor the live
sessions.

Monitoring Privileged Session Recordings

The PVWA acts as a centralized access point for privileged session

recordings. In order to display information about privileged session
recordings and be able to play the session recordings, users require the
following authorizations:

Membership in the Auditors Group Or, Membership in the relevant

Password Safes and Recording Safes with the following authorizations:

In the relevant account Safes:

 List accounts/files

Note: This authorization specifically enables users to access recordings

from the Account Details page.

In the relevant recording Safes:

 Retrieve accounts/files
 List accounts/files
 View audit
 Monitoring Privileged Sessions
 Privileged Account Security

Authorized users can view the recordings in any of the following ways:

The MONITORING page enables intuitive access to all privileged session

recordings. This page is visible to authorized users after the first recording
has been uploaded to the Vault.

The Recording Details page enables a more thorough view of a specific

session recording. The Account Details page provides access to recordings
for individual passwords.

101. How will you terminate the live session & what permissions
will you assign for terminating live session?

ANS: If we add PSMLiveSessionTerminator group we can terminate the

live session.

Terminating Live Sessions

You can terminate live sessions from your own workstation.

To Terminate Live Sessions In the MONITORING page:

1. In the Live Sessions grid, display the live session to terminate.

2. In the line of the session, click the Action menu icon and then
Terminate.

 In the Live Session Details page:

1. Display the Live Session details page of the live session to terminate.

2. On the toolbar, click Terminate.

A message appears prompting you for confirmation.

3. Click Yes to terminate the live session, or, Click No to leave the live
session running and return to the Live Session details page. A new window
is opened on your workstation and the live session is terminated; a
message appears to confirm that the target session was terminated.

102. Why do we need remote desktop licensing server?

ANS: CAL licences.

A client access license (CAL) is needed for each user and device that
connects to a Remote Desktop Session (RDS) host. An RDS licensing
server is needed to install, issue, and track RDS CALs. When a user or a
device connects to an RD Session Host server, the RD Session Host server
determines if an RDS CAL is needed.

Connecting to the PSM Server with Microsoft Remote Desktop Services

(RDS) Session Host Make sure you have the appropriate RDS CAL
licensing. PSM can work with any RDSCAL License scheme (either per user
or per device).

103. Is command based recording is possible or not?

ANS: Yes possible.

Configuring SSH Commands Access Control in PSMSSH commands white-

listing or black-listing (Commands Access Control) in PSM gives an
organization the ability to block unauthorized SSH commands if attempted
to be executed by a privileged user on a network, security or other device
or any SSH-based target system.

Users can connect transparently to a target system or device through the

PSM, and run specific commands on the target according to the user’s
permissions and the allowed commands as defined by the organization’s
security policy in the Vault. Unauthorized commands will be blocked and
will not be sent to the target.

The solutions’ architecture does not require installation of an agent on the

target machine or device. Instead, PSM can recognize the command the
user entered by analyzing the output of the terminal channel.

The solution aims to prevent user errors and provide a basic ability to
block unauthorized commands, especially where agents cannot be
installed due to an organizations’ policy or environment requirements (for
example, when restricting access to a network or security devices).

Note: Universal keystroke recording cannot be applied with Commands

Access Control in PSM. For considerations when using Command Access
Control, descriptions on how to enable, configure and manage ACLs, and
how to modify and delete Commands Access Control, refer to the
following section Configuring SSH Commands Access Control in PSMP

104. What are PSM shadow users?

ANS: Sessions for Non-RDP client applications (WinSCP, Putty etc.) are
launched on the PSM server using the PSM Shadow User accounts.

105. How will you enable suspended users?

ANS:

106. How will you enable default suspend users?

ANS: The PasswordManageruser is the default user of the CPM that is

used to connect to the Vault. The Cred file is created automatically during
the CPM installation.

The PasswordManageruser is authenticated by the Vault each time it

connects. After the CPM successfully authenticates, the vault changes the
password for the PasswordManageruser and updates the cred file on the
Comp Server.

107. What are the tasks that we can perform by using remote
control agent/client for operating vault?

ANS: In remote control agent we can perform below tasks.

108. What is the configuration & log file of remote control agent?

ANS: Paragent.ini and Paragent.log

The CyberArk Vault Remote Control feature enables users to carry out
several operations on the Vault, DR Vault, and ENE components from a
remote terminal. It comprises two elements:

REMOTE CONTROL

•The Agent is installed as part of the Vault installation on the Server and
on the Disaster Recovery Server.

Remote Control Agent

•The Remote Control Client is a utility that runs from a command line
interface and carries out tasks on a Vault component where the Remote
Control Agent is installed.

•It does not require any other Vault components to be installed on the
same computer, even the PrivateArkClient.

Remote Control Client:

•Retrieve logs

•Set parameters

•Restart vault

•Restart services

•Reboot vault server

•Retrieve machine statistics such as

•Memory Usage

•Processor Usage

REMOTE CONTROL AGENT.

The Remote Control Agent allows users to do the following from the
Client:

•The Remote Control Agent can use SNMPto send Vault traps to a remote
terminal. This enables users to receive both Operating System and Vault
information, as follows:

•Operating System information:

•CPU, memory, and disk usage

•Event log notifications

•Service status

•Component-specific information:

•Password Vault and DR Vault status

•Password Vault and DR Vault logs

•CyberArk provides two MIBfiles (for SNMP v1 and SNMPv2) that describe
the SNMP notifications that are sent by the Vault. These files can be
uploaded and integrated into the enterprise monitoring software.

•These MIB files are included on the Privileged Account Security

Installation CD

109. What is the Backup and restore?

ANS: Indirect Backup (Recommended)

•Replicate module is installed on a domain member server, typically the

same server as other CyberArk components.

•PAReplicate.exe is used to copy vault data as encrypted files from the

Vault server to the domain server.

•Third-party backup software can then be used to backup these files.

•Direct Backup (Not Recommended)

•Replicate module is installed on the Vault Server.

•PAPreBackup.exe is used to prepare the metadata on the Vault server for

direct tape backup.

•Warning: Installing a third-party backup agent on the Vault server may

introduce vulnerabilities and is not recommended.

110. How will you take vault backup by using replicate software?

ANS: 1. Enable the Backup user and set an initial password.

2. Install the Replicate module and specify a location for Replicated Data.

3. Edit the Vault.ini to point to the Vault server.

4. Create a Credential File for the Backup user.

5. Create a batch file to execute the Replicate Process.

111. What are default user that needs to be enabling for doing
backup and restore?

ANS: Backup and operator.

112. What are the commands for executing backup and restore?
ANS: To Restore a Safe
Safes are restored using the PARestore utility, regardless of how they
were backed up.

Notes: If a Safe with the name of the backed-up Safe does not exist in the
Vault, before beginning the restore process, create a new Safe with the
same name as the Safe that was removed. This Safe will remain empty,
and the contents of the backed-up Safe will be restored to a target Safe
with a different name that is specified during the restore process. To
increase the level of security, the restore process synchronizes the Safe’s
owners of the existing Safe and the original Safe. As a result, when you
restore a single Safe, its original Owners may not be restored with the
Safe data and must be added manually.

To restore a Safe that was backed up with the PrivateArk Replicator:

At a command line prompt, use the following command: PARestore

<VaultFile> <User> /RestoreSafe <Safe> /TargetSafe <NewSafe>

The Vault’s Backup solution is comprised of several utilities that manage

and perform the backup and restore operations. These utilities can be
configured to run automatically using a scheduling program. Safes backup
should be synchronized with your backup methodology.

Replication:-

The Vault Backup utility exports the Safe files from the CyberArk Vault to
a computer on the local network where the Backup utility has been
installed. The Safes are copied in a similar format and structure to the one
in the Server. The global backup system can then access the files from
that computer. In order to be able to issue the replicate utility in a Safe, a
user must have the ‘Backup All Safes’ user authorization and the ‘Backup
Safe’ authorization in the Safe being replicated. A predefined group called
‘Backup Users’ is created during Vault installation and upgrading, and is
added automatically to every Safe that is created. Each user that is
subsequently assigned to this group must be given backup authorizations
manually. This user authenticates to the Vault with a user credentials file
which contains its username and encrypted logon credentials. As the
Backup utility is part of the total CyberArk Vault environment, there is no
need for any external application to cross the firewall. The entire backup
procedure takes place within the Vault environment, thus maintaining the
high level of security that is characteristic to the CyberArk Vault.

Note: If your Safes are on an NTFS partition, the replicated Safes should
also be on an NTFS partition, and not FAT/FAT32.

The following diagram displays the processes that take place during Vault
replication. Vault Replication

Privileged Account Security

Step 1: The Vault Backup utility (PAReplicate.exe) generates a metadata
backup in the Vault’s Metadata Backup folder, and then exports the
contents of the Data folder and the contents of the Metadata Backup
folder to the computer on which the Backup utility is installed.

Step 2: After the replication process is complete, the external backup

application copies all the files from the replicated Data folder and the
Metadata folder. Keep the replicated files on the Backup utility machine
after the external backup application copies all the files. The next time
you run the Backup utility to the same location; it will update only the
modified files and reduce the time of the replication.

113. How will you do the incremental and full backup in your
current organization?

ANS: Incremental backup on daily basis and ful backup on weekly basis
using the cyberark task scheduler.

114. What is DR?

ANS: DR means Disaster recovery its same as vault server it uses

whenever vault server goes down DR vault server will be automatically up
and running. DR is a backup server.

The Disaster Recovery (DR) service that runs on the DR Vaults is

responsible for replicating the data and metadata from the Production
Vault, as described below.

Data Replication — The DR Service replicates the external files (Safes files
and Safes folders) from the CyberArk Production Vault to the DR Vault.
Data replication is performed according to the settings in the Disaster
Recovery configuration file (PADR.ini).

Metadata Replication — The DR Service replicates the metadata files based

on exports (full backup) and binary logs (incremental backups). Metadata
replication from the Production Vault to the DR Vault occurs after each
action in the Vault has been completed.

Replication of the metadata files (MySQL DB) based on exports (full

backup) and binary logs (incremental backups)

 Metadata replication from the Production Vault to the Disaster

Recovery Vault occurs at the completion of each event
 Since password objects are also stored in the metadata, password
objects are always synced between production and DR.

115. How will you perform DR drill?

ANS: Before doing DR drill we will take the entire backup from vault
server and need to check replicating the data or not till the date of DR
drill.

 Plan for down time

 Plan for change freeze
 Inform to customers about the activity and to use DR PVWA’s
 Stop the production vault server
 Check the PADR.ini file and make sure that enable failover mode is
set to yes.
 After 5 attempts of retries the DR vault server should be
automatically up and running.
 Monitor the PADR.log

116. What is the configuration file of DR vault?

ANS: PADR.ini

117. What is the log file of DR vault?

ANS: PADR.log

118. What are the services related to DR?

ANS: CyberArkDisasterRecovery

118. Which user is responsible for replicating the vault data?

ANS: DR user is responsible replicating the vault data.

119. How will you point the component servers to DR site?

ANS: All the vault.ini files of the component servers must contain DR
vault ip address.

120. What are different types of reports?

ANS: Reports are two types

1. Operational reports

a. Privileged account inventory

b. Applications inventory

 Audit and compliance reports

 Privileged accounts compliance status
 Activity log
 Entitlement
121. In how many ways reports can be generated?

ANS: Reports can be generated in two ways

1. PVWA webpage reports tab

2. Private ark client

122. What is Entitlement report?

ANS: Entitlement reports — User, FullName, Group, GroupOwnership,

Location,

UserType, TargetPolicy, TargetSystem, TargetAccount, Safe, Read,

Change,

OtherPermissions

123. What is privileged compliance account report?

ANS: Privileged account compliance status report uses CPM status for
each account that is complaint or non complaint .

124. What is license capacity report and what does it contains?

ANS: List down the licenses that are available and valid for users as well
as PIM components.

125. How will you generate activity log reports for server?

ANS: From PVWA page go to reports tab and generate activity log report
based on the codes that are required.

126. What are customized reports?

ANS:

127. How will you login with master account and where you can
login?

ANS: Need to specify recover private key path in dbparm.ini file and
emergency station ip in dbparm.ini file. Master user can only login from
server administrative console and from emergency station ip.

128. Can master account login PVWA?

ANS: NO he can only login via private ark client.

129. How will you perform version upgrade?

ANS:

1. Take file system backup on all component servers where CyberArk

components are installed

2. It is better to stop the services while run the script for version upgrade

3. Better plan the activity during off peck time (preferably on weekends)
and notify the administrator / end users to use DR PVWA instead of Prod
PVWA

4. Ensure all components including Vault, CPM, PVWA and PSM

components are up and running in DR

5. Stop the services in production component servers and take file backup

6. Run the script on each component in production

7. Start the services and test if everything is working

8. Then notify the end users to use production PVWA

9. Stop the services on DR and run the same steps to upgrade DR

130. What are the steps to be taken before doing version

upgrade?

ANS: Take file system backup on all component servers where CyberArk
components are installed.

131. What are the log files and how will you enable debug logs?

ANS:

132. What is purpose of EPM?

ANS: Endpoint Least Privilege, App Control & Credential Theft Protection

133. What are OPM and PTA?

ANS: CyberArk’s Privileged Threat Analytics detects malicious privileged

account behavior.

•By comparing current privileged activity in real-time to historical activity,

CyberArk can detect and identify anomalies as they happen, allowing the
incident response team to respond, disrupting the attack before serious
damage is done.
•By continuously monitoring privileged accounts for reset and change
password activities, the PTA can detect when a user changes a password
of a managed privileged account without using the CPM, and can
automatically respond to contain the risk by reconciling the password of
this account.

135. What is secure connect?

ANS:

136. What is rest API?

ANS: The PAS Web Services is a REST full API that enables users to
create, list, modify and delete entities in Privileged Account Security
solution from within programs and scripts.

The main purpose of the PAS Web Services is to automate tasks that are
usually performed manually using the UI, and to incorporate them into
system and account provisioning scripts.

The PAS Web Services are installed as part of the PVWA installation, and
can be used immediately without any additional configuration. Make sure
your CyberArk license enables you to use the CyberArk PAS SDK

137. End user is not able to access target server, how do you
handle?

ANS: a) there may be password mismatch between target server and

vault for the selected privileged account. We have to synch the password
in between vault and target server for the privileged id

b) Target server might be down or not reachable and not accepting

requests. We need to talk to application or server team to ask them to
resolve the issue at target server level and ensure the requests are
accepted from PIM to login.

c) Selected privileged account may not exists on target server When the
privileged account is on-boarded to PIM using password upload utility,
data in the csv file might be wrong, and wrong privileged account is added
to PIM (on-boarded to PIM) Work with target server team and ask them to
create privileged account on target server. Or delete the privileged
account in PIM console and add correct privileged account which is
existing on target server

d) Required interface is not installed or registered under connection

components in PIM configuration. For example toad is not installed and
the user is trying to access database target server, connection will not be
established and user can not access target server
We need to install the interface and register under connection
components if there is no entry in PIM configuration. (Check under
Administration -> Options)

138. How do you implement Cyber Ark?

ANS:

First Step is to install the components:

Enterprise Vault is the critical component in Cyber Ark, this component

should be installed on a separate server. Hence first steps are to install
Enterprise Vault on dedicated Windows server.

Hardening option — Do not select Hardening option when you install Vault
for the first time. Once the installation of all components successfully we
harden the Vault

CPM (Central Policy Manger) and PVWA components should be installed on

another server. First CPM should be installed and then PVWA should be
installed. .Net Frame work should be installed and IIS server also should
be installed. RDP service should be installed.

It is recommended to install PSM on another server.

Second step is configuration:

1. AD integration to import end users and groups in to PIM

 Create Safes

Create required safes as per the design confirmed in PVWA

 Platform Duplication

It is better to duplicate the default platform available in the system For

example if there is a platform “Windows Server Local Accounts”, duplicate
it with “IBM Windows Server Local accounts” so that policies can be
applied at more granular level.

 Policy Management

Set the policies for check-in check-out exclusive access, one-time

password, duel control etc., if required for any platform Set the password
rules, session management rules etc., for the required platform.

5. Account on-boarding
Accounts can be on-boarded manually one by one Accounts can be on-
boarded in bulk using password upload utility

139. How does the file sharing can be done through PIM ?

ANS: Sometimes the files, could be log files, configuration files or any
other files may need to be copied from a target server (could be an unix
server or windows server) to other target server.

PIM allows to use WinSCP as the interface or client to copy the file from
one target server to PSM server, and copy the file from PSM server to
other target server. WinSCP should be installed on PSM server and
configured.

140: What is break glass id and why it is required?

ANS:

141. What is password randomization?

ANS: Password randomization means, changing the passwords for

privileged account at regular interval. We can schedule the password
change in Policy as shown below. We can set the value for “Required
password change for X days”, default value is 90 days.

142. How can you change the password for privileged accounts,
let say I want to change the password for 100 accounts?

ANS: We can change the password for multiple accounts at a time

manually. Select the required accounts in accounts page (where you can
view the list of accounts) and run the change password (in Manage
button, you can click on “change” option). Please see the screen below,
you can choose the option change the password by CPM immediately, so
that CPM will change the password for all the selected accounts.

143. What is SplitPassword?

ANS: Password policy to ensure that single user doesn’t have access to
complete password on account.

144. What are the default ports?

ANS: PORTS:-

Vault with Component:-1858

SSH + SFTP (but can be configured anywhere):-22

Telnet:-23
RDP:-3389

LDAP:-389

DNS:-53

RADIUS:-1812

SNMP:-161

SNMP Trap:-162

Network Trap(NTP):-123

CPM:-21,22,23,3389,135,139,445,1521,3306

145. What is the connector?

ANS: Mention connectors used in

146. What is the difference between Identity Management and

Access Management?

147. What is Auto detect or Auto discovery?

148. Which component of CyberArk enables commands to be

white listed or blacklisted on a per user and / or per system
basis?

ANS: On Demand Privileges manager enables the commands to be white

listed or blacklisted.

149. What do you understand by SSH Key Manager?

ANS: SSH Key Manager helps organizations prevent unauthenticated

access to private SSH keys, which are frequently used by privileged
Unix/Linux users and applications to validate privileged accounts. SSH Key
Manager secures and rotates privileged SSH keys based on the privileged
account security policy and controls and scrutinize access to protect SSH
keys. This solution enables organizations to gain control of SSH keys,
which offers access to privileged accounts but is often ignored.

150.What are User Directories that are supported by CyberArk?

ANS: CyberArk supports Active Directory, Oracle Internet Directory,

Novell eDirectory, IBM Tivoli DS.

151. If CyberArk vault user changed his Active Directory

password, what will happen with his CyberArk account?
ANS: Nothing happens if CyberArk uses the LDAP authentication process.

152. What is PrivateArk Vault Command Line Interface?

ANS: The PrivateArk Vault Command Line Interface (PACLI) enables the
users to access the PAS Solution from any location using fully automated
scripts, in a command line environment. Users accessing the PAS solution
via the PACLI have access to limited interface for management, control,
and audit features.

153.What do you understand by PrivateArk Client?

ANS: The PrivateArk Client is a standard Windows application which is

used as the administrative client for the PAS Solution. The Client can be
deployed on multiple remote computers and can access the Enterprise
Password Vault via LAN, WAN, or the Internet through the Web version of
the client. From this interface, the users define a vault hierarchy and
create safes. Access to the Enterprise Password Vault via the PrivateArk
Client requires a user to be validated by the Digital Vault.

154. What’s the password complexity required in CyberArk

authentication using internal CyberArk scheme?

ANS: There should be one minimum lowercase alphabet character with

one uppercase alphabet character and one numeric character to generate
a password in CyberArk authentication using internal CyberArk scheme.

155. How many times we can increase the access to wrong

Password count?

ANS: Maximum 99 times only.

156. How will you replace .xml license file?

ANS: To apply a new license file you must:

1. Upload the license.xml file to the System Safe.

156. What utility is used to create or update a credential file?

ANS: CreateCredFile.exe

157. What are the authentication methods supported methods by

CyberArk?

ANS:

A) CyberArk Password
B) LDAP

C) OAuth

D) PKI

E) RADIUS

F) OracleSSO

SAML

1. Tell me about your past projects and profile.

So far i am carrying an experience of 4 yrs in administrating and

implementing customized IT solutions i.e cyber-ark privileged identity
management and i have done 3 projects one on cyber-ark PAS and the
other two projects on Administration and Networking side. coming to the
cyber-ark’s project i have been involved in both implementation and
support level. we have installed Enterprise password vault on a dedicated
physical server ,Cpm’s , Pvwa’s and PSM’s on virtual servers . After
installing these components we were moved into configuration i.e first AD
is integrated to Cyberark to import users and groups in to PIM. We have
Created required safes as per the design confirmed in PVWA and As per
our client requirement we have duplicated the windows platforms with the
name _windows server local accounts. I have on-boarded multiple
accounts to PIM i,e windows servers,linux servers and some databases .
We have configured Session recording & live monitoring on Privileged
Session Manager, One-Time Password (OTP), Dual Control Approval
Workflow and exclusive access for check-in check-out etc. Then i was
assigned to support role and i need to monitor the cyberark services on
regular basis whether they are running or not. Handling login issues
related to PVWA and target systems for example if the end user is not
able to access the target server i need to check the log files why the user
is not able to access the particular account and i need to resolve this
issue, There might be many reasons like Target server might be down or
not reachable, There may be password mismatch between target server
and vault for the selected privileged account, Selected privileged account
may not exists on target server. I need to Create and Manage Safes,
platforms and Owners, Policy specification etc these are the daily day to
day support activities i am going to do in this current project.

CyberArk Scenario Based Interview Questions

1. You have just added a new critical application to CyberArk, but the
application team reports that password rotation is not working. How would
you fix this issue?
To troubleshoot a password rotation failure for a critical application in CyberArk, we can follow
these steps:
 Verify that the application credentials stored in CyberArk are accurate and up-to-date
 Examine the password rotation policy and platform settings to ensure they comply
with the application’s requirements
 Check the notifications and logs in CyberArk for any anomalies or error messages
related to the rotation process
 Analyze the application logs for specific error messages or issues during password
rotation attempts
 Verify that the application team has the required permissions and privileges to start
password rotations
 Start a password rotation manually to test if it fails and get further error information
 Collaborate with the application team to understand any recent password rotation
changes or issues
 Make sure the application’s documentation matches the configuration
2. Suppose a user reports that they cannot access a specific privileged
account via PVWA (Password Vault Web Access). Explain how you would
diagnose and resolve the issue.
To address a user’s inability to access a privileged account via PVWA, we can follow these
steps:
 Verify User Credentials: Verify the user’s login credentials to ensure they are accurate
 Verify Account Status: Verify whether the privileged account is active or locked
 PVWA Health: Ensure the PVWA service is running
 Review Access Permissions: Ensure the user has the necessary permissions to
access the account
 Logs and Error Messages: Analyze logs for any errors or access denials, addressing
them accordingly
 Browser Compatibility: Verify that Password Vault Web Access is compatible with the
user’s browser
 Password Policy: Confirm the password complies with policies and has not expired
 Password Reset: Reset the password if necessary, then test access
3. Let’s say you have been tasked with configuring a new CyberArk safe. What
would be the most important factors you consider when setting up access
controls for your new safe?
When setting up a new safe in CyberArk, consider these key factors:
 Authorization: Define who can access the safe and their roles (admins, users, auditors)
 Authentication: Implement the appropriate authentication methods, such as MFA (Multi-
Factor Authentication), SSO (Single Sign-On), Biometric Authentication, etc
 Least Privilege: Assign permissions based on the least privilege principle to limit access
to only what is essential
 Emergency Access: Prepare access policies and approval processes for emergencies
 Audit Trails: Enable thorough auditing to monitor safe activity.
 Rotation Policies: Implement password management and rotation policies
 Segregation of Duties: Avoid conflicts in access permissions by separating
responsibilities
4. A company wants to secure its AWS root account during a cloud migration
using CyberArk. What approach would you use here?
To secure the AWS root account with CyberArk during a cloud migration, we should consider the
following things:

 Isolate AWS root credentials within the CyberArk vault

 Implement automatic password rotation for the root account

 Define strict access policies and permissions for who can retrieve and use these credentials

 Implement session recording for all root access

 Set up alerts for suspicious activities

 Enable Multi-Factor Authentication (MFA) for root account

 Monitor and analyze audit logs for security breaches

5. During an audit, it was discovered that a group of users had unauthorized

access to a set of privileged accounts. How would you investigate how this
occurred, and what actions would be taken to rectify the situation?
Following the steps below, we can effectively investigate and mitigate unauthorized access to
privileged accounts.
 Immediate Response: The first step should be deactivating compromised accounts and
updating passwords for impacted privileged accounts
 Gather Evidence: Collect logs and audit trails related to unauthorized access
 Identify Affected Accounts: Determine which privileged accounts were accessed
without permission
 Root Cause Analysis: Investigate how the breach happened, looking for vulnerabilities
or misconfigurations
 Patch and Remediate: Address identified security vulnerabilities or misconfigurations
 Review Access Controls: Assess access policies and permissions to identify security
gaps
 Report and Documentation: Document the investigation process, findings, and
remediation steps. Inform management and affected parties about the breach and
remediation steps
6. A user attempts to access a password via the PVWA but encounters an error
stating they are not part of the necessary access group. The user claims they
successfully accessed the same account just last week. How would you
handle this situation?
In this situation, we could follow these steps to handle the issue:
 Verify the user’s claim of previous access to ensure accuracy
 Check to see if the user was a part of the necessary access group last week
 Examine recent modifications to access groups or user permissions that may have led
to the error
 Analyze access logs and audit trails to find anomalies or errors during the attempted
access
 If required, modify the user’s permissions or access group to allow appropriate access
 Provide user guidance or training if the issue is due to a user mistake
7. Suppose you have been given a task to integrate CyberArk with the SIEM
system for central logging and tracking. What steps would you take, and what
would you consider?
To integrate CyberArk with an SIEM solution for centralized logging and monitoring, we should
follow these steps and considerations:
 Planning: Define data requirements and integration objectives
 Select SIEM: Select a compatible SIEM solution that CyberArk supports, ensuring it can
accept logs and events
 CyberArk Connector: Install a CyberArk connector or agent to collect data
 Data Mapping: Define which CyberArk events and logs should be sent to the SIEM for
analysis
 Access Policies: Ensure logs include privileged access and authentication events
 Testing: Test the integration to ensure accurate correlation, SIEM alerting, and data
transmission
 Alerts and Dashboards: Create custom alerts and dashboards in the SIEM for
CyberArk-related events
 Continuous Monitoring: Implement real-time monitoring and regular review of SIEM
alerts and logs
 Documentation: Maintain complete documentation for future reference
8. A critical system is down, and the team suspects it is related to a password
change made via CyberArk. How would you check if CyberArk caused the
issue? What actions would you take to resolve the issue?
To verify if CyberArk caused the critical system outage:
 Check CyberArk logs for any password update activities related to the affected system.
 Check the system logs on the crucial system for any errors or anomalies that coincided
with the password change.
 To comprehend the procedure and identify any possible issues, interact with team
members engaged in the password update.
If CyberArk is confirmed as the cause, then we should follow the below steps to resolve the
issue:
 Initiate a password rollback to the previous state to restore system functionality.
 Investigate why the password update caused the issue and address any
misconfigurations or vulnerabilities.
 For future reference, document the event, findings, and remediation steps.
 Implement preventive measures to avoid identical incidents in the future, such as
enhanced testing and validation methods.
 Throughout the process, keep stakeholders updated on any resolutions or preventative
measures taken.
9. The organization is worried about the risk of insider threats and wants to set
up session recordings for specific privileged accounts. What would be the
best way to implement this in CyberArk?
To reduce the risk of insider threats, implement session recording for specific privileged accounts
in CyberArk using these simple steps:
 Identify Target Accounts: Based on criticality and access levels, identify privileged
accounts that need session recording.
 Session Recording Policy: Establish a clear session recording policy that outlines what
should be recorded, how long it should be kept, and who may view the recordings.
 Configure PSM (Privileged Session Manager): Install and configure CyberArk’s
PSM to enable session recording.
 Storage and Access Control: Create a secure storage for session recordings and
restrict access to only authorized personnel.
 Retention Period: Establish a session recording retention term that complies with
organizational policies and legal requirements.
 Monitoring and Alerts: Configure alerts and monitoring to identify suspicious activities
during sessions.
 User Awareness: Educate privileged users about the session recording procedure and its
intent.
 Record: Record all aspects of the setup, including configurations, policies, and procedures.
10. If you are asked to import 100 new Unix-based servers into CyberArk,
explain how you would go about it and what challenges you might face.
To import 100 new Unix servers into CyberArk:

 Gather a list of servers with their details (e.g., IP, hostname, OS, etc.)

 Establish a separate safe for Unix servers

 Create privileged user accounts for every server

 Use CyberArk’s automated discovery tools to identify and validate account information on
servers

 Confirm successful discovery and account integration

 Apply appropriate access policies and permissions

 Verify access to ensure successful integration

Challenges may include:

 Coordinating server access

 Managing credentials securely

 Ensuring uniform configurations

 Handling potential errors during the import process

 Setting up appropriate permissions for users

Q.1. How to restrict a LDAP user to use only PSM and PVWA?

To restrict the user to use only authorized interfaces:

 Login to PrivateArk Client:

 Go to Tools > Administrative Tools > Directory Mapping
 Select the Vault User Mapping
 Click on User Template and User Type
 Select Authorized Interfaces
 Choose only those which you want to user to use

If a user uses an unauthorized interface, they will see an authentication failure.

Q.2. Secure RDP Connections to CyberArk PSM Server with SSL ?

Most of the interviewer ask this question:

On the PSM server, run gpedit.msc to set the security layer>

Navigate to Computer Configuration > Administrative Templates > Windows Components

> Remote Desktop Services > Remote Desktop Session Host > Security.

Open the Security setting, Set client connection encryption level.

In the Options area, from the Encryption Level drop-down list, select High Level.

Click OK to save your settings.

Open the Security setting, Require use of specific security layer for remote (RDP) connections.

In the Options area, from the Security Layer drop-down list select:

 Windows 2019 – TLS

 Windows 2016 – SSLT
 Window 2012 R2 - SSL (TLS 1.0)

For connections with RDP files, specify authentication level:i.

For connections with ActiveX, specify AdvancedSettings4.AuthenticationLevel.

In each active connection component, add a new Component Parameter.

Connections to the PSM require a certificate on the PSM machine. By default, Windows
generates a self-signed certificate, but you can use a certificate that is supplied by your
enterprise.

Q.3. How to increase the debug levels for CyberArk Vault & its Components?
Vault: DebugLevel= PE(1,6), PERF(1),LDAP(14,15)

CPM: CPM.ini (or via PVWA System Configuration): Upto 6, platformwise, Auto Detection,

PVWA: Administration Tab > click Options and then Logging:

DebugLevel=High (None/High/Low)
InformationLevel=High (None/High/Low)

The LogFolder parameter in web.config in the IIS PasswordVault folder:

CyberArk.WebApplication.log

CyberArk.WebConsole.log

CyberArk.WebSession..log

PVWA.App.log

PSM: General Settings:

Server Settings TraceLevels=1,2,3,4,5,6,7

Recorder Settings TraceLevels=1,2

Connection Client Settings TraceLevels=1,2

Q.4. How to allow firewall between Vault and a server and how many IPs we
can add?

AllowNonStandardFWAddresses is a multiple parameter that can be added to the dbparm.ini

multiple times.

It should be added in dbparm.ini.

Up to 16 IP addresses are allowed.

Vault service must be restarted after changing parameters in the DBParm.ini file

Eg: AllowNonStandardFWAddresses=[1.1.1.1,2.2.2.0-2.2.2.255,3.3.3.0-
3.3.3.255,...],Yes,1000:inbound/tcp

Q.5. How to secure PVWA URL?

Securing any URL, you require an SSL certificate:

Get an SSL certificate containing all the info of your PVWA and if PVWAs are load balanced then
it should have LB info too.

Import the certificate on PVWA server to personal section of computer certificates.

Open IIS settings, edit the bindings and select the SSL cert to 443 and apply.

Reset the IIS

This should be done on all the PVWAs.

Q.6. Can we change the password complexity for one platform?

Yes, you can have different password complexity for every platform.

 Go to Administration > Platform Management

 Edit the platform for which you want to change the password complexity
 Go to Password Management Section & Change
 Set the complexity as per the requirement

Same password complexity should be set on your target server too, otherwise CPM will fail to
change the password.

Q.7. How to apply new patches to Vault?

This question can be asked to L3 profile:

 Copy the KB file to your Vault Server.

 Enable and start the Windows Update service.
 Enable and start the Windows Module Installer service.
 Navigate to Registry Editor.
 Locate the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver entry.
 Back up the entry.
 Change the value of Start to 3.
 Restart the Vault Server.

Navigate to Services Management and start the Windows Installer service.

Now, Stop the PrivateArk Server & Database service.

Install the Windows patch for the relevant Operating System. Restart the Vault server if
requested to.

Verify the KB installed successfully on the server and stop all windows services enabled. You
can consult CyberArk support before patching the Vault as not every patch is applied to Vault
servers.

Q.8. Maximum number of transactions that can be received & processed

concurrently by the Vault?

The max. number of transactions can be received by Vault can be 9000. And transactions
handled concurrently are around 600 by the Vault.

Q.9. What’s the max. length of username in Vault?

Its 128 characters

Q.10. What’s the difference between MFA and 2FA?

2FA: When two authentication methods are being used to provision the account

2FA requires two authentication credentials—no more, no less.

Every Two-Factor Authentication is Multi-Factor Authentication.

MFA: When two authentication methods or more than 2 are being used to provision the account

2 or 3 credentials, but the only criteria to qualify as MFA is that there is more than one credential
required to confirm a person’s identity.

Not every Multi-Factor Authentication is Two-Factor Authentication.

A well-known cybersecurity firm with a focus on privileged access management (PAM) systems
is CyberArk. Securing and managing the privileged accounts and credentials that grant broad
access to an organization’s most sensitive systems and data is the primary responsibility of PAM,
which is a crucial component of cybersecurity. Through the protection of privileged access, user
activity monitoring, and policy enforcement against unauthorized access, CyberArk’s PAM
solutions assist enterprises in thwarting cyber threats. Password vaulting, session monitoring,
threat analytics, and automated workflows are just a few of the features available on the
company’s platform.

1. What is CyberArk?

Ans:

CyberArk is a cybersecurity company that specialises in privileged access management (PAM)

solutions, providing tools to secure, manage, and monitor privileged accounts and credentials.

2. What is Privileged Access Management (PAM)?

Ans:

PAM refers to the set of cybersecurity strategies and technologies for managing, monitoring, and
securing access to critical systems by privileged users.

Privileged Access Management

3. Explain the concept of Privileged Accounts.

Ans:
Privileged accounts have elevated permissions and access rights, allowing users to perform
administrative tasks. These accounts are high-value targets for attackers.

4. What is the CyberArk Vault?

Ans:

The CyberArk Vault is a secure repository that stores and manages sensitive information, such
as privileged account credentials and SSH keys.

5. Name some key components of the CyberArk solution.

Ans:

CyberArk’s comprehensive solution encompasses several key components:

 Enterprise Password Vault (EPV)

 Privileged Session Manager (PSM)
 Central Policy Manager (CPM)
 Digital Vault Infrastructure (DVI)
 Command Line Interface (CLI)
 REST API

6. Explain the purpose of the Enterprise Password Vault (EPV).

Ans:

Secure Credential Storage:EPV securely stores sensitive information such as usernames,

passwords, and SSH keys associated with privileged accounts

Access Control:Only authorised users and applications with the appropriate permissions can
retrieve and use these credentials.

Audit and Accountability:EPV maintains a comprehensive audit trail of all interactions with
privileged credentials.

Automated Password Rotation:EPV supports automated password rotation, a key security

practice that reduces the risk of unauthorised access by regularly changing passwords for
privileged accounts.

7. What is a Privileged Session Manager (PSM)?

Ans:
Privileged Session Manager (PSM) is a critical component of the CyberArk solution designed to
address the security challenges associated with privileged sessions. PSM ensures that privileged
users access critical systems and sensitive data through controlled and monitored sessions.

8. How is CyberArk typically deployed in an organisation?

Ans:

The deployment of CyberArk typically involves the following considerations:

Cloud Deployment: Organisations can choose to deploy CyberArk in the cloud, leveraging
cloud service providers such as AWS, Azure, or GCP.

Hybrid Deployment: Some organisations adopt a hybrid deployment model, combining both on-
premises and cloud-based CyberArk components.

9. Explain the integration of CyberArk with Active Directory.

Ans:

The integration of CyberArk with Active Directory (AD) is crucial for managing and securing
privileged accounts associated with AD.This includes accounts with elevated privileges such as
domain administrators or service accounts used for critical operations.

10. What is the CyberArk Central Policy Manager (CPM)?

Ans:

The CyberArk Central Policy Manager (CPM) is a pivotal component within the CyberArk
Privileged Access Management (PAM) solution. CPM is designed to automate and enforce
security policies related to the management of privileged account credentials.

11. How does CyberArk enhance security and compliance?

Ans:

CyberArk enhances security and compliance through its comprehensive Privileged Access
Management (PAM) solution, addressing the challenges associated with privileged accounts and
access.

12. What is the CyberArk Digital Vault Infrastructure (DVI)?

Ans:
The CyberArk Digital Vault Infrastructure (DVI) is a key component within the CyberArk
Privileged Access Management (PAM) solution, designed to provide a secure and isolated
environment for executing scripts and commands without exposing sensitive credentials.

13. Role of REST API in CyberArk

Ans:

The REST API in CyberArk enables integration with external systems and applications. The
REST API is crucial for orchestrating privileged access management tasks, retrieving
information, and integrating CyberArk with other security tools and workflows.

14. What is CyberArk’s Role in Threat detection?

Ans:

CyberArk helps in threat detection by monitoring and analysing privileged account activity.It
provides real-time alerts and reports, enhancing the organisation’s ability to detect and respond
to potential security incidents promptly.

15. Differentiate between CyberArk AIM and PSM.

Ans:

Feature AIM PSM

Primary Function Manages and safeguards sessio

Oversees connections between applications.
privileged users.

Access Control Control of Access Controls access to restricts access to sensitive system
confidential information using automated keeps an eye on user behaviour

Authentication Techniques for Authentication mainly API- Supports a range of user and app
Methods based application authentication authentication techniques

Target Audience Teams from IT and security that

IT departments in charge of app connections
charge of managing privileged
and machine identities access

16. What is the significance of Automated Password Rotation in CyberArk?

Ans:

 Automated password rotation is crucial for enhancing security by regularly changing passwords
for privileged accounts.
 CyberArk automates this process, ensuring that passwords are rotated at scheduled intervals.

17. Define CyberArk’s Password Rotation Management

Ans:
CyberArk manages the password rotation process through its Conjur and Password Vault
solutions. Password policies are configured to enforce rotation schedules, and the solution
automates the generation and updating of passwords for privileged accounts.

18. List CyberArk Certifications.

Ans:

Some CyberArk certifications include:

 CyberArk Certified Delivery Engineer (CCDE)

 CyberArk Certified Defender – Sentry (CCD-S)
 CyberArk Certified Defender – Sentry (CCD-S) + Defender – Sentry (CCD-S) Bundle

19. Describe the importance of CyberArk Certification

Ans:

CyberArk certification is essential for professionals in the field as it validates their expertise in
implementing and managing CyberArk solutions. Certification demonstrates a thorough
understanding of privileged access security concepts and tools, making individuals more
competitive in the job market and trusted by organisations looking to secure their sensitive
information.

20. Explain the best practices for securing privileged Accounts with CyberArk

Ans:

 Regularly update and rotate privileged account credentials.

 Implement strong password policies and multi-factor authentication.
 Monitor and analyse privileged account activity for suspicious behaviour.

Subscribe For Free Demo

Subscribe
21. Describe Integration of CyberArk into DevOps Processes

Ans:

CyberArk can be integrated into DevOps processes to secure and manage privileged credentials
used in automated workflows. Integrating CyberArk with DevOps tools ensures that sensitive
credentials are securely stored, accessed, and rotated within the CI/CD pipeline.

22. Explain the role of CyberArk Conjur in DevOps.

Ans:
CyberArk Conjur plays a crucial role in DevOps by securely managing and rotating secrets, API
keys, and other sensitive credentials used in automated workflows. It provides a centralised
platform for storing and retrieving secrets, ensuring that privileged access within the DevOps
pipeline is controlled and audited.

23. What are the Security Challenges in Cloud Environments?

Ans:

CyberArk addresses security challenges in cloud environments by providing solutions that adapt
to the dynamic nature of cloud infrastructure. It offers comprehensive privileged access
management for cloud resources ensuring that credentials are securely stored, rotated, and
accessed.

24. Considerations for Deploying CyberArk in a Cloud Environment

Ans:

Integration with Cloud Platforms

 Scalability
 Compliance
 Network Connectivity
 Automation

25. Explain the CyberArk’s Role in Incident Response.

Ans:

CyberArk aids in incident response by providing real-time monitoring and alerting capabilities. It
detects anomalous privileged account activity and provides insights into potential security
incidents.

26. What is Multi-Factor Authentication (MFA) Support?

Ans:

Yes, CyberArk supports multi-factor authentication (MFA). Multi-factor authentication adds an

extra layer of security by requiring users to provide multiple forms of identification before
accessing sensitive systems or data.

27. List Emerging Trends in CyberArk and Privileged Access Management

Ans:

 Zero Trust Privilege

 Cloud-Based PAM
 Integration with DevOps
 Behavioural Analytics

28. List the importance of User Training in CyberArk Implementation

Ans:

 Understanding the Platform

 Security Awareness
 Best Practices
 Reducing Human Errors

29. How does CyberArk manage the lifecycle of privileged accounts?

Ans:

 CyberArk facilitates the entire lifecycle of privileged accounts.

 During onboarding, accounts are securely stored in the CyberArk Vault, ensuring that credentials
are protected.
 The platform automates password rotations based on policies, reducing the risk of credential
misuse.

30. Can you explain the role of CyberArk’s Just-In-Time (JIT) Privilege Access?

Ans:

 CyberArk’s JETPrivilege Access minimises the exposure of privileged credentials by granting

temporary, time-limited access to users.
 Instead of having standing privileges, users request access for a specific task or time frame.
 CyberArk verifies the request against policies and approvals before dynamically providing the
necessary privileges.

Join Best CyberArk Certification Course with Global Recognised

Certification
Weekday / Weekend BatchesSee Batch Details

31. How does CyberArk support high availability?

Ans:

CyberArk ensures high availability through a distributed architecture with redundant components.
Vaults, components, and databases can be clustered for fault tolerance. CyberArk also supports
disaster recovery by enabling organisations to replicate Vaults and components across
geographically diverse locations.

32. What ways does CyberArk assist organisations in meeting compliance requirements?

Ans:

CyberArk aids organisations in meeting compliance requirements by providing comprehensive

auditing, reporting, and policy enforcement capabilities. The platform assists in complying with
regulations such as GDPR, HIPAA, and SOX by ensuring secure management of privileged
accounts, maintaining detailed audit logs, and enforcing least privilege access.

33. How does CyberArk address the challenge of credential sprawl ?

Ans:

Credential sprawl, where credentials are scattered across various systems, poses a security risk.
CyberArk addresses this challenge by centralising the management of privileged accounts and
secrets.

34. Explain the process of implementing Privileged Threat Analytics (PTA) in CyberArk.

Ans:

Privileged Threat Analytics (PTA) in CyberArk involves the use of advanced analytics and
machine learning to detect and respond to threats related to privileged accounts.

35. How does CyberArk contribute to securing DevOps process?

Ans:

CyberArk supports DevOps processes by providing Conjur, a solution specifically designed for
DevOps integration. Conjur manages and secures secrets used in automated workflows,
ensuring that sensitive information is protected throughout the CI/CD pipeline.

36. How does CyberArk help organisations enforce the principle of least privilege?

Ans:
CyberArk enforces least privilege by tightly controlling access to privileged accounts,
implementing just-in-time access, and regularly rotating credentials. By providing the minimum
access necessary, organisations can reduce the risk of unauthorised activities.

37. What role does CyberArk play privileged access to such as Industrial Control Systems
(ICS)?

Ans:

CyberArk extends its privileged access management capabilities to critical infrastructure

components, including Industrial Control Systems (ICS).The platform enforces least privilege,
monitors privileged sessions, and ensures that only authorised personnel have the necessary
access to control and manage industrial processes.

38. How does CyberArk stay updated with the latest cybersecurity threats?

Ans:

CyberArk stays informed about the latest cybersecurity threats by actively monitoring the threat
landscape and collaborating with threat intelligence providers. The platform incorporates threat
intelligence feeds into its solutions to enhance its ability to detect and respond to emerging
threats.

39. Elaborate on capabilities of CyberArk with Security Information Event Management

solutions?

Ans:

 CyberArk integrates seamlessly with SIEM solutions, allowing organisations to consolidate

privileged access data into their centralised security monitoring platforms.
 This integration enhances overall security monitoring by providing a holistic view of privileged
account activities.

40. How does it enhance overall security monitoring?

Ans:

SIEM systems can ingest logs and alerts from CyberArk, enabling real-time threat detection,
correlation of security events, and streamlined incident response. The combined capabilities of
CyberArk and SIEM solutions contribute to a more comprehensive and proactive security
posture.

41. Explain the concept of Dynamic Access Management in CyberArk.

Ans:
Dynamic Access Management in CyberArk involves dynamically adjusting access privileges
based on real-time risk assessmentsThis dynamic approach ensures that users have the
necessary access only when required, reducing the risk of privilege misuse and enhancing
overall security.

42. How does CyberArk manage privileged access in hybrid cloud environments?

Ans:

CyberArk provides solutions that seamlessly integrate with hybrid cloud environments.
Organisations can leverage CyberArk to secure and control access to critical resources in their
hybrid environments, enforcing consistent security policies and compliance standards.

43. What role does CyberArk play in securing containerized environments?

Ans:

CyberArk contributes to securing containerized environments by managing and protecting the

privileged accounts associated with containers and container orchestration platforms.

44. How does CyberArk address the challenges of securing privileged access?

Ans:

CyberArk addresses the challenges of securing privileged access in remote work scenarios by
providing secure remote access capabilities.The platform’s ability to enforce policies and monitor
remote privileged sessions contributes to maintaining a secure environment, even in the face of
the increasing trend towards remote work.

45. Elaborate on CyberArk’s capabilities for managing non-human identities?

Ans:

CyberArk manages non-human identities, such as service accounts and application credentials,
through its robust Privileged Account Management features.

46. How does CyberArk assist organisations in securing Big Data environments?

Ans:

CyberArk ensures the security of privileged access in Big Data environments by managing and
securing the credentials associated with Big Data platforms such as Hadoop and Spark.

47. What strategies does CyberArk employ for securing privileged access?

Ans:
CyberArk employs several strategies for securing privileged access in multi-cloud environments.
This includes consistent policy enforcement across different cloud platforms, integration with
cloud provider APIs for secure access management, and the ability to manage and rotate
credentials consistently in diverse cloud environments.

48. How does CyberArk address the challenge of securing privileged access?

Ans:

CyberArk addresses the challenge of securing privileged access in DevOps environments

through its Conjur solution. Conjur integrates with DevOps tools, ensuring that secrets and
credentials used in automated workflows are securely managed.

49. Can you discuss securing privileged access in microservices architectures?

Ans:

CyberArk secures privileged access in microservices architectures by managing secrets and

credentials associated with microservices. Through integrations with container orchestration
platforms and microservices frameworks, CyberArk ensures that each microservice has secure
access to the necessary credentials.

50. How does CyberArk contribute to securing the supply chain?

Ans:

 CyberArk enhances supply chain security by facilitating secure third-party access to privileged
resources.
 Through features like secure remote access and just-in-time access, CyberArk ensures that
third-party vendors obtain temporary and controlled access to the required resources.

51. How does CyberArk handle the challenge of credential sprawl?

Ans:

CyberArk addresses the challenge of credential sprawl by providing a centralised vault for storing
and managing privileged credentials. The platform consolidates credentials, enforces policies for
secure access, and automates the rotation of credentials.
Learn CyberArk Training with In-Depth Course Modules By
Industry Experts
 Instructor-led Sessions

 Real-life Case Studies

 Assignments
Explore Curriculum
52. How will you check in a string that all characters are whitespaces?

Ans:

CyberArk supports the management of privileged access in legacy systems and traditional IT
environments by providing integrations with a wide range of technologies.

53. How CyberArk supports the management of privileged access in legacy systems?

Ans:

CyberArk supports the management of privileged access in legacy systems and traditional IT
environments by providing integrations with a wide range of technologies.

54. How does CyberArk contribute to securing the authentication?

Ans:

CyberArk enhances the security of authentication and authorization processes in web

applications by managing and securing the privileged credentials associated with web servers
and application databases.

55. Elaborate CyberArk’s approach to securing privileged access in critical sectors?

Ans:
In critical sectors like healthcare and finance, CyberArk employs a comprehensive approach to
securing privileged access. This includes enforcing strict access controls, monitoring and
auditing privileged sessions, and ensuring compliance with industry-specific regulations such as
HIPAA and PCI DSS.

56.How does CyberArk assist organisations in automating the diverse IT environments?

Ans:

CyberArk assists organisations in automating the management of privileged access through its
automation-friendly features and robust APIs. The platform allows organisations to
programmatically interact with CyberArk functionalities, enabling the automation of tasks such as
password retrieval, rotation, and policy enforcement.

57. How will you get a space-padded string with the original string left-justified?

Ans:

CyberArk leverages security analytics by applying machine learning algorithms to analyse large
datasets of privileged access activity. The platform identifies patterns indicative of malicious
behaviour, anomalies in user activity, and potential security threats.

58. How does CyberArk protect privileged accounts against credential-based attacks?

Ans:

CyberArk protects privileged accounts against credential-based attacks through features like
password rotation, strong authentication, and session monitoring. The platform automatically
rotates credentials to minimise the impact of compromised passwords.

59. Discuss the role of CyberArk in preventing lateral movement.

Ans:

CyberArk plays a crucial role in preventing lateral movement by controlling and monitoring
privileged access. By monitoring and auditing privileged sessions, CyberArk detects and alerts
on anomalous lateral movement patterns, allowing organisations to respond quickly and mitigate
the risk of unauthorised access to critical systems.

60. How does CyberArk contribute to secure DevSecOps practices.

Ans:
CyberArk contributes to secure DevSecOps practices by providing Conjur, a solution designed
for DevOps integration. Conjur manages and secures secrets used in automated workflows,
ensuring that sensitive information is protected throughout the software development lifecycle.

61. Discuss CyberArk’s role in securing API keys in application development.

Ans:

CyberArk secures API keys and other secrets used in modern application development by
providing a secure vault for managing and rotating these credentials. The platform integrates with
application development frameworks and API management tools, ensuring that sensitive
information is protected throughout the development and deployment process.

62. How does CyberArk assist organisations in meeting regulatory compliance

requirements?

Ans:

CyberArk assists organisations in meeting regulatory compliance requirements by providing

features such as detailed auditing, reporting, and policy enforcement. The platform ensures that
privileged access is managed securely and that organisations can demonstrate compliance with
regulations such as GDPR, HIPAA, and SOX.

63. What is the significance of CyberArk’s Endpoint Privilege Manager?

Ans:

CyberArk’s Endpoint Privilege Manager (EPM) is significant in the context of endpoint security as
it enforces least privilege policies on endpoints. EPM ensures that users and applications have
only the necessary privileges, reducing the risk of privilege escalation and endpoint-related
security incidents.

64. How does CyberArk contribute to threat intelligence-driven security?

Ans:

CyberArk contributes to threat intelligence-driven security by integrating threat intelligence feeds

into its solutions. The platform stays updated on the latest cybersecurity threats by actively
monitoring the threat landscape.

65. What role does CyberArk play in securing the Internet of Things (IoT)?

Ans:
CyberArk contributes to securing IoT devices by managing and securing the privileged accounts
associated with these devices. The platform ensures that access to IoT devices is controlled,
monitored, and audited.

66. How does CyberArk align with the principles of Zero Trust Security?

Ans:

CyberArk aligns with the principles of Zero Trust Security by assuming no inherent trust and
verifying every user and device accessing resources.Features such as just-in-time access,
session isolation, and adaptive access controls support a Zero Trust approach, ensuring that
privileged access is granted based on contextual factors and risk assessments.

67. Explain the concept of CyberArk Threat Response and its role.

Ans:

CyberArk Threat Response is a component within the CyberArk Privileged Access Security
solution that focuses on automating and orchestrating incident response processes. It enables
organisations to quickly respond to security incidents involving privileged accounts.

68. How does CyberArk leverage artificial intelligence (AI) in its solutions?

Ans:

CyberArk leverages artificial intelligence in its solutions by applying machine learning algorithms
to analyse privileged access data. AI enhances threat detection by identifying patterns indicative
of malicious behaviour, anomalies in user activity, and potential security threats.

69. What considerations are important when deploying CyberArk in a cloud environment?

Ans:

When deploying CyberArk in a cloud environment, considerations include integration with

specific cloud platforms, scalability, compliance requirements, network connectivity, and
automation.

70. How does CyberArk assist organisations in achieving GDPR compliance?

Ans:

CyberArk assists organisations in achieving GDPR compliance by securing and managing

access to sensitive data. The platform enforces the principle of least privilege, ensuring that only
authorised users have access to personal data.
71. What is the role of CyberArk Discovery and Assessment in privileged?

Ans:

CyberArk Discovery and Assessment play a vital role in privileged access management
Cyberark Sample Resumes! Download & Edit, Get Noticed by Top Employers!
DOWNLOAD

72. What is the purpose of the CyberArk Privileged Session Manager (PSM)?

Ans:

PSM provides a secure way to monitor, record, and control privileged sessions, allowing
organisations to track and audit activities performed by privileged users.

73. Explain the concept of credential rotation.

Ans:

Credential rotation involves regularly changing passwords for privileged accounts to reduce the
risk of unauthorised access. CyberArk automates this process to enhance security.

74. What is the purpose of the CyberArk Privileged Session Manager (PSM)?

Ans:

PSM provides a secure way to monitor, record, and control privileged sessions, allowing
organisations to track and audit activities performed by privileged users.

75. Explain the concept of credential rotation.

Ans:

Credential rotation involves regularly changing passwords for privileged accounts to reduce the
risk of unauthorised access. CyberArk automates this process to enhance security.

76. Key considerations when implementing CyberArk in an enterprise.

Ans:

Define policies, train users, integrate with existing systems, and regularly audit privileged access.

77. How does CyberArk support high availability and disaster recovery?

Ans:

Provides options for continuous access to privileged accounts during unexpected events.
78. List the Steps CyberArk takes to ensure the security of its platform.

Ans:

Follows best practices:

 Updates solutions
 Undergoes security testing
 Addresses vulnerabilities promptly.

79. Role of CyberArk’s Digital Vault in securing sensitive information.

Ans:

Secures and manages sensitive information beyond privileged account credentials.

 Encryption
 Auditing and Logging
 Lifecycle Management
 Automated Rotation

80. How does CyberArk assist in managing and securing service accounts?

Ans:

 Secure Storage
 Credential Rotation
 Access Control
 Least Privilege Principle
 Monitoring and Auditing
 Session Isolation

81. What is the CyberArk Alero’s purpose in enhancing remote privileged access?

Ans:

CyberArk Alero serves as a secure solution for remote privileged access, specifically designed to
enhance accessibility without compromising security.

82. How does CyberArk manage and secure non-human identities?

Ans:

CyberArk recognizes the significance of securing non-human identities, such as APIs and bots,
which often have privileged access. The solution achieves this through robust credential
management and access control mechanisms.

83. Describe the process of onboarding and offboarding privileged users in CyberArk.
Ans:

Onboarding privileged users in CyberArk involves adding them to the system, defining their roles,
and granting the necessary access privileges. This process includes securely storing their
credentials in the CyberArk Vault.

84. How does CyberArk prevent and respond to credential theft and lateral movement?

Ans:

CyberArk employs a multi-faceted approach to prevent and respond to credential theft and lateral
movement. Credential theft prevention involves secure credential storage, regular rotation, and
the enforcement of least privilege.

85. Explain CyberArk’s role in securing third-party access.

Ans:

CyberArk plays a crucial role in securing third-party access by providing a controlled and
monitored environment for external entities. The solution allows organisations to define and
enforce access policies, ensuring that third parties have access only to the resources necessary
for their tasks.

86. How does CyberArk contribute to a Zero Trust security model?

Ans:

CyberArk aligns with the principles of the Zero Trust security model by assuming a “never trust,
always verify” approach. The solution enforces least privilege, ensuring that users, whether
internal or external, have the minimum access necessary to perform their tasks.

87. Explain Credential Rotation.

Ans:

Credential rotation is the practice of regularly changing passwords or access credentials

associated with privileged accounts. In the context of CyberArk, credential rotation is automated
and ensures that passwords are changed at predefined intervals.

88. Describe privileged Threat Analytics (PTA) Concept.

Ans:

Privileged Threat Analytics (PTA) is a feature in CyberArk that focuses on detecting and
mitigating threats related to privileged accounts. PTA uses advanced analytics and machine
learning algorithms to analyse user behaviour, identify deviations from normal patterns, and
detect potential insider threats or external attacks targeting privileged access.

89. Explain the concept of Just-In-Time Access in CyberArk and its significance.

Ans:

Just-In-Time Access in CyberArk refers to granting temporary, specific privileges to users for a
limited duration. This ensures that users have access only when needed, reducing the risk of
prolonged exposure. It aligns with the principle of least privilege, enhancing security by
minimising the window of vulnerability.

90. How does CyberArk contribute to securing DevOps pipelines?

Ans:

CyberArk secures DevOps pipelines by integrating with CI/CD tools, managing and securing
secrets used in the pipeline, enforcing access controls, and ensuring that security is embedded
throughout the development process. This approach helps in achieving DevSecOps practices.
Here’s a comprehensive overview and explanation of the key components and concepts you
mentioned regarding CyberArk's Privileged Access Security (PAS) solution, along with some
suggested interview questions based on each item.

### 1. Core PAS Components

- **Vault:** The secure database where all sensitive information, including privileged credentials and
session recordings, is stored. It provides high availability and disaster recovery options.

- **PVWA (Privileged Vault Web Access):** The web-based interface that allows users to access and
manage the Vault. It provides user-friendly access to features such as account management and
session initiation.

- **PSM (Privileged Session Manager):** Manages and records privileged sessions to critical systems,
enabling secure access while monitoring and auditing activities.

- **PSMP (Privileged Session Manager Proxy):** Acts as an intermediary for secure access to systems
that require authentication before connecting, such as RDP or SSH sessions.

- **CPM (Central Policy Manager):** Automates the management of privileged passwords, including
rotation, reconciliation, and policy enforcement.
- **PTA (Privileged Threat Analytics):** Monitors user behavior and detects suspicious activities
related to privileged accounts by analyzing user actions against established baselines.

- **SCIM (System for Cross-domain Identity Management):** Used for automated provisioning and
management of user identities across various systems.

- **AAM (Application Access Manager):** Manages and secures application credentials to prevent
hard-coded passwords in applications.

- **Utility:** Tools provided by CyberArk for administrative tasks, maintenance, and configuration,
such as PARestore for safe restoration.

### Suggested Questions:

1. Can you explain the role of each core component in CyberArk's architecture?

2. How does the PVWA enhance user interaction with the Vault?

---

### 2. Managing Internal Users and Groups

- **CyberArk Client:** This is the interface where administrators manage users, groups, and
permissions for accessing the Vault.

### Suggested Question:

1. What steps do you follow to manage internal users and groups within CyberArk?

---

### 3. Default Port for Vault Communication

- **Default Port:** 1858. This port is used for communication between CyberArk components and
the Vault.

### Suggested Question:

1. Why is it important to know the default communication ports in CyberArk?

---

### 4. HTML5 Gateway

**Explanation:** The HTML5 gateway allows secure remote access to target machines through a
web browser, using a WebSocket protocol over port 443. It eliminates the need for traditional RDP
connections.

### Suggested Question:

1. How does the HTML5 gateway enhance security for remote sessions in CyberArk?

---

### 5. Vault User Preference Settings Storage

- **Safes:** User preference settings are stored in safes like `PVWAUserPrefs` and
`PVWAPrivateUserPrefs`.

### Suggested Question:

1. What types of user preferences can be managed in the PVWA, and how are they stored?

---

### 6. Updating License Files

**Process:** The license file is typically updated through the CyberArk management interface or via
command line. The file is stored in a designated safe, usually named `Licenses`.

### Suggested Question:

1. What steps do you take to update the license file in CyberArk?

---
### 7. Vault Failure in AWS

**Response:** If a Vault fails within an AWS region, it’s crucial to have a disaster recovery plan in
place, which may involve restoring from backups or promoting a secondary vault to primary status.

### Suggested Question:

1. What are the key steps in your disaster recovery plan for a CyberArk Vault in AWS?

---

### 8. Distributed Vaults and Satellite Vaults

**Explanation:** Distributed vaults allow organizations to have multiple vaults across different
locations for redundancy and performance. A satellite vault is a smaller, geographically distributed
vault that serves local operations.

### Suggested Question:

1. Can you describe the advantages and challenges of using distributed vaults and satellite vaults?

---

### 9. Definition of a Platform

**Explanation:** In CyberArk, a platform refers to a predefined configuration that defines how

passwords for specific types of accounts are managed, including their rotation policies and
connection methods.

### Suggested Question:

1. How do platforms enhance the management of privileged accounts in CyberArk?

---

### 10. Password Change vs. Reconciliation

**Explanation:** A password change involves updating a password to a new value, while

reconciliation is the process of verifying and restoring a password to its original value if it has been
changed outside of CyberArk.
### Suggested Question:

1. In what scenarios would you use reconciliation instead of a standard password change?

---

### 11. ChangePasswordInResetMode Setting

**Explanation:** This setting allows password changes to be performed via reset mode using a
reconciliation account, useful when the policy restricts users from changing their own passwords.

### Suggested Question:

1. What are the implications of enabling the ChangePasswordInResetMode setting on a platform?

---

### 12. Keys Needed to Start the Vault

**Explanation:** The keys required include the Server Key and the Recovery Keys (Public and
Master).

### Suggested Question:

1. What is the purpose of each key required to start the CyberArk Vault?

---

### 13. Keys Needed to Restore a Vault

**Explanation:** The same keys as starting the Vault are used: Server Key, Recovery Public Key, and
Recovery Master Key.

### Suggested Question:

1. How do the recovery keys ensure the integrity of the vault restoration process?

---
### 14. Changes in Credential File Creation (Version 12.1.1 and Above)

**Explanation:** In version 12.1.1, the process for creating credential files changed to improve
security and integration with modern authentication methods.

### Suggested Question:

1. What specific changes were introduced in version 12.1.1 regarding credential file creation?

---

### 15. Experience Building New Connection Components

**Suggested Question:**

1. Can you share your experience in developing connection components like PgAdmin or SQL
Developer?

---

### 16. AutoIT

**Explanation:** AutoIT is a scripting language designed for automating the Windows GUI and
general scripting tasks, often used in CyberArk for automating interactions with applications.

### Suggested Question:

1. How have you utilized AutoIT in your CyberArk implementations?

---

### 17. PSMConnect and PSMAdminConnect Accounts

**Explanation:** These are specialized accounts used to establish connections through PSM.
PSMConnect is for standard user sessions, while PSMAdminConnect is for administrative access.

### Suggested Question:

1. What are the roles of PSMConnect and PSMAdminConnect in session management?

---

### 18. PSM Shadow Users

**Explanation:** Shadow users are temporary user accounts created by PSM to track and manage
privileged sessions. They allow monitoring of activities without exposing actual user credentials.

### Suggested Question:

1. How do shadow users enhance security in privileged session management?

---

### 19. Default Duration of Shadow User Profiles

**Duration:** By default, a shadow user profile remains on the PSM for 30 days.

### Suggested Question:

1. What considerations should be made regarding the retention of shadow user profiles?

---

### 20. PMTerminal and TPC

**Explanation:** PMTerminal was an engine for developing CPM plugins for terminal devices, while
TPC is its modern successor, offering improved functionality and security.

### Suggested Question:

1. Can you explain the transition from PMTerminal to TPC and its impact on plugin development?

---

### 21. Issues with PAS 11.3 Related to CPM Engines

**Explanation:** The introduction of CPM engine signing led to issues where expired certificates
could cause the engines to stop functioning, necessitating careful certificate management.
### Suggested Question:

1. How did you address the certificate expiration issue with CPM engines in version 11.3?

---

### 22. Restoring a Safe

**Process:** Use the PARestore utility to restore a safe from backup. You would need appropriate
permissions and backup files.

### Suggested Question:

1. What steps do you take to restore a safe, and what tools are involved?

---

### 23. Restoring All Safes

**Process:** Use both PARestore and CAVaultManager utilities to restore all safes in the vault.

### Suggested Question:

1. How do you ensure the integrity of all safes during a restoration process?

---

### 24. PSM Connection Components Without Shadow Users

**Question:**

1. Are you aware of any PSM connection components that do not utilize shadow users? If so, can you
provide examples?

---

### 25. TSParm.ini File

**Explanation:** This file contains directories where safe databases can be stored, helping to
manage storage configurations.

### Suggested Question:

1. What configurations can be found in the TSParm.ini file, and why are they important?

---

### 26. DBParm.ini File

**Explanation:** This file includes general parameters for the Vault database, such as syslog and
RADIUS information, crucial for configuration and integration.

### Suggested Question:

1. How do the parameters in the DBParm.ini file affect the overall functionality of the CyberArk
Vault?

---

### 27. PSM Connector Examples

**Examples:** Common PSM connectors include Putty and WinSCP. These facilitate connections to
target systems using specific protocols.

### Suggested Question:

1. Can you describe how PSM connectors like Putty enhance the user experience when managing
privileged sessions?

---

### 28. Enabling Debug on a Platform

**Process:** If a platform supports it, debugging can typically be enabled through the PVWA or by
modifying the platform's configuration files.

### Suggested Question:

1. What steps do you take to enable debugging on a platform, and what information can it provide?

---

### 29. PVWA Logs Location

**Location:** Logs can be found at `C:\Windows\Temp\PVWA`.

### Suggested Question:

1. What types of information are recorded in the PVWA logs, and how

 PSM Architecture:

 Can you explain the architecture of PSM and how it integrates with other CyberArk
components like PVWA and CPM? What roles do each of these components play in
session management?

 Session Recording:

 How does PSM handle session recording, and what are the key features of this
functionality? How do you ensure that recorded sessions are secure and compliant
with regulations?

 Shadow Users:

 What are PSM shadow users, and how do they enhance session security? Can you
describe a scenario where shadow users are beneficial?

 Connection Types:

 What types of connections does PSM support (e.g., RDP, SSH, HTTP)? How would
you configure PSM to support a new connection type not currently in use?

 Session Control:

 Describe the different methods for controlling privileged sessions using PSM. How do
you implement dual control and object-level access control?

 Troubleshooting PSM:

 If a user reports that they cannot access a server via PSM, what troubleshooting steps
would you take? What logs would you check?

 Security Policies:
 What security policies can be enforced through PSM? Can you provide examples of
how these policies mitigate risks associated with privileged access?

 Performance Optimization:

 What considerations do you have for optimizing the performance of PSM in a large
environment? How do you monitor and address performance issues?

 Failover Mechanism:

 How does PSM handle failover in a High Availability (HA) setup? What steps do you
take to ensure minimal disruption during a failover event?

 Session Timeout:

 How can session timeout settings be configured in PSM? What factors would you
consider when determining appropriate timeout values?