chapter 8 Flashcards

(21 cards)

1
Q

Accessing and Using Accounts

Users who have (blank) and retrieve account permissions are able to click on Show and Copy

  • Users who have (blank) and (blank) account permissions are able to click on Connect
  • CyberArk PAM provides advanced workflows on top of these permissions to determine how users can access accounts and for how long
A

list

list
use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

the allow EPV transparent connections ‘click to connect’ option which is under privileged access workflows which is a part of the master policy, does what?

A

provided corporate level control over user’ ability to view passwords or launch privileged sessions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Allow Transparent Connections:
Advanced Settings

By clicking the Edit settings button, we can see that the following options are the default

connect transparently using privileged accounts

view passwords

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

require users to specify reason for access

by default, the option under privileged account workflows, “require users to specify reason for access” is (blank)

A

inactive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

the setting: require users to specify reason for access option can have pre-defined responses which are set at the (blank) level

In the Privileged Account Request
section for a given Platform, we can
add the Predefined Reasons to
create a list of choices for our users
when accessing a password in the
PVWA

A

platform

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

the option: require dual control password access approval - requires end users to get authorization before accessing privileged accounts.

Depending on the configuration, authorization must be given by one or more managers or peers

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dual Control – Safe Membership

Dual Control is controlled
through Safe membership

  • (type of user) are the people who want to use the privileged accounts. They need the permissions Use (and/or Retrieve) and List
  • Approvers accept or reject requests to privileged accounts but generally do not use the accounts. They will need (blank) and (blank)
    permissions to see and allow usage of the password
A

requestors

list
authorize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

when a requestor requires a connection to a system that has dual control enabled, he will need to submit a request and provide the reason for the request, and the time frame he needs access. He will see which users or groups need to provide the access

how is the approver notified?

A

email from the PVWA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If we setup more than one group with approver permissions, at least one person (blank)
must approve the request before the requester can use the password

A

from each group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dual Control:
Advanced Settings

In the advanced settings for Dual Control, we can enable a multi-level approval process

  • With a multi-level process, a request must first be approved by one group before it is forwarded for approval to another group
  • Also in advanced settings, we can enable direct manager approval, determined by the
    Manager attribute on the requester’s AD user object

Selecting “(number)” in number of confirmers
could lead to requests being unnecessarily
delayed if certain users are out of office or
otherwise unavailable.

A

all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what does the enforce check in/check out exclusive access do?

A

When applied, only one user will be able to
access and use an account at any given
time.
When a user checks-out an account, it is
LOCKED and cannot be retrieved by other
users until it is checked-in

REMEMBER: By default, the password can only be
released by the owner of the lock or by an administrator who has the rights to force a
password release

If another user attempts to access the password, the status will appear with a lock button, indicating that it is locked by the
first user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

After accessing the account (using Show or
Connect), the user will have the “(blank)” option
to unlock the account and make it available to
other users.

A

check in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

exclusive password - manual check in

what happens when a user checks in the account?

the password will be scheduled for an immediate change by the (system)

A

cpm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Exclusive Password – Auto Release

Beginning with CyberArk PAM version 11.7, the (blank) can automatically release an account after the user closes the session

A

psm

this is configured at the platform level under privileged session management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

One-time passwords are enabled in the (blank blank)

  • It is possible for multiple users to access the same account simultaneously
  • The password will be changed based on MinValidityPeriod, as configured in the Platform
A

master policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

platform configuration

under target account platform>automatic password management>privileged account management

  • A (property) of 60 means that the password will be changed 60 minutes after it is accessed
  • During that time, other users can access the password
  • The (same property) should provide enough time for a user to make use of the password
A

MinValidityPeriod

MinValidityPeriod

17
Q

If Exclusive access and One-Time Password are
enabled for the same Platform, the password will be marked for change (blank) minutes (by default) after it is used.

This keeps the password exclusive, but enables
automatic release.

18
Q

When using check-in/check-out exclusive access or one-time password access with Dual Control,
the password will only be changed after the time frame has expired

19
Q

(password type) - When a user accesses a password, the account is locked and no other user can access the password until it has been released.

  • Password is changed
    automatically upon manual release
  • In later versions, the password can be auto-released by the PSM
A

exclusive passwords

20
Q

(type of password)

After a user accesses a
password, it is changed
automatically based on the minimum validity period
* Multiple users can access the password simultaneously
* Minimum validity period is reset as each user accesses the password

A

one-time passwords

21
Q

Exclusive and One-time Passwords Combined

Account is locked to a single user, no other user can access it
* If the user does not release the account manually, the system will release it automatically based on the Minimum validity period and change the password