Within the Vault each password is encrypted by:
Correct Answer:D
According to the web search results, within the Vault each password is encrypted by its own unique key. This key is generated by the Vault when the password is added to the Vault and is stored in the Vault’s database. The password key is encrypted by the safe key, which is the key of the safe that contains the password. The safe key is encrypted by the server key, which is the key that opens the Vault. The server key is encrypted by the public recovery key, which is part of the asymmetric recovery key that enables the Master User to log on to the Vault in case of a disaster. This layered encryption scheme ensures that each password is protected by multiple keys and that no single key can compromise the security of the Vault
What is the name of the Platform parameters that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy?
Correct Answer:A
The name of the Platform parameter that controls how long a password will stay valid when One Time Passwords are enabled via the Master Policy is Min Validity Period. This parameter defines the number of minutes to wait from the last retrieval of the account until it is replaced. This gives the user a minimum period to be able to use the password before it is changed by the CPM. The Min Validity Period parameter can be configured in the Platform Management settings for each platform that supports One Time Passwords. The default value is 60 minutes, but it can be modified according to the organization’s security policy1. The Min Validity Period parameter is also used to release exclusive accounts automatically1. References:
✑ 1: Privileged Account Management, Min Validity Period subsection
Which PTA sensors are required to detect suspected credential theft?
Correct Answer:B
Suspected credential theft is a detection that PTA reports when a user connects to a machine or a cloud service without first retrieving the required credentials from the Vault. To detect this event, PTA requires the following sensors:
✑ Logs: This sensor collects log data from various sources, such as SIEM, Unix, AWS, and Azure, and forwards it to the PTA Server for analysis.
✑ Network Sensor: This sensor taps the network and collects network traffic data, which is used by the PTA Server to run deep packet inspection algorithms and detect cyber attacks, such as PAC, OverPass the Hash, and Golden Ticket.
✑ Vault Logs: This sensor collects log data from the Vault and forwards it to the PTA Server for analysis. The Vault logs contain information about the users’ activities in the Vault, such as password retrieval, session initiation, and audit records.
References: What Detections Does PTA Report?, PTA Network Sensors
How does the Vault administrator apply a new license file?
Correct Answer:C
According to the CyberArk Defender PAM documentation1, the Vault administrator can apply a new license file by uploading the license.xml file to the Vault Internal Safe and restarting the PrivateArk Server service. The Vault Internal Safe is a special Safe that contains the Vault configuration files, including the license file. The Vault administrator can access this Safe from the PrivateArk Client and replace the existing license file with the new one. After that, the Vault administrator must restart the PrivateArk Server service for the changes to take effect. This procedure can be done either from the Vault machine or from a remote machine. References:
✑ Manage the CyberArk License - CyberArk
A newly created platform allows users to access a Linux endpoint. When users click to connect, nothing happens.
Which piece of the platform is missing?
Correct Answer:A
A platform is a set of parameters that defines how CyberArk manages passwords and sessions for a specific type of account or system. To allow users to access a Linux endpoint, the platform needs to have a PSM-SSH connection component, which enables transparent connections to Linux machines using the SSH protocol. The PSM-SSH connection component is configured in the Master Policy and defines the settings for the PSM connection, such as the port, the authentication method, and the terminal type. If the platform is missing the PSM-SSH connection component, the users will not be able to click to connect to the Linux endpoint. References: Connection Components, PSM-SSH Connection Component