To manage automated onboarding rules, a CyberArk user must be a member of which group?
Correct Answer: A
Explanation To manage automated onboarding rules in CyberArk, a user must be a member of the Vault Admins group. This group has the necessary permissions to create and manage predefined rules that automatically onboard newly discovered accounts, which helps minimize the time it takes to onboard and securely manage accounts, reduces the time spent on reviewing pending accounts, and prevents human errors that may occur during manual onboarding1. References: * CyberArk's official documentation on onboarding rules provides detailed information on the groups required to manage these rules, including the Vault Admins group1.
Question 17
To enable the Automatic response "Add to Pending" within PTA when unmanaged credentials are found, what are the minimum permissions required by PTAUser for the PasswordManager_pending safe?
Correct Answer: A
Explanation To enable the automatic response "Add to Pending" within PTA when unmanaged credentials are found, the PTAUser needs to have the minimum permissions for the PasswordManager_pending safe as follows: * List Accounts: This permission allows the PTAUser to view the accounts in the safe and their properties. * View Safe members: This permission allows the PTAUser to view the members of the safe and their authorizations. * Add accounts (includes update properties): This permission allows the PTAUser to add new accounts to the safe and update their properties, such as name, address, platform, and policy. * Update Account content: This permission allows the PTAUser to update the password of the accounts in the safe. * Update Account properties: This permission allows the PTAUser to update the properties of the existing accounts in the safe, such as name, address, platform, and policy. These permissions are required for the PTAUser to be able to detect unmanaged privileged accounts and add them to the pending accounts queue in the PasswordManager_pending safe. The PTAUser also needs to have the same permissions for the PasswordManager_reconcile safe to enable the automatic response "Reconcile credentials" for suspicious password change events. References: Configure PTA Remediations, Safe Member Authorizations
SAFE Authorizations may be granted to____________. Select all that apply.
Correct Answer: A,B,C,D
Question 20
The primary purpose of exclusive accounts is to ensure non-repudiation (Individual accountability).
Correct Answer: A
Explanation The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability). Exclusive accounts are accounts that can only be used by one user at a time, and are locked during usage. This means that no other user can access the same account until the current user releases it or the session expires. By using exclusive accounts, the organization can enforce individual accountability and traceability for the actions performed on the target systems. Exclusive accounts also reduce the risk of credential theft and unauthorized access, as the passwords are changed every time they are retrieved by a user1. Exclusive accounts can be configured in the Master Policy under the Password Management section, by enabling the Exclusive Access rule2. References: * 1: The Master Policy, One Time Password subsection * 2: The Master Policy, Exclusive Access subsection