Sunday, April 12, 2020

CyberArk Exam Questions

Q1. What is CyberArk?
CyberArk is an information security company offering Privileged Account Security. The company’s technology is utilized primarily in the financial services, energy, retail and healthcare markets.
Q2. What is CyberArk viewfinity?
CyberArk Viewfinity with enhanced protection is now CyberArk Endpoint Privilege Manager. Enforcing privilege security on the endpoint is a fundamental part of your security program.


Q3. What Are The Primary Functions Of Cyberark?
CyberArk Enterprise Password Vault, an element of the CyberArk Privileged Account Security Solution, has been designed to discover, secure, rotate and control access to confidential account passwords used to access any system throughout the organization in its Information Technology environment.
Q4. What is identity and access management?
Identity management, also known as identity and access management (IAM) is, in computer security, the security and business discipline that “enables the right individuals to access the right resources at the right times and for the right reasons”.
Q5. What is viewfinity used for?
Viewfinity is a suite of integrated management tools that simplify the processes involved in privilege management, enabling administrators to more effectively protect PCs from unauthorized use and providing granular control over who can do what on servers and endpoints across the enterprise.
Q6. How Does Its Security Work?
CyberArk Digital Vault, also known as the Enterprise Password Vault (EPV) uses multiple layers of encryption to provide maximum security for contents of each and every single safe. Each file within a safe is encrypted with a unique file encryption key and are stored within the safe and encrypted with a different safe encryption key which is unique to the safe. The safe encryption keys are then stored within the vault and are encrypted with a unique vault encryption key. All of these keys are delivered only to those users who have the appropriate access rights. Administrators classify access to safes and data within the safes so that users must be manually confirmed by a Safe Supervisor before they can access the safe along with its contents.
Q7. What Do You Understand By Privileged Account Security?
Privileged identity management (PIM) is a field which focuses on the special requirements of influential and powerful accounts within the IT infrastructure of an organization.
Q8. To create a PIM policy, what need to be done ?
We should Create CPM Policy, PIM Policy, and Create a PSM connection component & enable the PSM if needed
Q9. What is BYOC?
Bring Your Own Client
Q10. What CyberArk’s modules responsible for recording session?
PSM
Q11. How Many Times We Can Increase The Access To Wrong Password Count?
Maximum 99 times only.
Q12. What Should A Specific User Have To Get Access To A Specific Safe?
A specific user must have the safe ownership to get access to the specific safe.
Q13. If CyberArk vault user changed his Active Directory password what will happened with his CyberArk account
Nothing will happen, If CyberArk uses LDAP authentication
Q14. Which Component used on all Cyberark solutions?
CyberArk Vault
Q15. What are capabilities of PSM for SSH ?
PSM for SSH has the capability of Video recording, Command recording
Q16. What CyberArk PSM has web form capability means ?
CyberArk PSM has web form capability means, With a set of conditions, PSM connector can be integrated into web based application. By default PSM web capability only covers html login page with form id, input form for user/password and button name attribute
Q17. What are the steps required to register a privilege account to CyberArk PIMS using PVWA 
Inorder to register to a priviliege accout we need to:
1.Create safe & define safe owner
2.Create PIM Policy
3.Create CPM & PSM Policy
4.Add account with its properties (username, password, address etc)
Q18. What are the CyberArk Vault protection layers 
Following are the CyberArk Vault Protection Layers:
1.Firewall & Code-Data Isolation
2.Encryted Network Communication & Visual Security Audit Trail
3.Strong Authentication & Granular Access Control
4.File Encryption & Dual Control Security
Q19. What you need to have to enable auto password reconciliation policy?
Following should enable for auto password reconciliation policy in cyberark
Enable Password reconciliation for specific policy
Additional account on target server with sufficient rights
Automatic password verification shoud enable
Enable password reconciliation when password is unsync
Q20. What are User Directories that are supported by CyberArk?
User Directories that support CyberArk are:
Active Directory
Oracle Internet Directory
Novell eDirectory
IBM Tivoli DS
Q21. How CyberArk Vault can be managed?
CyberArk Vault can be managed using PrivateArk Client, PrivateArk Web Client, and Private Vault Web Access
Q22. What are Authentication schemes supported by CyberArk Vault ?
Here are teh authentication schemes that are suppored by CyberArk vault – LDAP, Radius, PKI

CyberArk Technical Interview Questions

How many times wrong Password count access suspension can be increased?
Ans: Upto: 99
To allow specific user to access a specific safe the user need to have
Ans: Safe ownership
What's the minimum password complexity required for CyberArk authentication using internal CyberArk scheme?
Ans: There should be Minimum one lowerchase alphabet character, one uppercase alphabet character, one numeric character
To create a PIM policy, what need to be done ?
Ans:  We should Create CPM Policy, PIM Policy, and Create a PSM connection component & enable the PSM if needed
CyberArk can manage following Database's password
  1. MySQL
  2. DB2
  3. MS SQL
  4. Oracle DB
  5. All of above
Ans: All of above
User with sufficient rights can do _____________ about the privilege account registered
  • Use the privilege account to directly connect to target system by clicking on connect button
  • Copy the password for other usage
  • Change the password by clicking on change button
  • Verify the password by clicking on verify button
What is BYOC? 
Ans: Bring Your Own Client
_________ CyberArk's modules responsible for recording session
Ans: PSM
If CyberArk vault user changed his Active Directory password what will happened with his CyberArk account
Ans: Nothing will happen, If CyberArk uses LDAP authentication
Which Component used on all Cyberark solutions?
Ans: CyberArk Vault

What are the CyberArk Vault protection layers :
Ans: Following are the CyberArk Vault Protection Layers:
  • Firewall & Code-Data Isolation
  • Encryted Network Communication & Visual Security Audit Trail
  • Strong Authentication & Granular Access Control
  • File Encryption & Dual Control Security
About privilege account request/approval or also known as dual control, which following statement is false
  • Requester will receive email notification upon approval
  • Approvals is working in hierarchy
  • Request can be set for a specific time & date
  • Approvals is working in minimum number of approvers
  • Maximum request access for 5 consecutive days
Ans: Approvals is working in hierarchy
CyberArk's PIM stands for :
Ans: Privilege Identity Management
Online CyberArk Training
Can CyberArk change password in a text file?
Ans: Yes, if it is in plaintext or encrypted using known encryption algorithm
IS CyberArk PSM has web form capability?
Ans: Yes
What you need to have to enable auto password reconciliation policy?
Ans: Following should enable for auto password reconciliation policy in cyberark
  • Enable Password reconciliation for specific policy
  • Additional account on target server with sufficient rights
  • Automatic password verification shoud enable
  • Enable password reconciliation when password is unsync

CyberArk Technical Interview Questions

What are User Directories that are supported by CyberArk?
Ans: User Directories that support CyberArk are:
  • Active Directory
  • Oracle Internet Directory
  • Novell eDirectory
  • IBM Tivoli DS
Bring Your Own Clients means
Ans: Bring Your Own Clients means
  • You can use any client to access target system if PSM enabled
  • PSM is flexible
  • CyberArk PSM covers more target system type other than others
Does OpenSSL heartbleed bug affecting CyberArk Vault ?
Ans: No, on all vesion
What are capabilities of PSM for SSH ?
Ans: PSM for SSH has the capability of Video recording, Command recording
What CyberArk PSM has web form capability means ?
Ans: CyberArk PSM has web form capability means, With a set of conditions, PSM connector can be integrated into web based application. By default PSM web capability only covers html login page with form id, input form for user/password and button name attribute
If PSM enabled for a specific policy, auditor user can terminate remote session currently active
Ans: Yes
What is the shortest time CPM can be configured to change password after each usage
Ans: 1 minute
Password management doesn't consists of ____________ action
Ans: ENE integration
How CyberArk Vault can be managed?
Ans: CyberArk Vault can be managed using PrivateArk Client, PrivateArk Web Client, and Private Vault Web Access
What is CyberArk Vault Dual Control ?
  • Confirmation needed to open a safe
  • Confirmation needed to retrieve files
  • Confirmation needed to open a safe and to retrieve files
  • At least 1 safe owner who are authorized to confirm request
  • All of above
Ans: Confirmation needed to open a safe
How long CyberArk Vault will kept deleted object until it reach true deletion stage ?
Ans: 30 days
What are User Accounts Enabled by Default?
  • Administrator
  • Auditor
  • Master
  • Backup
  • None of above
Ans: Administrator
How to release user suspension?
Ans: To release user suspension --> Need to login using administrator account and activate the account.
BYOC applicable to which module ?
Ans: PSM
Which module used to replicate vault at production site to disaster recovery site ?
Ans: DR Module
What are the steps required to register a privilege account to CyberArk PIMS using PVWA :
Ans: Inorder to register to a priviliege accout we need to:
  • Create safe & define safe owner
  • Create PIM Policy
  • Create CPM & PSM Policy
  • Add account with its properties (username, password, address etc)

CyberArk Exam Questions

CyberArk Vault access control can be defined by
Ans: Safe, Folder, Object
Why PrivateArk Web Client limited only to Internet Explorer
Ans: Because it uses ActiveX
Mention 3 pilars of CYberArk solutions 
Ans: PIMS, SIMS & PSMS
Which CyberArk's module is responsible for changing password
Ans: CPM
If a User was suspended, who is the user that able to revoke the suspension ?
Ans: Administrator
If a password request got approved why only notification sent to requester but not the password for the target system itself ?
Ans: Because of its Security concern, Email can be eavesdropped, Email can be redirected, Email may not be not secure.
What is ENE integration
Ans: CyberArk email notification integration with existing email system
By default user will be suspended to login to the vault after entering ... times of wrong password
Ans: 5 times
Inorder to enable LDAP user authentication which need to be configured
Ans: Directory mapping
What need to be done to enable PSM for a policy
Ans:  We need to enable PSM option on specified policy, and need to add required PSM connection component
Can CyberArk can manage Facebook password & record Facebook session?
Ans: Yes
What are Authentication schemes supported by CyberArk Vault ?
Ans: Here are teh authentication schemes that are suppored by CyberArk vault - LDAP, Radius, PKI
What are the reasons for CyberArk vault user login access denied?
Ans: Wrong password, Wrong username, User suspension, Wrong authentication mode

No comments:

YouTube Channel