cyberark sentry exam 2023 with 100 correct answers
Geschreven voor
CyberArk Sentry
CyberArk Sentry
Verkoper
Volgen
YANCHY
Ontvangen beoordelingen
Voorbeeld van de inhoud
CyberArk Sentry Exam
Core Privileged Access Security (PAS) Components correct answerEPV + PSM +PTA
Enterprise Password Vault (EPV) = correct answerDigital Vault + PVWA + CPM
EPV correct answerEnterprise Password Vault
Enterprise Password Vault correct answerA hardened and secured digital vault used to store privileged account information.
CPM correct answerCentral Policy Manager
Central Policy Manager correct answerPerforms password changes and SSH key rotations on devices based on the policies set by Vault Administrators.
PVWA correct answerPassword Vault Web Access
Password Vault Web Access correct answerThe web interface used by Administrators to perform administrative tasks and by end users to gain access to privileged account information.
PSM correct answerPrivileged Session Management
Privileged Session Management correct answerPrevent cyber attacks by isolating desktops from sensitive target machines. Creates accountability and control over privileged session access with policies, workflows, and privileged single sign on. Delivers continuous monitoring and compliance with session recordings with zero footprint on target machines.
CPM and PVWA Information Exchange correct answerDo not exchange policy information directly. Policy
changes are saved to the Vault. Each component refreshes its local cache of policies via the VPN. PVWA/CPM Port correct answerTCP/443
Possible Reasons for Multiple CPMs correct answerIsolated network segments
WAN link latency
Scalability
Eight Security Controls of CyberArk correct answer1. Isolate and harden the digital vault server
2. Use 2-factor authentication 3. Restrict access to component servers
4. Limit privileges and points of administration
5. Protect sensitive accounts and encryption keys
6. Use secure protocols
7. Monitor logs for irregularities
8. Create and periodically test a DR plan
What types of attacks does isolating the digital vault server protect against? correct answerPass-the-
hash and golden ticket (leverage Kerberos protocol)
Principles of Isolating and Hardening the Digital Vault Server correct answer1. Not be and never have been a member of a Windows domain
2. No third-party software
3. Network traffic is restricted to CyberArk protocols
4. Physical servers
What types of attacks does two-factor authentication protect against? correct answerKey loggers or more advanced tools that are capable of harvesting plaintext passwords
Principles of Restricting Access to Component Servers correct answer1. Consider installing each one on a
dedicated physical server 2. Consider installing on workgroup rather than domain joined servers
3. Do not install non-CyberArk applications on the component servers
4. Limit the accounts that can access component servers and ensure that any domain accounts used to access CyberArk servers are unable to access domain controllers 5. Use network-based firewalls and IPsec to restrict, encrypt, and authenticate inbound administrative traffic
6. Use the PSM and the local admin account to access component servers
7. Deploy application whitelisting and limit execution to authorized applications
Why do you limit the number of privileged accounts and the extent of their privileges? correct answerReduces the overall privileged account attack surface.
Principles of Limiting Privileges and Points of Administration correct answer1. Reduce privileges of CyberArk admin accounts
2. Eliminate unnecessary CyberArk admin accounts
3. CyberArk admins should not have access to all credentials
4. Require privilege elevation (Dual Control/Ticketing Integration)
5. Use the PSM to isolate and monitor CyberArk administration
6. Require 2-factor authentication for all avenues of admin access
CyberArk Internal Admin Accounts correct answerAdministrator account
Master user account
Vault Encryption Keys correct answerOperator Key
Master Key
Operator Key correct answerVault encryption key used for runtime encryption tasks
Master Key correct answerVault encryption key used for recovery operations Principles of Protecting Sensitive Accounts and Encryption Keys correct answer1. Use the Microsoft Windows Password Reset Disk utility prior to installing the vault, and store the Local Admin account password in a physical safe on a USB drive
2. Store the Master Password separately from the Master Key and each should be assigned to different entities within an organization
3. Store the Master Key and Password in a physical safe
4. Do not store the Operator Key on the same media as the data (use an HSM)
Principles of Using Secure Protocols correct answer1. HTTPs for the PVWA
2. LDAPs for Vault-LDAP integration and CPM Windows scans
3. RDP/TLS for connections to the PSM and from PSM to target machines
4. SSH (instead of telnet) for password management
Principles for Monitoring Logs for Irregularities correct answer1. Aggregate CyberArk logs within your SIEM
2. Monitor and alert upon excessive authentication failures, logins to the Vault server OS, and logins as Admin or Master
3. Consider implementing PTA
Is it ok to join the Digital Vault to an Active Directory Domain? correct answerNo. It can lead to the following: pass-the-hash attack, golden ticket attack, malicious or accidental changes in domain GPO, attacks through open firewall ports, increased operational risk due to enablement of unnecessary services.
Why does CyberArk prohibit the installation of anti-virus and other agents on the Digital Vault? correct answerVulnerability due to opened firewall ports.
Why should you store the Operator Key on the HSM? correct answerIf the Server Key is stored on the local file system of the Digital Vault, it puts the system at risk. If an attacker were to gain access to the operating system, Server Key, and encrypted data, it would be possible for the attacker to reverse engineer the encryption process and gain access to Digital Vault data.
CyberArk Proprietary Protocol or VPN Port correct answerTCP1858
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
√ Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, Bancontact of creditcard voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper YANCHY. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €20,21. Je zit daarna nergens aan vast.
