Q1) What are the primary functions of CyberArk?

Ans: CyberArk Enterprise Password Vault, an element of the CyberArk Privileged Account

Security Solution, has been designed to discover, secure, rotate and control access to confidential
account passwords used to access any system throughout the organization in its Information
Technology environment.

Q2) How does its security work?

Ans: CyberArk’s Digital Vault, also known as the Enterprise Password Vault (EPV) uses
multiple layers of encryption to provide maximum security for contents of each and every single
safe. Each file within a safe is encrypted with a unique file encryption key and are stored within
the safe and encrypted with a different safe encryption key which is unique to the safe. The safe
encryption keys are then stored within the vault and are encrypted with a unique vault encryption
key. All of these keys are delivered only to those users who have the appropriate access rights.
Administrators classify access to safes and data within the safes so that users must be manually
confirmed by a Safe Supervisor before they can access the safe along with its contents

Q3) What do you understand by CyberArk viewfinity?

Ans: CyberArk Viewfinity equips organizations to impose the least privilege policies for
business and system administrators while elevates the privileges when needed to run authorized
applications. This reduces the attack surface, minimize accidental or intentional damage to
endpoints and servers, and segregate administrative duties on Servers. Complementary
application controls prevent malicious applications from infiltrating the environment while
allowing unknown applications to run in a safe mode. 

Q4) What do you understand by privileged account security?

Ans: Privileged identity management (PIM) is a field which focuses on the special requirements
of influential and powerful accounts within the IT infrastructure of an organization.

Q5) Define a privileged user?

Ans: A privileged user is a user of a particular system who, by virtue of occupation and/or
seniority, has been designated powers within the computer system, which are considerably
greater than those available to the majority of users. For e.g. cloud server managers, Systems
administrators, Application or database administrators and some Applications which themselves
use privileged accounts to correspond with other applications, scripts, databases, web services
and more. These accounts are often ignored and are exposed to significant risk, as their
credentials are hardcoded and static. Hackers can easily get access to these attack points to
escalate privileged access throughout the organization.

Q6) What do you understand by identity and privilege management?

Ans: Privileged identity management (PIM) is to keep an eye on for protection of superuser
accounts in an organization's IT environments. Supervising is necessary so that the higher access
abilities of super control accounts are not misused or abused by intruders.

Q7) Why Choose the CyberArk Privileged Account Security Solution?

Ans: CyberArk is the only organization that can provide full protection from advanced and
insider attacks to diminish the risks and meet high standards in compliance managements.
CyberArk has been installed in large scale organizations and virtual environments, solving more
privileged account security challenges than any other application. CyberArk supports the vast
number of devices on-premises and cloud environments. CyberArk is the only organization with
a native solution that provides full credentials to protection, session security, least privilege and
application control, and continuous overseeing to rapidly detect threats and report on privileged
account activities.
 
Q8) How many times we can increase the access to wrong Password count?
Ans: Maximum 99 times only.

Q9) What should a specific user have to get access to a specific safe?
Ans: A specific user must have safe ownership to get access to the specific safe.

Q10) What’s the password complexity required in CyberArk authentication using internal
CyberArk scheme?
Ans: There should be one minimum lowercase alphabet character with one uppercase alphabet
character and one numeric character to generate a password in CyberArk authentication using
internal CyberArk scheme.

Q11) What do you understand by PrivateArk Client?

Ans: The PrivateArk Client is a standard Windows application which is used as the
administrative client for the PAS Solution. The Client can be deployed on multiple remote
computers and can access the Enterprise Password Vault via LAN, WAN, or the Internet through
the Web version of the client. From this interface, the users define a vault hierarchy and create
safes. Access to the Enterprise Password Vault via the PrivateArk Client requires a user to be
validated by the Digital Vault. 

Q12) What is PrivateArk Vault Command Line Interface?

Ans: The PrivateArk Vault Command Line Interface (PACLI) enables the users to access the
PAS Solution from any location using fully automated scripts, in a command-line environment.
Users accessing the PAS solution via the PACLI have access to the limited interface for
management, control, and audit features. PACLI is not incorporated in the evaluated version of
the TOE
Q13) What are the CyberArk Vault protection layers?
Ans: Following are the CyberArk Vault Protection Layers:
 Firewall & Code Data Isolation
 Encrypted Network Communication & Visual Security Audit Trail
 Strong Authentication & Granular Access Control
 File Encryption & Dual Control Security.

Q14) What is Password Vault Web Access (PVWA) Interface?

Ans: The Password Vault Web Access Interface is a complete-featured web interface providing
a single console for requesting, accessing, and managing privileged account credentials passed
throughout the enterprise by both end-users and system administrators. PVWA’s dashboard
facilitates users to get an overview of the activities in PAS Solution, as well as getting insights
about all the activities that have taken place. 

Q15) What is Privileged Session Manager SSH Proxy (PSMP)?

Ans: The PSMP is a Linux-based application similar to the PSM. The only difference is that it
acts as a proxy for SSH13 enabled devices. PSMP controls access to privileged sessions and
initiates SSH connections to remote devices on behalf of the user without the need to reveal SSH
credentials. PSMP records the text-based sessions which are stored in the EPV, later to be
viewed by an authorized auditor. Unique to the PSMP is single sign-in capabilities allowing
users to connect to target devices without exposing the privileged connection password. 

Q16) What is Central Policy Manager (CPM)?

Ans: The Central Policy Manager automatically imposes the organizational security policy by
routinely changing passwords on remote machines and storing the new passwords in the
Enterprise Password Vault, all without any human interaction. The CPM  has been designed to
be capable of generating new random passwords and replacing existing passwords on remote
machines and saving the new passwords in the Enterprise Password Vault. Passwords monitored
and generated by the CPM conform to the Master Policy created by the organization.
Administrators will be notified via the PVWA when passwords are about to terminate, are
terminated, or do not meet the Master Policy criteria. Administrators can implement a onetime
password policy (OTP), which requires a password to be keyed in each time a user logs in with
the existing password. 

Q17) What is On-Demand Privileges Manager (OPM)?

Ans: On-Demand Privileges Manager permits privileged users to use administrative commands
from their native Unix or Linux session while eliminating the need for root access or admin
rights. This secure and enterprise-ready pseudo solution provides unified and correlated logging
of all superuser activity linking it to a personal username while providing the freedom required
to perform job function. Granular access control is provided while monitoring all administrative
commands continuously of super users activity based on their role and task.

Q18) What is Application Identity Manager (AIM)?

Ans: The Application Identity Manager is an application based on Windows and Linux which
facilitates access to privileged passwords and eliminates the need to hard code plaintext
passwords in applications, scripts, or configuration files. As with all other credentials stored in
the Enterprise Password Vault, AIM passwords are stored, logged, and managed strongly. AIM
is separated into two components: a Provider, which securely retrieves and caches passwords and
provides immediate access to the requesting application; and the SDK, which provides a set of
APIs for Java, .NET, COM14, CLI15, and C/C++. In the evaluated version, the AIM Provider
for Windows and SDK have been excluded. 

Q19) What do we mean by “Penetration Test”?

Ans: A penetration test(Pen Test) attempts to exploit the vulnerabilities to determine whether
unauthorized access or other malicious activity is possible. Penetration testing typically includes
network penetration testing and application security testing as well as controls and processes
around the networks and applications and should occur from both outside the network trying to
come in (external testing) and from inside the network. The Payment Card Industry Data
Security Standard (PCI DSS) was introduced to provide a minimum degree of security when it
comes to handling customer card information. While the Standard has been around for over a
decade, penetration testing has only recently been officially incorporated into the process. For
instance, as a Penetration Tester in CyberArk, you will be the go-to-guy of finding traditional
and creative ways of breaking CyberArk products’ security and suggest robust solutions to fixing
it.
Q20) What is BYOC?
Ans: BYOC is short for bringing your own computer, a common phrase used by gamers when
attending a multiplayer gaming event. BYOC is where gamers are asked to bring their own
computer and hook it up to the network to take part in the multiplayer PC gaming event. You can
practically use any client to access the target system if PSM is enabled, and flexible. CyberArk
PSM integrates with more target system type other than others

Q21) If CyberArk vault user changed his Active Directory password, what will happen
with his CyberArk account?
Ans: Nothing happens if CyberArk uses the LDAP authentication process.

Q22) Which Component used on all Cyberark solutions?

Ans: CyberArk Enterprise Password Vault, a component of the CyberArk Privileged Account
Security Solution, is used on all CyberArka Solutions.  It has been designed to discover, secure,
rotate and control access to privileged account passwords used for accessing systems throughout
the organization. The solution facilitates organizations to understand the scope of their privileged
account risks and put controls in place to minimize the risks. Flexible policies enable
organizations to enforce granular privileged access controls and automating workflows and
rotating passwords at a regular interval without requiring manual effort. To demonstrate its
compliance, organizations can easily collect report on which users accessed what privileged
accounts, when and why.

Q23) What do we need to enable auto password reconciliation policy in CyberArk?

Ans: Following are the prerequisites to enable auto password reconciliation policy in CyberArk.
 Enable Password reconciliation for a specific policy with the Organization.
 An additional account on the target server with sufficient rights should be created.
 Automatic password verification should be enabled by the system administrators
 Enable password reconciliation when the password is not synchronized.

Q24) What are User Directories that are supported by CyberArk?

Ans: CyberArk supports Active Directory, Oracle Internet Directory, Novell eDirectory, IBM
Tivoli DS.
Q25) What are the steps required to register a privileged account to CyberArk PIMS using
PVWA?
Ans: In order to register to a privilege account we need to:
1. Create a safe & define the safe owner
2. Create a PIM Policy
3. Create CPM & PSM Policy
4. Add account with its properties (username, password, address etc)
2.
Q26) What CyberArk PSM has web form capability means?
Ans: CyberArk PSM has web form capability means, With a set of conditions, PSM connector
can be integrated into a web-based application. By default PSM web capability only covers html
login page with form id, input form for user/password and a button name attribute.

Q27) What do you understand by Privileged Threat Analytics?

Ans: CyberArk Privileged Threat Analytics is a safety intelligence solution that permits
organizations to detect, alert, and respond to anomalous privileged activity indicating an attack in
progress. The solution collects a targeted set of data from multiple sources, including the
CyberArk Digital Vault, SIEM, and network taps or switches. Then, the solution applies a
complex combination of statistical algorithms, enabling organizations to detect indications of
compromise early in the lifecycle of the attack by identifying malicious privileged account
activity.

Q28) What do you understand by Privileged Session Manager?

Ans: Privileged Session Manager secures, controls, and scrutinize privileged user access and
activities to critical Unix, Linux, and Windows-based systems, databases, virtual machines,
network devices, mainframes, websites, SaaS, and all other available options. It provides only
one point for access control, prevents malware from jumping to any target system, and records
every keystroke and mouse click for continuous monitoring.

Q29) What do you understand by SSH Key Manager?

Ans: SSH Key Manager helps organizations prevent unauthenticated access to private SSH keys,
which are frequently used by privileged Unix/Linux users and applications to validate privileged
accounts. SSH Key Manager secures and rotates privileged SSH keys based on the privileged
account security policy and controls and scrutinize access to protect SSH keys. This solution
enables organizations to gain control of SSH keys, which offers access to privileged accounts but
is often ignored.
Q30) Which component of CyberArk enables commands to be whitelisted or blacklisted on
a per-user and/or per-system basis?
Ans: On-Demand Privileges manager enables the commands to be whitelisted or blacklisted.

Q31) Can CyberArk Vault be managed manually?

Ans: CyberArk Vault can be managed using PrivateArk Client, PrivateArk Web Client, and
Private Vault Web Access.