CyberArk Technical Interview Questions

How many times wrong Password count access suspension can be increased?

Ans: Upto: 99

To allow specific user to access a specific safe the user need to have

Ans: Safe ownership

What's the minimum password complexity required for CyberArk authentication using internal CyberArk scheme?

Ans: There should be Minimum one lowerchase alphabet character, one uppercase alphabet character, one numeric character

To create a PIM policy, what need to be done ?

Ans:  We should Create CPM Policy, PIM Policy, and Create a PSM connection component & enable the PSM if needed

CyberArk can manage following Database's password

  1. MySQL
  2. DB2
  3. MS SQL
  4. Oracle DB
  5. All of above

Ans: All of above

User with sufficient rights can do _____________ about the privilege account registered

  • Use the privilege account to directly connect to target system by clicking on connect button
  • Copy the password for other usage
  • Change the password by clicking on change button
  • Verify the password by clicking on verify button

What is BYOC? 

Ans: Bring Your Own Client

_________ CyberArk's modules responsible for recording session

Ans: PSM

If CyberArk vault user changed his Active Directory password what will happened with his CyberArk account

Ans: Nothing will happen, If CyberArk uses LDAP authentication

Which Component used on all Cyberark solutions?

Ans: CyberArk Vault

What are the CyberArk Vault protection layers :

Ans: Following are the CyberArk Vault Protection Layers:

  • Firewall & Code-Data Isolation
  • Encryted Network Communication & Visual Security Audit Trail
  • Strong Authentication & Granular Access Control
  • File Encryption & Dual Control Security

About privilege account request/approval or also known as dual control, which following statement is false

  • Requester will receive email notification upon approval
  • Approvals is working in hierarchy
  • Request can be set for a specific time & date
  • Approvals is working in minimum number of approvers
  • Maximum request access for 5 consecutive days

Ans: Approvals is working in hierarchy

CyberArk's PIM stands for :

Ans: Privilege Identity Management

Online CyberArk Training

Can CyberArk change password in a text file?

Ans: Yes, if it is in plaintext or encrypted using known encryption algorithm

IS CyberArk PSM has web form capability?

Ans: Yes

What you need to have to enable auto password reconciliation policy?

Ans: Following should enable for auto password reconciliation policy in cyberark

  • Enable Password reconciliation for specific policy
  • Additional account on target server with sufficient rights
  • Automatic password verification shoud enable
  • Enable password reconciliation when password is unsync

CyberArk Technical Interview Questions

What are User Directories that are supported by CyberArk?

Ans: User Directories that support CyberArk are:

  • Active Directory
  • Oracle Internet Directory
  • Novell eDirectory
  • IBM Tivoli DS

Bring Your Own Clients means

Ans: Bring Your Own Clients means

  • You can use any client to access target system if PSM enabled
  • PSM is flexible
  • CyberArk PSM covers more target system type other than others

Does OpenSSL heartbleed bug affecting CyberArk Vault ?

Ans: No, on all vesion

What are capabilities of PSM for SSH ?

Ans: PSM for SSH has the capability of Video recording, Command recording

What CyberArk PSM has web form capability means ?

Ans: CyberArk PSM has web form capability means, With a set of conditions, PSM connector can be integrated into web based application. By default PSM web capability only covers html login page with form id, input form for user/password and button name attribute

If PSM enabled for a specific policy, auditor user can terminate remote session currently active

Ans: Yes

What is the shortest time CPM can be configured to change password after each usage

Ans: 1 minute

Password management doesn't consists of ____________ action

Ans: ENE integration

How CyberArk Vault can be managed?

Ans: CyberArk Vault can be managed using PrivateArk Client, PrivateArk Web Client, and Private Vault Web Access

What is CyberArk Vault Dual Control ?

  • Confirmation needed to open a safe
  • Confirmation needed to retrieve files
  • Confirmation needed to open a safe and to retrieve files
  • At least 1 safe owner who are authorized to confirm request
  • All of above

Ans: Confirmation needed to open a safe

How long CyberArk Vault will kept deleted object until it reach true deletion stage ?

Ans: 30 days

What are User Accounts Enabled by Default?

  • Administrator
  • Auditor
  • Master
  • Backup
  • None of above

Ans: Administrator

How to release user suspension?

Ans: To release user suspension --> Need to login using administrator account and activate the account.

BYOC applicable to which module ?

Ans: PSM

Which module used to replicate vault at production site to disaster recovery site ?

Ans: DR Module

What are the steps required to register a privilege account to CyberArk PIMS using PVWA :

Ans: Inorder to register to a priviliege accout we need to:

  • Create safe & define safe owner
  • Create PIM Policy
  • Create CPM & PSM Policy
  • Add account with its properties (username, password, address etc)

CyberArk Exam Questions

CyberArk Vault access control can be defined by

Ans: Safe, Folder, Object

Why PrivateArk Web Client limited only to Internet Explorer

Ans: Because it uses ActiveX

Mention 3 pilars of CYberArk solutions 


Which CyberArk's module is responsible for changing password

Ans: CPM

If a User was suspended, who is the user that able to revoke the suspension ?

Ans: Administrator

If a password request got approved why only notification sent to requester but not the password for the target system itself ?

Ans: Because of its Security concern, Email can be eavesdropped, Email can be redirected, Email may not be not secure.

What is ENE integration

Ans: CyberArk email notification integration with existing email system

By default user will be suspended to login to the vault after entering ... times of wrong password

Ans: 5 times

Inorder to enable LDAP user authentication which need to be configured

Ans: Directory mapping

What need to be done to enable PSM for a policy

Ans:  We need to enable PSM option on specified policy, and need to add required PSM connection component

Can CyberArk can manage Facebook password & record Facebook session?

Ans: Yes

What are Authentication schemes supported by CyberArk Vault ?

Ans: Here are teh authentication schemes that are suppored by CyberArk vault - LDAP, Radius, PKI

What are the reasons for CyberArk vault user login access denied?

Ans: Wrong password, Wrong username, User suspension, Wrong authentication mode

CyberArk Tutorials