CyberArk Technical Interview Questions
How many times wrong Password count access suspension can be increased?
Ans: Upto: 99
To allow specific user to access a specific safe the user need to have
Ans: Safe ownership
What’s the minimum password complexity required for CyberArk authentication using internal CyberArk scheme?
Ans: There should be Minimum one lowerchase alphabet character, one uppercase alphabet character, one numeric character
To create a PIM policy, what need to be done ?
Ans: We should Create CPM Policy, PIM Policy, and Create a PSM connection component & enable the PSM if needed
CyberArk can manage following Database’s password
- MS SQL
- Oracle DB
- All of above
Ans: All of above
User with sufficient rights can do _____________ about the privilege account registered
- Use the privilege account to directly connect to target system by clicking on connect button
- Copy the password for other usage
- Change the password by clicking on change button
- Verify the password by clicking on verify button
What is BYOC?
Ans: Bring Your Own Client
_________ CyberArk’s modules responsible for recording session
If CyberArk vault user changed his Active Directory password what will happened with his CyberArk account
Ans: Nothing will happen, If CyberArk uses LDAP authentication
Which Component used on all Cyberark solutions?
Ans: CyberArk Vault
What are the CyberArk Vault protection layers :
Ans: Following are the CyberArk Vault Protection Layers:
- Firewall & Code-Data Isolation
- Encryted Network Communication & Visual Security Audit Trail
- Strong Authentication & Granular Access Control
- File Encryption & Dual Control Security
About privilege account request/approval or also known as dual control, which following statement is false
- Requester will receive email notification upon approval
- Approvals is working in hierarchy
- Request can be set for a specific time & date
- Approvals is working in minimum number of approvers
- Maximum request access for 5 consecutive days
Ans: Approvals is working in hierarchy
CyberArk’s PIM stands for :
Ans: Privilege Identity Management
Can CyberArk change password in a text file?
Ans: Yes, if it is in plaintext or encrypted using known encryption algorithm
IS CyberArk PSM has web form capability?
What you need to have to enable auto password reconciliation policy?
Ans: Following should enable for auto password reconciliation policy in cyberark
- Enable Password reconciliation for specific policy
- Additional account on target server with sufficient rights
- Automatic password verification shoud enable
- Enable password reconciliation when password is unsync
CyberArk Technical Interview Questions
What are User Directories that are supported by CyberArk?
Ans: User Directories that support CyberArk are:
- Active Directory
- Oracle Internet Directory
- Novell eDirectory
- IBM Tivoli DS
Bring Your Own Clients means
Ans: Bring Your Own Clients means
- You can use any client to access target system if PSM enabled
- PSM is flexible
- CyberArk PSM covers more target system type other than others
Does OpenSSL heartbleed bug affecting CyberArk Vault ?
Ans: No, on all vesion
What are capabilities of PSM for SSH ?
Ans: PSM for SSH has the capability of Video recording, Command recording
What CyberArk PSM has web form capability means ?
Ans: CyberArk PSM has web form capability means, With a set of conditions, PSM connector can be integrated into web based application. By default PSM web capability only covers html login page with form id, input form for user/password and button name attribute
If PSM enabled for a specific policy, auditor user can terminate remote session currently active
What is the shortest time CPM can be configured to change password after each usage
Ans: 1 minute
Password management doesn’t consists of ____________ action
Ans: ENE integration
How CyberArk Vault can be managed?
Ans: CyberArk Vault can be managed using PrivateArk Client, PrivateArk Web Client, and Private Vault Web Access
What is CyberArk Vault Dual Control ?
- Confirmation needed to open a safe
- Confirmation needed to retrieve files
- Confirmation needed to open a safe and to retrieve files
- At least 1 safe owner who are authorized to confirm request
- All of above
Ans: Confirmation needed to open a safe
How long CyberArk Vault will kept deleted object until it reach true deletion stage ?
Ans: 30 days
What are User Accounts Enabled by Default?
- None of above
How to release user suspension?
Ans: To release user suspension –> Need to login using administrator account and activate the account.
BYOC applicable to which module ?
Which module used to replicate vault at production site to disaster recovery site ?
Ans: DR Module
What are the steps required to register a privilege account to CyberArk PIMS using PVWA :
Ans: Inorder to register to a priviliege accout we need to:
- Create safe & define safe owner
- Create PIM Policy
- Create CPM & PSM Policy
- Add account with its properties (username, password, address etc)
CyberArk Exam Questions
CyberArk Vault access control can be defined by
Ans: Safe, Folder, Object
Why PrivateArk Web Client limited only to Internet Explorer
Ans: Because it uses ActiveX
Mention 3 pilars of CYberArk solutions
Ans: PIMS, SIMS & PSMS
Which CyberArk’s module is responsible for changing password
If a User was suspended, who is the user that able to revoke the suspension ?
If a password request got approved why only notification sent to requester but not the password for the target system itself ?
Ans: Because of its Security concern, Email can be eavesdropped, Email can be redirected, Email may not be not secure.
What is ENE integration
Ans: CyberArk email notification integration with existing email system
By default user will be suspended to login to the vault after entering … times of wrong password
Ans: 5 times
Inorder to enable LDAP user authentication which need to be configured
Ans: Directory mapping
What need to be done to enable PSM for a policy
Ans: We need to enable PSM option on specified policy, and need to add required PSM connection component
Can CyberArk can manage Facebook password & record Facebook session?
What are Authentication schemes supported by CyberArk Vault ?
Ans: Here are teh authentication schemes that are suppored by CyberArk vault – LDAP, Radius, PKI
What are the reasons for CyberArk vault user login access denied?
Ans: Wrong password, Wrong username, User suspension, Wrong authentication mode