You have been tasked with deploying a Privilege Cloud PSM for SSH connector When the initial installation has successfully completed, you create and permission several maintenance users to be used for administering the connector.
Which configuration file must be updated to define these maintenance users?
Answer : C
Thesshd_configfile is the correct configuration file that must be updated to define maintenance users for administering the Privilege Cloud PSM for SSH connector. This file contains configurations for the SSH daemon, including user permissions and group settings. When adding maintenance users, their user accounts are created on the PSM server, and then they are added to theAllowGroupsparameter within thesshd_configfile to grant them the necessary permissions.
CyberArk documentation on the PSM for SSH environment1.
CyberArk Sentry guide on how to add maintenance users for SSH PSM
When deploying a Privilege Cloud PSM for SSH connector, the configuration file that must be updated to define maintenance users is 'sshd_config'. This file is used to configure options specific to the SSH daemon, which includes user permissions, authentication methods, and other security-related settings. To add and configure maintenance users for the PSM for SSH, you will need to modify this file to specify allowed users and their respective privileges.
What creating a new safe, what is the default number of password versions stored if using 'Save latest account versions' within version management settings?
Answer : B
When creating a new safe and configuring the 'Save latest account versions' within version management settings, the default number of password versions stored is 10. This setting allows the safe to maintain up to 10 past versions of each password managed within it. This capability is essential for ensuring that previous password states can be accessed if needed, such as for audit purposes or rollback scenarios in the event of an update error or compromise.
When installing the PSM and CPM components on the same Privilege Cloud Connector, what should you consider when hardening?
Answer : A
When installing the PSM and CPM components on the same Privilege Cloud Connector and considering the hardening process, it's important to note that PSM settings override the CPM settings when referring to the same parameter. This hierarchy is crucial in ensuring that the more stringent security settings required by PSM, which typically handles direct interaction with end-user sessions, take precedence over CPM settings. This setup helps maintain robust security practices by applying the most restrictive configuration where conflicts occur.
How should you configure PSM for SSH to support load balancing?
Answer : A
To support load balancing for PSM for SSH, the configuration should be done by using a network load balancer. This method involves placing a network load balancer in front of multiple PSM for SSH servers to distribute incoming SSH traffic evenly among them. This setup enhances the availability and scalability of PSM for SSH by ensuring that no single server becomes a bottleneck, thereby improving performance and reliability during high usage scenarios.
According to best practice, when considering the location of PSM Connector servers in Privilege Cloud environments, where should the PSM be placed?
Answer : B
According to best practice, when considering the location of PSM Connector servers in Privilege Cloud environments, the PSM should be placed near the target devices. This placement minimizes latency and maximizes performance by reducing the distance that data has to travel between the PSM servers and the devices they are managing. This is particularly important for maintaining high efficiency and response times during remote session management and operations, which are critical for the overall effectiveness of the Privilege Cloud environment.
'What is a default authentication profile to access CyberArk Identity?
Answer : B
The default authentication profile to access CyberArk Identity is typically the Default New Device Login Profile. This profile is used to manage the authentication settings and security measures for devices accessing CyberArk services for the first time. It includes configurations such as authentication methods, security checks, and compliance requirements, ensuring that new devices meet the organization's security standards before gaining access.
You are creating a PSM Load Balanced Virtual Server Configuration.
What are the default service ports / protocols used for RDS and the PSM Health Check service?
Answer : B
In a PSM Load Balanced Virtual Server Configuration, the default service ports/protocols used are RDP/3389 and HTTPS/443. RDP (Remote Desktop Protocol) typically uses port 3389 for remote desktop services, which is essential for PSM functionalities involving remote sessions. HTTPS, which utilizes port 443, is used for the PSM Health Check service to ensure secure and encrypted communication during the monitoring and health verification processes of the PSM services.