chapter 14 Flashcards
(blank) is a PAM solution when all the components are owned and operated by the customer
an entirely on-premises installation of the vault and all the different components
an entirely cloud-based deployment where the vault and components are deployed to one of the supported cloud platforms, ie. aws, azure
a hybrid deployment in chich some components are in the cloud and others, very often the vault, are installed on-premises
cyberark privilege cloud - PAM as SaaS
the privileged access manager is delivered as software as a service
PAM self hosted
PAM self-hosted components
(blank) - a secure server used to store privileged account information, based on a hardened windows server platform
(blank) - the web interface for users to gain access to privileged account information, used by vault admins to configure policies
(blank) - performs the password changes on devices, scan the network for privileged accounts
(blank) - isolates and monitors privileged account activity
(blank) - monitors and detects malicious privileged account behaviour
secure digital vault
password vault web access (PVWA)
central policy manager (CPM)
privileged session manager (PSM)
privileged threat analytics (PTA)
installation of the vault adds 6 new services.
- cyberark event notification engine
- cyberark hardened windows firewall
- (blank)
- private ark database
- private ark remote control agent
- (blank)
it also decreases the total number of running services
cyberark logic container
private ark server
vault installation changes the firewall by (blank) all of the firewall rules that do not relate to cyberark both inbound and outbound
deleting
there are 4 vault configuration files
(blank) - main configuration file of the vault, any change requires a restart of the vault service
(blank) - configure password policy for users of the vault
(blank) - configure remote control agent in the vault, SNMP configuration
(blank) - configure the physical disks used to store vault data
dbparm.ini
passpartm.ini
PARagent.ini
tsparm.ini
the dbparm.ini contains the current vault configuration file, contains parameters for log level, server key, syslog, timeouts, recovery key, etc
(blank) - contains all the possible configurations options, full info on these parameters is contained in the PAM documentation
(blank) - contains the last known working configuration of the dbparm.ini file. created automatically when the vault server starts up
dbparm.sample.ini
dbparm.ini.good
what are the vault log files
(blank) - main log file of the vault server
(blank) - trace file of the vault, it is detailed according to the debug level configured in the dbparm.ini file
italog.log
trace.d0
.
the PVWA is a web application running on IIS, you can control it through the IIS manager interface or use the command line by running
(blank)
or iisreset /status
to check status of website
iisreset /restart
PVWA directories IIS folder
PVWA application files are located in (blank)
webpage: IIS virtual folder - passwordvault
c:\cyberark\password vault web access\
the PVWA log location is (blank)
can be changed by going to the passwordvault folder under IIS, opening the file web.config and modifying the logfolder parameter
%windir%\temp\PVWA\
the cpm has 2 main services
(blank) - is the scanner for the accounts feed workflow
(blank) is a batch processor that connects to the vault looking for work to do and kicks off the necessary processes to complete that work
cyberark central policy manager scanner
cyberark password manager service
3 main cpm directories
(blank) - contains all the files required to run the cpm and change password processes on target machines
(blank) - contains cpm activity log files
(blank) - contains files that are used the cpm for internal processing
(blank) - contains the configuration that tells the cpm where to find the vault and how to connect
bin
logs
tmp
vault
the cpm has 3 main log folders
activity logs (logs folder):
(blank) - contains all the log messages, including general and informative messages, errors and warnings
(blank) - contains only warning and error messages
third party log files (logs\thirdparty folder)
generated by the CPM’s password generation plug-ins when an error occurs
name of log file: <type>-<Safe>-<folder>-<name>.log</name></folder></Safe></type>
E.g., Operating System-UnixSSH-1.1.1.250-Root.log
history log files (logs\history folder) - after a log file has been uploaded into the safe, it is renamed and moved into the history subfolder
the file is marked with a time stamp and renamed as follows: <filename> (<date>-<time>).log</time></date></filename>
pm.log
pm_error.log
in the (blank) directory, you’ll find all the configuration files, logs, and connectors that allow end users to connect to target systems
psm
all activities that are carried out by the psm are written to log files and stored in the log subfolder of the psm installation folder
the (blank).log file contains informational messages and errors that refer to psm function
(blank).recorder.log contains error and trace messages related to the psm recorder that can be used for troubleshooting with session video recordings. the types of messages that are included depend on the debug levels specified in the recorder settings of the psm configuration
<Sessionid>.(blank).log contains errors and trace messages related to the connection client that can be used for troubleshooting
</Sessionid>
PSMConsole
<SessionID>
<Connection>
</Connection></SessionID>
there are 2 local users on the PSM servers
(blank) - is used by auditors when connecting via RDP to the PSM to monitor other users’ RDP connections
(blank) - is used when an end user launches a connection to a target system via PSM
PSMAdminConnect
PSMConnect
the credentials for the psmconnect and psmadminconnect users are stored as accounts in the (blank) and should be managed in the same way as any other account
vault
when a vault user launches a session via the PSM for non-rdp connection (e.g. SSH) for the first time, a shadow user is created for the user on the (blank) server
this shadow users launches the application needed for the connection (putty in the case of an SSH connection)
the credentials for these users are reset with every connection
PSM
there are 3 internal safes created during the vault installation
(blank) - used by the ENE service
(blank) - contains the file links for dbparm.ini, etc
(blank) - contains configuration data for cyberark LDAP integration
notification engine
system
VaultInternal
the vault’s main configuration files and logs can be accessed in the system safe from remote stations using the (blank)
a new (blank) file can be copied into this safe to update the license without the need to restart the vault service
PrivateArk client
license.xml
CPM internal safes
The installation of the first CPM will create 8 Safes:
* PasswordManager
* PasswordManager_Accounts
* PasswordManager_ADInternal
* PasswordManager_info
* PasswordManager_Pending
* PasswordManager_workspace
* PasswordManagerShared
* PasswordManagerTemp
Additional CPMs will share some
Safes and create some additional
new ones.
blank
tools > administrative tools > users and groups
by default, the first CPM user’s name is (blank)
when creating a new safe through the PVWA, the CPM user is automatically added to the Safe
PasswordManager
PVWA Safes
PVWAConfig - configuration settings for PVWA
PVWAPrivateUserPrefs - user preference settings
Note: the above two safes should not be accessed directly
(blank) - contains the help documents that can be accessed in the PVWA
PVWAReports - completed reports
PVWATaskDefinitions - report definitions
(blank) - information on integrations with third-party ticketing systems
PVWAUserPrefs - changes to individual user preferences
PVWAPublicData
PVWATicketingSytem
PSM Safes
PSM - contains the password objects for PSMConnect and PSMAdminConnect
PSMLiveSessions - allows users to monitor live sessions
PSMNotifications - allows users to terminate, suspend or resume sessions
(blank) - default safe for storing recordings
PSM Sessions - allows users to launch sessions via PSM
(blank) - used in auto deployment for PSM connectors to multiple PSMs
PSMUnmanagedSessions - allows users to monitor live ad-hoc sessions
PSMRecordings
PSMUniversalConnectors
