Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

cyberark > chapter 17 > Flashcards

chapter 17 Flashcards

1
Q

vault security

isolating the server
1 no (blank) or trusts
2 no DNS or WINS - uses a manually configured host file

hardening the server
1 remove unnecessary (blank)
2 secure configurations for remaining (blank)
3 only vault server and privateark client are installed
4 no additional applications

A

domain membership

services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

documentation resources

there are several documents that are key to successfully protecting your implementation

security fundamentals

digital vault security standard

[none]

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security fundamentals

details 8 controls to protect your cyberark deployment and therefore, your privileged account

  1. isolate and harden the digital vault server
  2. use (blank) authentication
  3. restrict access to component servers
  4. limits privileges and points of administration
  5. protect sensitive accounts and encryption keys
  6. use (blank) protocols
  7. monitor logs for irregularities
  8. create and periodically test a cyberark disaster recovery plan
A

two-factor

secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

cyberark digital vault security standards

securing your cyberark implementation is critical

the cyberark digital vault security standard describes how to securely configure and maintain the digital vault. it details:

the vault security layers

the digital vault secure platform and enterprise management tools, including

backup/HA/DR
monitoring the vault
remote administration
external storage
virtualization of the vault
vault domain membership
anti-virus

in almost all cases, installing third party applications, virtualization and external storage will result in a (blank) of security

all customers and partners should carefully read the secure platform documeny

A

relaxation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

the vault - end to end security

the steps

  1. vault user
  2. session encryption uses a proprietary protocol, and openSSL encryption
  3. firewall - uses the hardened built-in windows firewall
  4. authentication - single or two factor authentication, (two is recommended)
  5. discretionary access control - granular permissions, role-based access control
  6. mandatory access control - subnet based access control, time limits and delays
  7. auditing - tamperproof audit trail, event-based alerts
  8. file encryption - hierarchical encryption model, every object has unique key
  9. stored credential

[none]

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

vault encryption and key management

encryption keys

there are 3 files that form the cornerstone of the cyberark pam solution encryption methodology. These encryption key files are required to install and operate cyberark pam.

  1. (blank)
  2. (blank)
  3. (blank)
A

server key

recovery public key

recovery private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

vault object encryption - day to day operations

each credential is stored as an encrypted file on the vault

the password uses a File Key with AES-256, which is a unique symmetric key generated for each file, the file key is then encrypted with the Safe Key, which is a symmetric key unique to the safe, the safe key is then encrypted with the symmetric Server Key which is unique to the vault

the Server Key is loaded into memory when the vault starts

the RecPub key is a copy of the relevant safe key which is encrypted with the RecPub key and stored with the safe

[none]

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

how encryption key are distributed

previosuly, the encyptionkeys required to install and operate the cyberark pam solution were physically devlivered in the form of CDs containing the files

as of march 2022, cyberark now deliveres these encryptionfiles via a secure email service

more info: https://cyberark-customers.force.com/s/article/Digitized-Encryption-Keys-Delivery-End-User-Guide

[none]

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Recovery private key storage strategies

the recovery private key, aka the master key, must be copied to physical media and stored in at least (blank) separate and secure locations: one on the primary site and one on the disaster recovery site

A

2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

server key storage strategies

strong - copy the key to external medium, usb, cd, and store it in a physical safe

insert the medium whenever starting the vault

key in RAM

convenient - copy the key to directly attached storage of the vault server and secure with NTFS permissions or by encrypting they key with a 3rd party tool

always available

key in RAM

strong and convenient- store the server key in a hardware security module HSM

always available

key not in RAM

[none]

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

cyberark (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions