chapter 3 Flashcards
the (blank) enables an organization to define a baseline for managing accounts in the organization
it is used for managing global policy settings
exceptions to the (blank) rules allow sets of accounts to vary from the policy rule
master policy
master policy
what are the 5 rules of the privileged access workflows for the master policy
dual control
exclusive passwords
one-time passwords
allow transparent connections
require reason for access
what are the 2 rules of the password management rules for the master policy
require password change every x days
require password verification every x days
what are the 2 rules of the session management rules
require privileged session monitoring and isolation
record and save session activity
what is the rule of the audit policy
activities and retention period
what is a platform?
technical settings for managing passwords and connecting to target systems, basis for exceptions
what are the 2 types of platforms?
targets
dependents
what does the target platform do?
define the technical settings that determine how the system manages accounts on different types of servers
what does the dependents platform do?
also known as usages, define additional services accounts such as windows services or scheduled tasks
what are the three main functions of platforms?
define the technical settings required to manage passwords - password policy settings such as minimum length, forbidden characters and so on
point to the relevant plug-ins and connection components - how you login and change a password on a unix server is very different than how you do the same things on a windows server. different plug-ins must be used for different target systems
the basis for exceptions to the master policy - exceptions can be made to the master policy
where is the option for platform management?
under the administration tab in the pvwa
what are some of the default platforms?
windows
*nix
cloud services
database
security applications
network device
application
directory
website
operating system
how do you create a new platform when accounts of the same system type require different policies?
duplicate command under … menu
when duplicating platforms, use a logical naming convention, and make the name unique. what would be a good platform name for linux accounts using a SSH connection with passwords that are rotated every 30 days
LIN SSH 30
select (blank) to modify the platform settings under the … menu
edit
platforms are divided into 2 broad sections, (blank) and (blank). the settings for managing passwords can be found in the automatic password management section
UI and Workflows
Automatic password management
in the create platform screen, under automatic password management, the (blank) section controls the password creation policy
1. length,
2. complexity
3. forbidden characters
generate password
why would you deactivate platforms that are not currently relevant to you implementation
better administration - inactive platforms are hidden from users when they add accounts
better performance - the cpm does not need to manage inactive platforms
if you have a system that is not supported by one of the default platforms, you can either create a new one or import one from the (blank)
cyberark marketplace
when you need to have different settings than is provided by the master policy, you will create (blank) to the master policy by platform
exceptions
in the (blank) page, we can view the password management policies that are applied to the different platforms
platform management
