chapter 5 Flashcards
(blank) are actual privileged account ids and passwords
stored in (blank)
examples include:
domain admins
local admins
root accounts
service accounts
every account is associates with a single (blank)
accounts
safes
target account platform
how to add a linux account
- from account view select add account
- on the select system type choose (blank)
*NIX
what are the steps in adding a linux account?
1
2
3
4
- select system type
- assign to a platform
- store in safe
- define properties
what does creating an account do?
It does not create an account on the target system, it registers information in the cyberark pam database about the created account
the (blank) manages passwords and ssh keys on devices based on the polices set by the vault admins
central policy manager or CPM
what are the 3 actions performed by the cpm in order to manage privileged accounts
1
2
3
password verification - confirms the password stored in the vault matches the password on the target system
password change - changes the password automatically based upon an expiration period or by user intervention
reconciliation of unknow or lost passwords - process used when the password stored in the vault does not match the target system
what are the steps in the verify process?
cpm scans vault for account
vault sends account info and current passwords to cpm
cpm sends the login to the target system
target systems sends a success or failure message to the cpm
the cpm then notifies the vault of the success or failure
[none]
how is the password changed?
cpm scans vault for account
vault sends account info and current password to cpm
cpm uses credentials to login into target device
target sends cpm success or failure message
cpm generates password
cpm connects to target device and changes password
target sends back success or failure message
cpm logs into target with new credentials
target send success or failure to the cpm
cpm sends new password to vault for storage
blank
