Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

cyberark > chapter 7 > Flashcards

chapter 7 Flashcards

1
Q

(blank) are another type
of Platform and are used for managing Usages

  • A usage refers to an instance when an account, which is
    created at the operating system or domain level, is also used to perform some task somewhere
    else
  • When we change the password for the target account, we must also make sure that any other
    occurrences (or usages) of the password are also changed
A

dependents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The (blank) can synchronize an account password with all other occurrences of the
same password on the same server or anywhere in the network, provided that those occurrences are registered in CyberArk PAM.
This is done through Usages

A

cpm

the cpm changes password, when the searchforusages=y

then the cpm scans for usages

then the cpm updates usages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In our example, a local
Windows user – sendmail01 –is used to run a scheduled task
– SchedTask01.

  • When we change the
    password for sendmail01, we must also change the copy
    of the password that is stored with the scheduled task.
  • If we don’t, the scheduled task
    will no longer run.
A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

on the account details screen, there is a scheduled task tab. you will need to add any scheduled tasks that are run by this account so they can all be changes at the same time. You will need to provide the name of the task and the server address

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Windows Usages:
Platform
Configuration

Windows Usages are enabled by default in all the Windows Target Platforms.
* The Target Platform must reference the Dependent Platforms for the Usages.
* And have the parameter SearchForUsages set to Yes

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Windows Usages:
Platform
Configuration

The names listed under Usages reference the (blank) object IDs for the Dependent Platforms.
Here we see the usage
SchedTask in a Windows
platform.

If we look at the dependent platform Scheduled Task, we will
see that its ID is also SchedTask

This parameter informs the Target Platform what kinds of Dependents it should look for when scanning for usages.

A

pam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Certain applications are hard-coded to
retrieve credentials from configuration
files

  • The (blank) can manage application accounts in the following types of files:
    ⎼ Plain text
    ⎼ INI files
    ⎼ XML files
    ⎼ Web configuration files
  • These usages must be added manually to the appropriate Target
    Platforms
A

cpm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

in this example, we have an application that uses a database account – dba01 – to retrieve data for processing. The application retrieves the password for (the privileged account) from a configuration file and uses the credentials to authenticate to a target database.

  • When the CPM changes the password for dba01, it must also push the updated password to the
    config file that is used by the application.
A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Add Config File
Usage (1)

To add a configuration file usage, you will first need to add manually the relevant usage in the target account platform
Then enable the parameter (blank)

A

SearchForUsages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Add Config File
Usage (2)

Next, you must add the specific INI config file usage to the relevant account

Notice that, in addition to
providing the server address and the full path to the INI file, this usage also specifies where
in the file the password can be found:

in the section Server at the parameter Password

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

In this example, when the (blank) changes the password for dba01, it will also change the
password in the file
/var/opt/app/app01.ini on the server 10.0.0.20
(target-lin).

A

cpm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

If an extra account is required to log onto the remote machine where the usage exists, you will
need to associate a logon account with the usage.

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Passwords stored in configuration files can be encrypted using an external command

Encryption Command
The full path of the encryption command
that will encrypt the password. The
encryption file can be stored in any location on the CPM machine.

Encryption Regex
The parameter that handles the output of
the Encryption Command parameter. If this parameter is not defined, it will behave as if “(.*)” has been specified.
This parameter is only relevant when the
Encryption Command parameter is defined

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Discoverable
Dependents

The (blank)
process can detect the following Windows dependencies and
automatically onboard them:

  • COM+ Application accounts
  • IIS Directory Security
    (Anonymous Access) accounts
  • IIS Application Pool accounts
  • Scheduled Tasks accounts
  • Windows Services account
A

Accounts Discovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Non-Discoverable
Dependents

The remaining dependent account types cannot be discovered and must be added
manually:
* Database String
* INI File
* Private SSH Key
* Text File
* Web File
* Windows Registry
* XML File

A

blank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

cyberark (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions