PVWA Stuff

Question 1

Log location

Answer 1

C:\Windows\Temp\

Question 2

What are the predefined safes from PVWA install?

Answer 2

PVWAConfig,

Question 3

Policies.xml

Answer 3

Contains the ‘UI & Workflow’ settings for all Platforms

Question 4

The PlatformBaseID in the Policies.xml file does what?

Answer 4

Ties the platforms listed in the Policies.xml with the platforms contained in the PasswordManagerShared SAFE

Question 5

What are the PVWA default users and group?

Answer 5

PVWAAppUser - logs into Vault and consumes a PVWA User License
PVWAGWUser - after use login to PVWA, the PVWA users PVWAGWUser (impersinating) with VPN to Vault Server **

Question 6

PVWA is hardenging in how many phases?

Answer 6

3 Phases

a) Executing Installation Automation PS script
b) Applying CyberArk provided GPO
c) Then a few Manual Procedures

Question 7

PVWA Manual Hardening Procdures include?

Answer 7

Remove\Disable all other Network protocols \ services \ clietns

• -Only need–
  a) Client for Microsoft Netork
  b) File and Print Sharing for MS Networks
  c) Internet Protocl TCP IP 4

Question 8

PVWA Automation Hardening script does what? *need to know for certification

Answer 8

• Validates and Disbles roles and services
• Sets file system permisisons
• Creates Local Users to run CyberArk Services
• **An updat eto the CyberArk hardending Group Policy Object is required to grant the users the “Logon as a service” right
• Removes unneded IIS Mime Types
• Disables SSL and enables TLS 1.2 sets, advanced audit policies and registries
• Redirects HTTP to HTTPS

Question 9

After PVWA is installed and hardened what Windows Service is present, and what account runs it?

Answer 9

CyberArk Scheduled Tasks

Log on as: PVWAReportsUser