CyberArk Study Dump

AllowNonStandardFWAddresses Firewall Exception Syntax - answer-AllowNonStandardFWAddresses=[HSM-IP],Yes,1024:inbound/tcp,1024:outbound/tcp Syntax Command CAVaultManager uses to store a secret - answer-CAVaultM /SecretType HSM /Secret password Syntax command to install a server key to an HSM device using CAVaultManager - answer-CaVaultM LoadServerKeyToHSM Syntax command to re-generate a key on the HSM where the new value is unknown to the operator - answer-CAVaultM GenerateKeyOnHSM /ServerKey. Then, ChangeServerK Any changes made to the DBP configuration file require a _________ - answer-reboot What should you do to complete a post-install hardening of the Vault? - answer-1.) Identify appropriate services are started. 2.) Check that firewall exceptions have been made in the DBP file. 3.) Ensure the server key is running successfully on the HSM. 4.) Ensure the Operator disk is correctly secured with NTFS permissions. Steps to complete a Vault installation - answer-1.) Check that the server rebooted properly 2.) Ensure that the ITALog displays the following message: ITAFW001I Firewall is open for client communication" 3.) Ensure the three safes: System, VaultInternal, Notification Engine were created. 4.) Ensure the 6 services were installed and started. (Later flash card) 5.) Test master login 6.) Network Areas should be configured to only allow connections from the planned IP addresses for CyberArk Components What 6 services are installed and started after installing the Vault? - answer-1.) Cyber-Ark Event Notification Engine 2.) Cyber-Ark Hardened Windows Firewall 3.) CyberArk Logic Container 4.) PrivateArk Database 5.) PrivateArk Remote Control Agent 6.) PrivateArk Server How do you prepare a Windows server for Vault installation? - answer-1.) Ensure it meets the minimum requirements for CyberArk. 2.) Ensure the server is of type Workstation and has never been connected to a domain. 3.) Load installation files into the server. 4.) Disable all network components aside from IPv4 and optionally IPv6. 4.) Disable DNS lookup and LMHosts lookup for WINS. Disable NetBios as well. Four Stages of PVWA Installation - answer-1.) Pre-Installation Tasks 2.) Installation 3.) Post-Install Tasks 4.) Hardening PVWA Pre-Installation Tasks - answer-1.) Review Requirements 2.) Close Applications and Log On 3.) Run Prerequisites Script PVWA Installation Tasks - answer-1.) Run the PVWA Installation Script 2.) Registration (Connecting to the Vault) PVWA Post-Installation Tasks - answer-1.) Check Installation Log Files 2.) Check User Permissions on Web Server 3.) Add Restrictions to Credential Files 4.) Set API Throttling PVWA Hardening Tasks - answer-1.) Run Hardening Script 2.) Apply Post Hardening Configurations 3.) *Harden server in a Domain environment *Only perform this task if your PVWA server is part of a domain What VAULT permissions are needed to perform integration for the PVWA? - answer-- Add Safes - Add/Update Users - Activate Users - Manage Server File Categories - Audit Users The user performing the installation must have the following Safe Permissions with ownership of the VaultInternal and Notification Engine safes. - answer-- List Files - Retrieve Files - Manage Safe - Manage Safe Owners - View Audit - View Owners Where are logs created during PVWA installation stored? - answer-C:UsersAdministratorAppDataLocalTemp They are removed on reboot. What log files are created during PVWA Installation? - answer-1.) PVWAI 2.) PVWAInstallE 3.) PVWAInstallE 4.) PVWAInstallErrorE The directory EnvLog contains log files defining the Connection Status: - answer-1.) CheckC 2.) ConfigureI 3.) ConfigureV 4.) RegisterI What safes are created after installing the PVWA? - answer-- PVWAConfig: Contains all configuration files - PVWAPrivateUserPrefs: Contains the user preference settings for the PVWA - PVWAReports: used for internal processes and gathering reports What is contained in the P file? - answer-All UI and Workflow settings for platforms. What two users are created when the PVWA is installed? - answer-PVWAAppUser - used for internal processing (and consumes a license) PVWAGWUser - used for vault connection In a real environment, where should the PVWA be located and why? - answer-The PVWA should be located closest to the end users and avoid being separated from the Vault. This helps increase its stability and usability, while simultaneously avoiding complex firewall rules. What are the three basic steps to hardening a PVWA server? - answer-1.) Executing an automation script 2.) Applying a provided Group Policy Object (GPO) 3.) Manual Procedures (such as Removing and Disabling any connection component except for Client for Microsoft, File and Printer Sharing for Microsoft and IPv4) Through what script is PVWA hardening done? - answer-Through running the PVWA_H1 script as an administrator. What does post-hardening of the PVWA include? - answer-1.) Operating system updates/service pack installations. 2.) Installation of anti-virus software 3.) Validation of server roles and network protocols. 4.) Clean up of the application pools in the IIS. True or False. If Multiple PVWAs are installed, then load balancing is automatic. - answer-False, load balancing is not automatic when multiple PVWAs are installed. How many CPMs and PVWA servers can exist in a single environment? - answer-60. True or False. Load balanced PVWAs should be identical. - answer-True. How should you prepare a Windows server for a PVWA installation? - answer-1.) Ensure that your server meets the minimum requirements. 2.) Execute the PVWA_P1 script as an administrator from Windows PowerShell. 3.) Verify a self-signed certificate was generated and that incoming HHTPs requests are using that certificate. Identify the steps to correctly harden a CPM Server - answer-1.) Run CPM_H1 in Windows PowerShell as an Administrator. 2.) Restart the CPM server after receiving the "isSucceeded": 0 message. 3.) Restart the CPM server. 4.) Set the PasswordManagerUsers password through Administrative Tools Computer Management to "Password Never Expires" 5.) Confirm that the servers related to the CPM are running under the PasswordManagerUser 6.) Confirm that , , and are defined as exceptions to DEP. Identify the steps to prepare a Windows server for CPM installation - answer-1.) Ensure your system meets the CPMs minimum requirements 2.) The PVWA must be installed before the CPM and the CPM must be able to trust the PVWAs SSL certificate and should be imported. 3.) The CPM should have direct access to passwords and should be treated as critical infrastructure. 4.) Port TCP1858 should be open. 5.) Ensure TLS 1.2 is enabled during pre-installation What are the four stages of CPM Installation? - answer-1.) Pre-install tasks