What is PAM?

 It’s a term used to designate special access or abilities above and beyond
that of a standard user? privileged access allows organizations to secure
their infrastructure and applications,run the business efficiently and
maintain the confidentially of sensitive data and critical infrastructure.
 IT IS IMPORTANT BECAUSE extending privileged access management to
your organization endpoints can help reduce risk by eliminating
unnecessary local admin privileges blocking malicious behaviour and
strengthening the security of privileged account.

 WORKFLOW:

What is cyber ark?

ANS:CyberArk is security tool used for the security of privileged accounts through
password management.
 What are CyberArk components in detail?

ANS:

1) Private ark server(vault):it is most secure place in the network where you can
store your data. since pre-configured.
2) Private client: Private Ark client is the administrative interface to the EPV,
after installing the vault server, install the private ark client on the vault server
machine so that you can configure vault.
3) Password vault web access: it is a web interface which allows the
management of privileged passwords.
4) Central policy manager: this component changes the existing automatically
and replaces them with new passwords. also provides reconciliation
passwords on remote machines.
5) Privileged session manager web: this component enables the companies to
have a cohesive approach to secure access to multiple applications, services
and cloud platform.
6) Dr (disaster recover) vault:Disaster Recovery vault is a replication/failover
solution designed to create a stand-by copy of production vault on a remote
and dedicated machine. That can be made operational quickly if the original
vault fails.

How to onboard an account into the CyberArk?

Ans.To onboard a privileged account, we need three things

o Account name - requestor

o Address - requestor
o Safe name – based on organization name
o Platform name.
 Go to policies and access control – you can create safe.
o Platform name – which exist in target machine – windows, Linux,
 Go to administration platform management and we need to
duplicate the windows local account.
The maximum number of password violations?
Ans. 5 times (we can increase up to 99 times)
How do you Activate a suspended user?
Ans. Logon to primary vault, then click on tools, in that we are having
administrative tools just click on users and groups option there we will have a
new window in that we are having all the users, by selecting the suspended user
name then go to trusted network area from there we can find activate.

How to reset a password at vault level?

Ans: 1.In the Change Password window, select Change the password only in the
Vault. If a predefined password policy is enforced for the account being changed, the
password complexity requirements of that policy are displayed.
2.In the Password edit box, specify the password for the CPM to use.
3.In the Confirm Password edit box, type the password again to confirm it.
4.To generate a password automatically, click Generate Password; the Change
Password window expands to display the Generate Password options.
5.Click Generate; a random password is generated using the specified password
criteria. If the user has the ‘Retrieve account’ authorization, the new password is
displayed.
6.Click OK; the CPM changes the selected password to a new specified password. Its
progress is displayed in a progress bar.
What are PSM APPUSER & PSM GWUSER?
1. Psm app user (user activities sending to vault)

2. Psm gate way user (connect with vault & establish connection)

What are PVWA APPUSER & PVWA GWUSER?

1. Pvwa app user (user activities sending to vault)

2. Pvwa gate way user (connect with vault & establish connection)

How to check IP address when the internet is not working

A reliable way to check that an IP address is not already in use is to logon to a machine that is in the same
subnet as the Storwize® V7000 Unified system will use for management communications. Then ping the new
IP addresses. For example, ping each of the IP addresses that you intend to use in the InitTool.exe.
 What is group policy
Ans:- Group Policy is a hierarchical infrastructure that allows a network
administrator in charge of Microsoft's Active Directory to implement specific
configurations for users and computers. Group Policy is primarily a security tool,
and can be used to apply security settings to users and computers.
What are PVWAAPPUSER & PVWAGWUSER?
Ans: PVWAGWuser is used as a gateway account to impersonate the users to
access the vault.
What are Pareplicate and Parestore

Ans: ThePareplicate utility is a useful way of having a second backup to the vault
in the addition to disaster recovery vault
The PARestore utility enables you to restore Safes that have previously been
either replicated or backed up to the Vault.

What are debugging logs?

Ans:This file contains all log messages, including general and informative
messages,errors, warnings, these type of messages that are included in this log
depend on debug levels. In addition to the flies created by cpm third party logs
are also saved.
What is the maximum number size of the log files?
Ans: Determines the maximum size (MB) of a single log file. When a log file reaches
this size, a new file is created.
Default: 100MB
What is a logon account?
Ans: A logon account can be used to initiate the sessions machine to that do not
permit direct logon. when a logon account is associated with a privileged account,
it will be used to log onto the remote machine and then elevate itself to the role
of the privileged user.
 What is a reconcile account?
Ans:Reconcile accounts are a type of created linked accounts. You can define a
reconciliation account password that will be used to reset the unsynchronized password
at account level. You can store this account in a separate Safe, where it is only
accessible to Privilege Cloud for reconciliation purposes.

What are domain, local & service accounts?

Ans:The CPM can synchronize multiple copies of Windows local accounts that have
been changed and are used in different resources in the following services:

i. Windows Services Accounts

ii. Windows Scheduled Tasks
iii. Windows IIS Application Pools Passwords
iv. Windows COM+ Applications
v. Windows IIS Directory Security (Anonymous Access) Passwords

How many reports are there in the cyber ark?

Ans:There are mainly two types of reports are there.

1) Operational reports
 Privileged account inventory
 Application inventory.
2) Audit/compliance reports
 Privileged accounts compliance status
 Entitlement
 Active log
Explain Password upload utility?
Ans: Files required are: BulkUpload.csv, Conf.ini, User.ini, Vault.ini

We will update the details (CPMname,Password Name,Safe Name,Policy,Device

Type,Password Value(No Value),address,Reserimmediately(Reconcile Task))of
accounts which we need to onboard to CyberArk.

Conf.ini - will define the file names

User.ini - contains the user id and password (which we will create with
Createauthfile.exe user.ini)
Vault.ini - Contains Vault name and vault information

What is a DNS server?

Ans: DNS is a part of domain.

Ransomware, malware, anti-virus, phishing?

Ans: Malicious software’s that locks and encrypts a victim’s computer or device
data, then demands a ransom to remote access

Service Now

Ans:- incident,request,change

What is the latest version of the cyber ark?

Ans:- Aug-2021 released (12.2)

How to create a safe

Ans:- 1. In the Privilege Cloud portal, click Policies > Safes. The Safes that
appear in the list are either Safes created by your user, or Safes for which
you have one of the required permissions.
2.Click Create Safe.
3.On the Add Safe page, enter the following information: Safe
properties. Description. ...
4.Click Save.
How to duplicate a platform

Ans:- Click ADMINISTRATION to display the System Configuration page,

then click Platform Management to display a list of supported target
account platforms. Select an existing platform that is similar to the new
target account platform, then click Duplicate; the Duplicate Platform
window appears.
 How to add exceptions to a platform

Ans:- After setting a Master Policy that determines how accounts will be
managed in the entire organization, you can create exceptions to add
granularity as needed and set different behavior for specific platforms that
will override the corresponding rules set by the Master Policy. Execptions
can be set for a scope of accounts associated with a specific platform. The
Master Policy, together with the exceptions defined on each platform,
determine the resultant behavior of the system on each account, based on
its Platform.

Port numbers – windows, Linux, database, SNMP, SMTP, cyber ark, Mssql,
HTTPS, SSL secured & unsecured

Ans:-windows—139,445

IP address Protocol Port

■ DR TCP 1858
■ Backup
■other components
■ Clients

connectionless DR ICMPv4 ICMPv4

RDP TCP 3389

UDP 3389

Remote Control Client IP TCP 9022

Outbound ports:

IP address Protocol Port

■ DR TCP 1858
■ Backup
IP address Protocol Port
■other
components
■ Clients

connectionless DR ICMPv4 ICMPv4

HTTPS HTTPS 443

Syslog Server IP TCP 514

UDP 514

LDAP Server IP TCP 636

RADIUS Server IP UDP 1812

SMTP server IP TCP 25

UDP 162
What is a bind account

Ans:- The BIND account will be used to query the Active Directory
database. Create a new account inside the Users container. This account
will be used to authenticate as admin on the Cyberark web interface. This
account will be used to query the passwords stored on the Active Directory
database.

What is a shadow user

Ans:- A PSM Shadow user is automatically created during a PSM

Connection. The PSM Shadow users sandbox the client session. The
point of the Shadow users is process isolation, so the programs launched
on the same server by different vault users run under different identities,
and cannot leak information between the sessions
 Explain the PVWA process

Ans:- 1.install the Browser. On the PSM machine, install one of the
supported browsers and configure it. ...
2.Configure AppLocker. Configure AppLocker to enable the installed
browser to run. ...
3.Connection Component settings in PVWA.
4.accounts handling
5.tickets issue handling
6.manage all the accounts (safe,platform,onboarded accounts)

Explain, how to Create a cred file error while initiating the PSM session

Ans:- At the command line prompt, run the CreateCredFile.exe utility. You
must specify the username and password to the Vault.

How many tickets do you handle daily

Ans:- 30 to 50 tickets

How to log in master user

Ans:- 1.Place Master CD into server.

2.Double click Private Ark icon.
3. Enter 'Master' as the user and enter password.
Backup and restore commands

Ans:- evoke backup During a backup operation, the conjur.yml file is

included in the archive that is created on the Master node and is saved in
the /opt/conjur/backup directory on the Master that is being
backedup. When evoke restore is issued, the
conjur.yml file is copied to /etc/conjur/config in the Docker
container on the new Master.
 Explain how to rotate CPM log files

Ans:- All the CPM log files can be automatically uploaded to a Safe in the
Vault on a regular basis, according to a predefined period of time in the
CPM parameters file. Each time a log file is uploaded to the Vault, it is
copied to the History subfolder of the Log folder, and the CPM begins
writing to a new log file.

LogSafeName
LogSafeFolderName
LogCheckPeriod

For example, you could create a Log folder in the ‘CPMLogs’ Safe, and
upload the log files into this folder every 24 hours. In this case, the CPM log
properties file would look like this:

What is secure connect or Adhoc connect ?

Ans:- You can connect to any machine through PSM using any account,
including those that are not managed in the CyberArk Vault. Connecting to
accounts that are not managed (when you know the target machine's
credentials) is referred to as Ad Hoc Connections. All ad hoc connection
sessions benefit from the standard PSM features, including session
recording, detailed auditing, and standard audit records. In addition,
authorized users can monitor active sessions in real time, assume control,
and terminate them when necessary.

What is the server key, public key, private key in the vault ?

Ans:- The Server Key is the key used to “open” the Vault, much like the
key of a physical Vault. The key is required to start the Vault, after which
the Server key can be removed until the Server is restarted. When the
Vault is stopped, the information stored in the Vault is completely
inaccessible without that key.

This method adds an authorized public SSH key for a specific user in the
Vault, allowing them to authenticate to the Vault through PSM for SSH
using a corresponding private SSH key. The user who runs this web
service requires Reset Users' Passwords permissions in the Vault.

The Private Recovery Key is required for the Master User to log on and
to open the Safes in the event of Vault recovery. This Key should be
stored separately from the Server in a secured place, such as on a disk or
CD, in a physical vault.

Installation order till V10.6 & after V10.7

Ans:- we implemented REST API versioning. This version includes REST

API versions for 10.6 and 10.7 – see it on Swagger. ... Change Directory
Mapping Order.

Vault services

Ans:- 1) Privateark database 2) Privateark server 3) Cyberark logic container

4)Cyberark event notification engine 5) Privateark remote control agent 6)cyber
ark windows hardening firewall.

vault config files

Ans:- 1) dmparm.ini, 2) license.xml, 3) paragent.ini 4) passparm.ini 5) tsparm.ini

vault log files

Ans:- - ITA log file

PVWA services

Ans:- IIS reset and scheduled task( if only a task is scheduled then only it will
work)

PVWA Configuration files

Ans:- web.config

PVWA Logfile
Ans:- cyberark.webconsole.log and cyberark.webapplication.log

PVWA vault users

Ans:- PVWAAppuser , PVWAGWuser

CPM SERVICES

Ans:- 1) CyberArk central policy manager scanner ,2) CyberArk central password
manager

CPM config file

Ans:- cpm.ini

CPM log files

Ans:- - Active logs , history logs , third party logs ( actually pm.log, pm_error.log is
enough )

CPM VALUT USER

Ans:- Password manager

PSM CONFIG file

Ans:- basic_psm.ini ( this is the main file)

PSM LOG file

Ans:- PSM CONSOLE, PSM TRACE

PSM Services

Ans:- cyberark priviliged session manager

PSM vault users

Ans:- PSMApp_servername , PSMGW_servername

 PSM local users

Ans:- - PSMConnect , PSMadminconnect

Ip Adress

Internet protocol it uses address of identity for device.

Port Number (1858)

Vault to machines communicate all the components.

Hardening Machine

It uses for the in the machine unnecessary of data cleared.

Fire Wall

Creates a safety barrier between a private network and the public internet.

Network firewall and structure fire wall works in same way.

Types of previlized accounts

Types of previlized accounts :-

 Local administration accounts

 Privileged user accounts
 Domain administrative accounts
 Emergency accounts
 Service accounts
 Active directory domain service accounts
 Application accounts

What is debugging

The server has restarted and someone try to generate some reports and went to wrong that time it
captured in depth level of logs.

What are the components and its services and what purpose they will be used & what are logs
created.

Services

1)cyber ark notification engine.(send the notifications)

Main service:- 2)cyber ark logic container.(every date will be stored)

Main service:- 3)privateark database.(all cred operations any backup data in msexcel)

4)privaeark remote control agent .(trigger the trap request or ticket quickly to
cyber ark team)

Main service:- 5)privateark server service.(running on the application)

What is credential file and how it works

The credential file is to authenticate information for the vault.

Configuration files

(main configuration file) i) Dbparm.ini-----everything will be mentioned.

(Private ark remote agent) ii) PAR agent.ini----each machine details and configure the
traps also.

iii) passparm.ini----password parameter file (max & min length).

iv) tsparm.ini-----(dr file will replicated to this file)
log’s

i)italog----run time and what will happened in vault.

ii)tracelog-----it will captured error along the axis.

Database
All the quarries and all are executed in this file.
Syslog
Log files will be captured.

What are built in accounts

 auditors
 epm agent
 notification engine
 password manager
 psm app user
 psm gate way user
 psm connect
 psm admin connnect
  psm master
 pvwa app user
 pvwa gateway accounts


What is the difference between pa.client and pvwa

No one can create safe at pa.client and everyone can create only pvwa in Safe creation and and the
easy to manage, and better convince.

In the pa.client reports are not to generate the pvwa.

What is safe and how it works

We are create the safe I can only see the axis, until I give the axis anyone not to see.

Unix operator and windows operator & AD-Bridging

The given opm & epm uses for the powershell and other coding sections purpose

For example if you need 100 unix boxes and then install opms also 100 (each box = one opm)
same also windows.

OPM-on demand prevailed manager (Unix boxes)

EPM-end point prevailed manager (window boxes)

AD Bridging Concept:-the 100 unix boxes then avoid the 100 opms for the help of ad-bridging concept
and windows also.

Logon Account

An account that contains the password required to log on to a remote machine in order to perform a
task using the regular account. A common use case for using a logon account is managing root accounts on a
Unix system.