Professional Documents
Culture Documents
It’s a term used to designate special access or abilities above and beyond
that of a standard user? privileged access allows organizations to secure
their infrastructure and applications,run the business efficiently and
maintain the confidentially of sensitive data and critical infrastructure.
IT IS IMPORTANT BECAUSE extending privileged access management to
your organization endpoints can help reduce risk by eliminating
unnecessary local admin privileges blocking malicious behaviour and
strengthening the security of privileged account.
WORKFLOW:
ANS:CyberArk is security tool used for the security of privileged accounts through
password management.
What are CyberArk components in detail?
ANS:
1) Private ark server(vault):it is most secure place in the network where you can
store your data. since pre-configured.
2) Private client: Private Ark client is the administrative interface to the EPV,
after installing the vault server, install the private ark client on the vault server
machine so that you can configure vault.
3) Password vault web access: it is a web interface which allows the
management of privileged passwords.
4) Central policy manager: this component changes the existing automatically
and replaces them with new passwords. also provides reconciliation
passwords on remote machines.
5) Privileged session manager web: this component enables the companies to
have a cohesive approach to secure access to multiple applications, services
and cloud platform.
6) Dr (disaster recover) vault:Disaster Recovery vault is a replication/failover
solution designed to create a stand-by copy of production vault on a remote
and dedicated machine. That can be made operational quickly if the original
vault fails.
2. Psm gate way user (connect with vault & establish connection)
2. Pvwa gate way user (connect with vault & establish connection)
Ans: ThePareplicate utility is a useful way of having a second backup to the vault
in the addition to disaster recovery vault
The PARestore utility enables you to restore Safes that have previously been
either replicated or backed up to the Vault.
Ans:The CPM can synchronize multiple copies of Windows local accounts that have
been changed and are used in different resources in the following services:
User.ini - contains the user id and password (which we will create with
Createauthfile.exe user.ini)
Vault.ini - Contains Vault name and vault information
Ans: Malicious software’s that locks and encrypts a victim’s computer or device
data, then demands a ransom to remote access
Service Now
Ans:- incident,request,change
Ans:- 1. In the Privilege Cloud portal, click Policies > Safes. The Safes that
appear in the list are either Safes created by your user, or Safes for which
you have one of the required permissions.
2.Click Create Safe.
3.On the Add Safe page, enter the following information: Safe
properties. Description. ...
4.Click Save.
How to duplicate a platform
Ans:- After setting a Master Policy that determines how accounts will be
managed in the entire organization, you can create exceptions to add
granularity as needed and set different behavior for specific platforms that
will override the corresponding rules set by the Master Policy. Execptions
can be set for a scope of accounts associated with a specific platform. The
Master Policy, together with the exceptions defined on each platform,
determine the resultant behavior of the system on each account, based on
its Platform.
Port numbers – windows, Linux, database, SNMP, SMTP, cyber ark, Mssql,
HTTPS, SSL secured & unsecured
Ans:-windows—139,445
UDP 3389
Outbound ports:
UDP 514
UDP 162
What is a bind account
Ans:- The BIND account will be used to query the Active Directory
database. Create a new account inside the Users container. This account
will be used to authenticate as admin on the Cyberark web interface. This
account will be used to query the passwords stored on the Active Directory
database.
Ans:- 1.install the Browser. On the PSM machine, install one of the
supported browsers and configure it. ...
2.Configure AppLocker. Configure AppLocker to enable the installed
browser to run. ...
3.Connection Component settings in PVWA.
4.accounts handling
5.tickets issue handling
6.manage all the accounts (safe,platform,onboarded accounts)
Explain, how to Create a cred file error while initiating the PSM session
Ans:- At the command line prompt, run the CreateCredFile.exe utility. You
must specify the username and password to the Vault.
Ans:- 30 to 50 tickets
Ans:- All the CPM log files can be automatically uploaded to a Safe in the
Vault on a regular basis, according to a predefined period of time in the
CPM parameters file. Each time a log file is uploaded to the Vault, it is
copied to the History subfolder of the Log folder, and the CPM begins
writing to a new log file.
LogSafeName
LogSafeFolderName
LogCheckPeriod
For example, you could create a Log folder in the ‘CPMLogs’ Safe, and
upload the log files into this folder every 24 hours. In this case, the CPM log
properties file would look like this:
Ans:- You can connect to any machine through PSM using any account,
including those that are not managed in the CyberArk Vault. Connecting to
accounts that are not managed (when you know the target machine's
credentials) is referred to as Ad Hoc Connections. All ad hoc connection
sessions benefit from the standard PSM features, including session
recording, detailed auditing, and standard audit records. In addition,
authorized users can monitor active sessions in real time, assume control,
and terminate them when necessary.
What is the server key, public key, private key in the vault ?
Ans:- The Server Key is the key used to “open” the Vault, much like the
key of a physical Vault. The key is required to start the Vault, after which
the Server key can be removed until the Server is restarted. When the
Vault is stopped, the information stored in the Vault is completely
inaccessible without that key.
This method adds an authorized public SSH key for a specific user in the
Vault, allowing them to authenticate to the Vault through PSM for SSH
using a corresponding private SSH key. The user who runs this web
service requires Reset Users' Passwords permissions in the Vault.
The Private Recovery Key is required for the Master User to log on and
to open the Safes in the event of Vault recovery. This Key should be
stored separately from the Server in a secured place, such as on a disk or
CD, in a physical vault.
Vault services
PVWA services
Ans:- IIS reset and scheduled task( if only a task is scheduled then only it will
work)
Ans:- web.config
PVWA Logfile
Ans:- cyberark.webconsole.log and cyberark.webapplication.log
CPM SERVICES
Ans:- 1) CyberArk central policy manager scanner ,2) CyberArk central password
manager
Ans:- cpm.ini
Ans:- - Active logs , history logs , third party logs ( actually pm.log, pm_error.log is
enough )
PSM Services
Ip Adress
Hardening Machine
Fire Wall
Creates a safety barrier between a private network and the public internet.
What is debugging
The server has restarted and someone try to generate some reports and went to wrong that time it
captured in depth level of logs.
What are the components and its services and what purpose they will be used & what are logs
created.
Services
Main service:- 3)privateark database.(all cred operations any backup data in msexcel)
4)privaeark remote control agent .(trigger the trap request or ticket quickly to
cyber ark team)
Configuration files
(Private ark remote agent) ii) PAR agent.ini----each machine details and configure the
traps also.
Database
All the quarries and all are executed in this file.
Syslog
Log files will be captured.
auditors
epm agent
notification engine
password manager
psm app user
psm gate way user
psm connect
psm admin connnect
psm master
pvwa app user
pvwa gateway accounts
No one can create safe at pa.client and everyone can create only pvwa in Safe creation and and the
easy to manage, and better convince.
We are create the safe I can only see the axis, until I give the axis anyone not to see.
The given opm & epm uses for the powershell and other coding sections purpose
For example if you need 100 unix boxes and then install opms also 100 (each box = one opm)
same also windows.
AD Bridging Concept:-the 100 unix boxes then avoid the 100 opms for the help of ad-bridging concept
and windows also.
Logon Account
An account that contains the password required to log on to a remote machine in order to perform a
task using the regular account. A common use case for using a logon account is managing root accounts on a
Unix system.