Trilok Chandra Prakash Date of Submission:09-12-22

ASSIGNMENT 2

1. What is load balancer. What is the main purpose of load balancing servers in
cybersecurity?

Ans:

The load balancing architecture relies on an external tool that reflects multiple PSM
servers as a single IP or DNS address (is a core networking solution used to distribute
traffic across multiple servers in a server farm.).

The purpose of load balance is to minimize the load in servers and improves application
responsiveness. It also increases availability of applications and websites for users.

2. What do you mean by Safes & Platforms in CyberArk. Mention the

installation/upgradation sequence of CyberArk components after v10.7 and also
state the reason of change between before v10.7 and after v10.7 sequence order?

Ans:

Safe: It is known as access control of CyberArk. It used to segregate the access for users
according to your organization requirements. For example, you can create a safe for each
department like IT, HR and tore the accounts in relevant safe.

Platform: A platform defines shared characteristics for multiple accounts. It defines the
technical settings for these accounts, such as:

➢ Account Properties
➢ How frequently password will be changed or verified (Credential’s Management
Policy)
➢ How session established and terminated (Session Management)
➢ Linked Accounts, Mail notifications

Installation/Upgradation sequence of CyberArk components after v10.7:

I. Digital Vault(EPV)
II. PVWA
III. CPM
Trilok Chandra Prakash Date of Submission:09-12-22

IV. PSM

Reason behind shuffling of order between PVWA and CPM after v10.7 is one of the CPM
Scanner Service depends on API and HTTPS communication with PVWA for accounts
discovery feature of Cyber Ark

3. What is Disaster Recovery EPV and why do we require it. Also, explain DR replication
in your own words?

Ans:

The Disaster Recovery (DR) Vault is a replication/failover solution designed to create a

stand-by copy of a Production Vault on a remote and dedicated machine (the Disaster
Recovery Vault Machine) that can be made operational quickly if the original Vault fails.

A completely transparent failover can be configured for critical components, such as

PVWA, to enable them to work with a DR Vault as soon as the Production Vault cannot be
reached, without any human intervention or reliance on load-balancing dedicated
hardware.

The Disaster Recovery Vault meets the following requirements:

➢ Replicates data from the Production site to the Disaster Recovery site.
➢ Automatically identifies the Production Vault failure and begins the failover
process in the Disaster Recovery Vault.
➢ Highly Secure Protection of the data on the Disaster Recovery site.

DR Replication: Data will be continuously getting replicated up from Production EPV to

Satellite (Disaster Recovery) EPV in real time.

Data Replication is performed by the settings in Disaster recovery Configuration file

(PADR.ini).

4. How is the backup and restoration of CyberArk servers being taken. Explain different
types of backups being taken in CyberArk as well as how the password recovery is
achieved in case of unreachable CyberArk URL?

Ans:

Backup Utility: It used to Backup the safes, platforms, user details or credentials, PSM
recordings and other Metadata in server.

In Backup We have two types:

I. Full Backup: It will run once in a week, it backup entire data from database.
Trilok Chandra Prakash Date of Submission:09-12-22

II. Incremental Backup: It will run every day, it only backups the files that have
changed since the last backup.

Restore Utility: It restore the Cyber Ark data in case of migration to server or compromise
disaster scenario.

Recovery Utility: Recovery of privileged account password in case of EPV Down time
during Certain activities

During the restore process, the session video and text files are restored to the desired
Safe.

Limitations:

• Restored recordings are available on the Primary Vault only and are not replicated by
default to any DR or Satellite Vault.

• Reviewing a restored recording is available using the V10 user interface in a PVWA
that is configured to work with the Primary Vault.

• The restored recordings are configured by default to the root location

• Once the retention period has passed for the Safe, the Safe is not deleted
automatically.

• Non-English characters are supported for the Safe name in backup only. All other
inputs must be entered in English.

• A restored recordings Safe cannot be used for new recordings.

• The restored recordings only restore the video and text recordings.

5. What is LDAP. Can you explain the purpose of using LDAP in an organization? Also,
mention about the different types of directory services?

Ans:

Lightweight Directory Access Protocol (LDAP) enables organizations to store, manage

and secure information about organization. Using LDAP only we can access Active
Directory (AD).

Different Types of Directory Services:

I. LDAP: It enables the directory services authentication for servers and clients in
multiple platforms.
Trilok Chandra Prakash Date of Submission:09-12-22

II. Key File: It is a text file that contains the user passwords, encrypted to prevent
unauthorized access
III. Digest File: Stores user and group information based on encrypted username and
password