Cyber-Ark Interview Questions
These interview questions will help you out in getting your dream job in Cyber-Ark.
These questions are based on CyberArk Implementations, Automations, Operations, Upgrades, Migration etc. You can go through these questions to get the idea about the CyberArk Interview.
Q.1. Define CyberArk PSMConnect and PSMAdminConnect?
Q.2. Have you heard about CyberArk new feature JIT?
Q.3. What’s the Cal License used for?
Q.4. How PSM stores the session recordings to the Vault?
Q.5. What’re Logon and reconcile accounts?
Q.6. What are process and prompt files and used for?
Q.7. What’s the use of Quorum disk in CyberArk HA Vault?
Q.8. If you want to apply a new license in your CyberArk Vault – How to do it?
Q.9. How SIEM integration is done?
Q.10. If you find there’re more than 5000+ accounts non-compliant then what will be your action?
During PSM installation, the PSMConnect and PSMAdminConnect users are created on the PSM server machine:
PSMConnect: An account through PSM using a connection method defined in the PVWA. PSMConnect user is used to start PSM sessions on a PSM Machine.
PSMAdminConnect: PSMAdminConnect user is used to monitor live sessions.
Q.2. Have you heard about CyberArk new feature JIT?
There are cases where managing the local administrator passwords is not possible at the initial stage of deployment.
Just in Time access can be used as an intermediate step towards full implementation of Vaulting the local administrators. End user requests access to a designated ad-hoc target machine and is subsequently added to the local admin groups.
Just in Time access is not supported in a distributed Vaults environment.
Just in Time (JIT) access is available only to users authenticating to the PVWA using LDAP.
Note: You can grant Windows admins on-demand, ad-hoc privileged access to Windows targets for a limited period (the default is for 4 hours).
Q.3. What’s the Cal License used for?
Interviewer may ask this question to any profile job:
A Client Access License (CAL) Suite is a license provided by Microsoft to RDP to target servers.
CyberArk Privileged Session Manager (PSM) uses these CAL license to establish the connections to target servers.
It’s types: Per Server and Per User.
After installing the PSMs, you can ask the respective team to configure the CAL license on PSM servers so that connections can be established to target servers via PSMs. It totally depends upon the company’s policy to have the license per server based or per user based.
Q.4. How PSM stores the session recordings to the Vault?
CyberArk PSM records privileged sessions and stores them in the Vault where they can be viewed at any time by authorized users.
When you hit the connect button and establish a connection to the target server then the recordings are stored on a PSM’s recording folder on temp basis and when you disconnect the session. Session recordings are stored by PSMApp user to respective recording safe in CyberArk vault.
Q.5. What’re Logon and reconcile accounts?
This question can be asked to any profile:
Logon Account: A logon account can be used where direct login of an account is not permitted.
When a logon account is mapped with an account, it will be used to log onto the target server and then elevate itself to the role of the privileged user.
Reconcile Account: Reconcile account can be used to reset the password of an account when the password of an account is not known or lost, using an associated reconcile account you can reset the password.
Logon account is generally used for Unix accounts where the root account is not allowed to login directly on the server so, logon account is used which may give switch permissions so that after logging to server using logon account you can switch to root user.
To reset the account’s password, reconcile account must be given necessary permission to reset the password of any account.
Q.5. What are process and prompt files and used for?
This question may be asked to L2, L3 or higher profile:
Terminal Plugin Controller (TPC) platform helps you create new CPM plugins using terminal and scripting languages for terminal-based devices.
TPC plugins are made up of two files that the platform uses to authenticate to target machines:
Prompts: The Prompts file includes a list of conditions. When the plugin runs, TPC matches the conditions defined in this file to the output (prompts) it received from the target machine.
Process: The Process file includes all the states and transitions that are relevant to the flow.
CyberArk TPC supports plugins that are based on SSH, Telnet, Python, PowerShell, cScript.
Q.6. What’s the use of Quorum disk in CyberArk HA Vault?
When you install CyberArk HA vault Quorum disk is one of the main requirements.
Quorum: It tells the cluster which physical server(s) should be active at any given time. A small disk that is used to identify the connectivity and availability of the active node.
The Quorum mechanism is used to prevent communication errors from causing split brain scenarios.
This question can be asked to any profile:
First take a backup of existing license and then just replace it with the new and restart the PrivateArk Server service.
If you don’t want to restart the PrivateArk service, then login to PrivateArk client with administrator user and step into System safe and just replace the new license with the old one. This will be very quick and there’s no need to restart the service!
Note: New license can be procured from CyberArk professional services based on your requirements and if new license is not working after successfully replacing with the old, you must reach out to CyberArk Professional services only.
Q.9. How SIEM integration is done?
When vault to be integrated with SIEM solutions like Splunk, Sentinel, QradaR etc.
We need to make below changes in dbparm.ini file:
After you make changes in dbparm.ini then some changes need to be configured at SIEM server end too like whitelisting the Prod Vault IP address.
Q.10. If you find there’re more than 5000+ accounts non-compliant then what will be your action?
You can pull out the compliance report and can find out how many accounts are compliant and non-compliant:
First you can segregate the errors, it might be chance that few accounts might be having same errors, so segregate the errors.
Make a list of an errors and it might be related to Port not open, firewall blocking the connection, bad user or password, policy blocking etc.
When you find out the errors then accordingly work on it to open the ports contact the respective team like for windows, we need 135, 139, 445 and for Unix its 22.
If it’s the bad user or password then check the password complexity and forbidden chars, it should be same as the server. You can refer the CPM logs and third-party logs to find out the root cause and accordingly work on the issues and can fix it by using the PUU. When you download the compliance report you might see some discrepancy in the report like few accounts will be compliant when you search in CyberArk PVWA, but it is showing non-compliant in report.
Note: Why it’s so? Because when you change the password of an account manually then it might not show compliant in compliance report. When an account’s password is changed automatically by CPM then it will show compliant in report.
Your email address will not be published. Required fields are marked*
April 25 2024
April 22 2024
April 12 2024
April 05 2024
March 30 2024
March 28 2024
March 27 2024
March 27 2024
March 11 2024
March 07 2024
February 29 2024
.jpg)
February 01 2024
January 24 2024
January 20 2024
January 20 2024
January 20 2024
January 20 2024
January 03 2024
January 03 2024
January 03 2024
January 03 2024
Copyright 2022 SecApps Learning. All Right Reserved
Comments (1)
Shubham Kumar
13/Jul/2022Thanks Alot, it was much needed !!!