Examice

Exam PAM-DEF All QuestionsBrowse all questions from this exam

Question 37

A password compliance audit found:

1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.

2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.

What should you do to address these findings?

Edit the Master Policy and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

Edit safe properties and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

Edit CPM Settings and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".

Contact the Windows Administrators and request them to add two policy exceptions at Active Directory Level: enable "Enforce one-time password access", enable "Record and save session activity".

Correct Answer: A

To address the audit findings, you should edit the Master Policy and add the necessary exceptions to enforce one-time password access and record session activity. The Master Policy in CyberArk is used to define the overall security settings and rules for the organization, making it the appropriate place to implement these changes to ensure compliance.

Discussion

brossvaOption: A

A is correct

penuelaandyOption: A

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PASIMP/Working-with-Master-Policy-Rules.htm?tocpath=Administrator%7CPrivileged%20Accounts%7CSecurity%20Policy%7C_____2#MasterPolicyrules