PAM-SEN Exam QuestionsBrowse all questions from this exam

PAM-SEN Exam - Question 82


What is the recommended method to determine if a PVWA is unavailable and should be disabled in a load balancing pool?

Show Answer
Correct Answer: B

The best method to determine if a PVWA is unavailable and should be disabled in a load balancing pool is to monitor Port 1858 on the PVWA server. Port 1858 is often associated with the application's API endpoints, which provide a more reliable check of the PVWA's operational status and its ability to communicate with the vault. Monitoring Port 443 could indicate that the web server is running, but it does not ensure the PVWA's full functionality, especially its connection to the vault.

Discussion

2 comments
Sign in to comment
CavdogOption: B
Sep 9, 2023

Unable to find a specific reference for CyberArk’s “recommendation” however traffic to the PVWA (IIS) over port 443 (SSL) will return a 200 status indicating it is still available even if it can’t talk to the vault preventing users from being able to authenticate. If instead port 1858 (e.g. https://<PVWA>/PasswordVault/api/settings/authentication) is monitored this will prevent the NLB directing users to PVWAs when they can’t talk to the vault. Therefore I’m inclined to think that B. is the best answer. https://www.reddit.com/r/CyberARk/comments/f2x60v/f5_health_check/ https://timschindler.blog/application-health-checking-and-load-balancing-cyberark-privileged-vault-web-access-with-haproxy#heading-setting-up-haproxy:~:text=Even%20without%20a%20connection%20to%20the%20Vault%20the%20PVWA%20still%20loads

bitcorso
Jul 13, 2024

So, you mean A. Monitor Port 443 on the PVWA server

8218179Option: A
Dec 27, 2023

i think correct answer is A. https://www.reddit.com/r/CyberARk/comments/vkt3xb/pvwa_load_balancin_poll/