You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?
To allow for password management using least privilege when the CPM is unable to log in directly with the root account, you should configure the UNIX platform to use the correct logon account. This ensures that the CPM can manage the passwords without requiring root-level access directly, adhering to the principle of least privilege by using an intermediary account.
This is not to reconcile the account it to change the root password
C is the answer, login account is what is needed not a reconcile account.
The clue is for password management. So option will be reconcile account
C. Configure the UNIX platform to use the correct logon account.
C. Configure the UNIX platform to use the correct logon account. https://docs.cyberark.com/pam-self-hosted/13.0/en/Content/PASIMP/Linked-PAS-Accounts.htm#Overview DR
C is the correct answer since you only need a logon account and do this via at the platform level