Which tools can you use to identify the machines and accounts that create the highest risk and are exposed to lateral movement? (Choose two.)
Which tools can you use to identify the machines and accounts that create the highest risk and are exposed to lateral movement? (Choose two.)
To identify the machines and accounts that create the highest risk and are exposed to lateral movement, you can use the CyberArk DNA Report and the CyberArk DNA Map. The CyberArk DNA Report provides detailed data on systems and accounts, including risk levels, compliance, and vulnerabilities. The CyberArk DNA Map visualizes vulnerabilities like Pass-the-Hash, which is essential for understanding lateral movement risks. These tools together help in assessing and mitigating risks effectively.
B & D are correct https://docs.cyberark.com/PAS/11.3/en/Content/BestPractices/SecurityProgram-Phase1.htm
Correct BD "Following the scan, CyberArk DNA delivers a comprehensive report that shows the number of systems scanned and the percentage of systems that do not comply with your password policy, which can be defined in CyberArk DNA prior to scan. The management summary will give you an overview of your environment, including maps of Pass-the-Hash vulnerabilities ..." from https://docs.cyberark.com/pam-self-hosted/11.3/en/Content/BestPractices/SecurityProgram-Phase1.htm#Step3Discovertheprivilegedaccounts
B & D are correct
Answer is BD
CyberArk DNA Report (B) identifies high-risk accounts and machines by analyzing privileged access relationships, credentials, and exposure to lateral movement. CyberArk DNA Map (D) visualizes connections between machines and accounts, highlighting pathways for lateral movement. Other options like Accounts Discovery Feed (A) focus on discovering accounts, REST API Scripts (C) are generic tools, and Get-LocalUser (E) only lists local users on a single machine, lacking risk or lateral movement analysis.