When performing “In Domain” hardening of a PSM server, which steps must be performed? (Choose two.)
When performing “In Domain” hardening of a PSM server, which steps must be performed? (Choose two.)
When performing 'In Domain' hardening of a PSM server, the steps involve configuring domain-specific settings. Importing CyberArk policy settings from the provided file into a new GPO ensures that the necessary security policies are applied to the PSM server within the domain. Linking the GPO to a dedicated OU containing CyberArk PSM servers ensures that these policies are applied consistently to all relevant servers. These steps are specific to 'In Domain' hardening. Applying advanced audit on the PSM server, importing an INF file to the local machine, and configuring AppLocker rules are not specifically associated with 'In Domain' hardening procedures.
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PAS%20INST/Install_PSM_harden.htm#HardeningInDomaindeployments
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/Install_PSM_harden.htm#HardeningInDomaindeployments
Another trick question as technically Configuring and running Applocker should be performed on all PSM deployments however A. and C. apply to “In Domain” hardening specifically whereas importing the INF file to the local machine is exclusively for “Out of Domain” deployments. https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20INST/Install_PSM_harden.htm?tocpath=Installation%7CInstall%20PAM%20-%20Self-Hosted%7CInstall%20PSM%7CPSM%20troubleshooting%7C_____3#HardeningInDomaindeployments:~:text=the%20AppLocker%20script-,Hardening%20%27In%20Domain%27%20deployments,-This%20section%20describes
The answers are A and C. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.6/en/Content/PAS%20INST/Install_PSM_harden.htm?tocpath=Installation%7CInstall%20PAM%20-%20Self-Hosted%7CInstall%20PSM%7CPSM%20troubleshooting%7C_____3