CyberArk Defender – Access — Question 30

You are tasked to enforce certificate based authentication onto all the domain-joined Windows machines within your organization. Based on the inventory record, there are 1000 Windows machines, which include 150 standalone Windows machines. The enrollment will be conducted from either the office network or through the Virtual Private Network (VPN).
Which parameter(s) should you define within the enrollment code to ensure the security of the code and that only the authorized endpoints get registered?

Answer options

• A. Set an expiration date defining when the code should expire.
• B. Specify the maximum number of devices that can be enrolled.
• C. Define the enrollment code to only the specific office/VPN IP network segment.
• D. Define that only Linux machines may be enrolled.

Correct answer: A, C

Explanation

Setting an expiration date for the code (A) ensures that the code cannot be used indefinitely, enhancing security. Limiting the enrollment code to specific office/VPN IP networks (C) restricts access to authorized endpoints only. Options B and D are not suitable as they do not directly enhance the security of the enrollment process in the given context.