CyberArk Trustee – Privileged Access Management — Question 4

All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group
UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group
OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to OperationsStaff? (Choose all that apply.)

Answer options

• A. Use Accounts
• B. Retrieve Accounts
• C. List Accounts
• D. Authorize Password Requests
• E. Access Safe without Authorization

Correct answer: A

Explanation

The correct answer is A, 'Use Accounts', as this permission allows the OperationsStaff to access the passwords in emergency situations with the required approval. Options B and C are not sufficient alone because they do not provide the ability to use the passwords. Option D is irrelevant since it pertains to granting approval rather than accessing the passwords, and Option E is not applicable because it allows access without authorization, which is not the requirement for OperationsStaff.