CyberArk Defender – Privileged Access Management — Question 24

Does CyberArk need service accounts on each server to change passwords?

Answer options

• A. Yes, it requires a domain administrator account to change any password on any server.
• B. Yes, it requires a local administrator account on any Windows server and a root level account on any Unix server.
• C. No, passwords are changed by the Password Provider Agent.
• D. No, the CPM uses the account information stored in the vault to login and change the account's password using its own credentials.

Correct answer: B

Explanation

The correct answer is B because CyberArk does require specific administrative accounts on different operating systems to facilitate password changes. Option A is incorrect as it overstates the requirement to just domain administrator accounts, while C and D describe mechanisms that do not apply to the necessity of service accounts on the servers.