CyberArk Sentry – Privileged Access Management — Question 117

In accordance with best practice, SSH access is denied for root accounts on UNIX/LINUX systems. What is the BEST way to allow Central Policy Manager (CPM) to manage root accounts?

Answer options

• A. Create a privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Reconcile account of the target server's root account.
• B. Create a non-privileged account on the target server. Allow this account the ability to SSH directly from the CPM machine. Configure this account as the Logon account of the target server's root account.
• C. Configure the Unix system to allow SSH logins.
• D. Configure the CPM to allow SSH logins.

Correct answer: B

Explanation

The correct answer is B because creating a non-privileged account allows CPM to manage the root account without directly exposing SSH access to the root account itself, which adheres to best practices. Option A is incorrect as it involves a privileged account, which is not recommended. Options C and D do not address the management of root accounts through CPM specifically.