CyberArk Sentry – Privileged Access Management — Question 36

Which of the following are secure options for storing the contents of the Operator CD, while still allowing the contents to be accessible upon a planned Vault restart? (Choose all that apply.)

Answer options

• A. Store the CD in a physical safe and mount the CD every time vault maintenance is performed.
• B. Copy the entire contents of the CD to the System Safe on the vault.
• C. Copy the entire contents of the CD to a folder on the Vault Server and secure it with NTFS permissions.
• D. Store the server key in a Hardware Security Module (HSM) and copy the reset the keys from the CD to a folder on the Vault Server and secure it with NTFS permissions.

Correct answer: A, C

Explanation

Option A is secure because it involves physical protection of the CD while still allowing access during maintenance. Option C is also secure as it uses NTFS permissions to restrict access to the contents on the Vault Server. Options B and D are less secure; B lacks physical security and D introduces complexity without necessary added security.