CyberArk Sentry – Privileged Access Management — Question 92
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that safe. The members of the AD group
UnixAdmins need to be able to use the show, copy, and connect buttons on those passwords at any time without confirmation. The members of the AD group
OperationsStaff need to be able to use the show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect buttons themselves.
Which safe permissions do you need to grant to OperationsManagers? (Choose all that apply.)
Answer options
- A. Use Accounts
- B. Retrieve Accounts
- C. List Accounts
- D. Authorize Password Requests
- E. Access Safe without Authorization
Correct answer: C, D
Explanation
OperationsManagers need the 'List Accounts' permission to view the accounts in the safe and the 'Authorize Password Requests' permission to approve emergency access requests from OperationsStaff. The other options are unnecessary since OperationsManagers do not require direct access to the passwords themselves.