CyberArk Sentry – Privileged Cloud — Question 60

Which statements are correct regarding enabling end users from multiple domains in the same forest to authenticate to CyberArk Privilege Cloud? (Choose 2).

Answer options

• A. CyberArk does not permit end users from multiple domains to authenticate to CyberArk Privilege Cloud; it only allows users from multiple directory services, such as AD, Azure AD, CyberArk Cloud Directory, etc.
• B. This can be accomplished when the users' Active Directory accounts are in domains with domain controllers that have a two-way, transitive trust relationship with the domain controller to which the connector is connected.
• C. Configuring authentication for users in multiple domains in the same forest is not recommended due to potential performance issues.
• D. To enable authentication for users in multiple domains in the same forest, you should install separate CyberArk Identity Connectors for each independent domain.
• E. CyberArk recommends consolidating users from multiple domains in the same forest into the CyberArk Cloud directory for this specific use case.

Correct answer: B, D

Explanation

Option B is correct because it accurately describes the requirement for a two-way, transitive trust relationship to enable authentication from multiple domains. Option D is incorrect because having separate connectors for each domain is not necessary when trust relationships are properly established. Other options either misrepresent CyberArk's capabilities or do not align with best practices for managing user authentication.