CyberArk Sentry – Privileged Cloud — Question 96

Which option correctly describes the authentication differences between CyberArk Privilege Cloud and CyberArk PAM Self-Hosted?

Answer options

• A. CyberArk Privilege Cloud only provides a username and password authentication without third-party IdP integration; CyberArk PAM Self-Hosted uses traditional on-premises methods such as Windows and LDAP, but lacks modern protocols such as SAML or OIDC.
• B. CyberArk Privilege Cloud uses cloud-based methods, integrating with CyberArk Identity for MFA, and supports SAML and OIDC; CyberArk PAM Self-Hosted depends on on-premises methods such as RADIUS and LDAP, but can adopt SAML or OIDC with additional setups.
• C. CyberArk Privilege Cloud requires on-premises components for all authentication and does not support other cloud-based authentication protocols; CyberArk PAM Self-Hosted offers a wide array of methods, including support for SAML, OIDC, and other modern protocols, without needing on-premises components.
• D. Both use the same authentication methods.

Correct answer: B

Explanation

The correct answer is B because CyberArk Privilege Cloud indeed uses cloud-based authentication methods and can integrate with CyberArk Identity for MFA, as well as support SAML and OIDC. Option A incorrectly states that CyberArk Privilege Cloud does not support third-party integrations, while C wrongly claims that it requires on-premises components for authentication. Option D is incorrect as both solutions do not use the same authentication methods.