CyberArk Defender – Endpoint Privilege Manager — Question 14

An application has been identified by the LSASS Credentials Harvesting Module.
What is the recommended approach to excluding the application?

Answer options

• A. In Agent Configurations, add the application to the Threat Protection Exclusions.
• B. Add the application to the Files to be Ignored Always in Agent Configurations.
• C. Exclude the application within the LSASS Credentials Harvesting module.
• D. Add the application to an Advanced Policy or Application Group with an Elevate policy action.

Correct answer: A

Explanation

The correct answer is A because adding the application to the Threat Protection Exclusions in Agent Configurations effectively prevents it from being monitored by the LSASS module. Options B, C, and D do not specifically address the exclusion process for this module and may not prevent the application from being flagged.