CyberArk Defender – Endpoint Privilege Manager — Question 28

A particular user in company ABC requires the ability to run any application with administrative privileges every day that they log in to their systems for a total duration of 5 working days.
What is the correct solution that an EPM admin can implement?

Answer options

• A. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours
• B. An EPM admin can generate a JIT access and elevation policy with temporary access timeframe set to 120 hours and Terminate administrative processes when the policy expires option unchecked
• C. An EPM admin can create an authorization token for each application needed by running: EPMOPAGtool.exe -command gentoken -targetUser <username> -filehash <file hash> -timeLimit 120 -action run
• D. An EPM admin can create a secure token for the end user's computer and instruct the end user to open an administrative command prompt and run the command vfagent.exe -UseToken <securetoken_value>

Correct answer: A

Explanation

The correct answer is A because generating a JIT access and elevation policy with a temporary access timeframe of 120 hours allows the user to run applications with administrative privileges for the required duration. Option B is incorrect as it includes an unnecessary setting about terminating processes, which is not required for this scenario. Options C and D involve token creation, which is not necessary when a straightforward elevation policy can be utilized.