CyberArk PAM-CDE Recertification — Question 32

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?

Answer options

• A. Configure each CPM to use the correct logon account.
• B. Configure each CPM to use the correct reconcile account
• C. Configure the UNIX platform to use the correct logon account.
• D. Configure the UNIX platform to use the correct reconcile account

Correct answer: C

Explanation

The correct answer is C because configuring the UNIX platform to use the appropriate logon account allows the CPM to manage passwords without granting excessive privileges associated with the root account. Options A and B incorrectly focus on the CPM instead of the UNIX platform, while option D suggests using a reconcile account, which does not support the requirement for direct password management.