CyberArk Defender – PAM — Question 13

A new colleague created a directory mapping between the Active Directory groups and the Vault.
Where can the newly Configured directory mapping be tested?

Answer options

• A. Connect to the Active Directory and ensure the organizational unit exists.
• B. Connect to Sailpoint (or similar tool) to ensure the organizational unit is correctly named; log in to the PVWA with "Administrator" and confirm authentication succeeds.
• C. Search for members that exist only in the mapping group to grant them safe permissions through the PVWA.
• D. Connect to the PrivateArk Client with the Administrator Account to see if there is a user in the Vault Admin Group.

Correct answer: C

Explanation

The correct answer is C because it directly tests the new directory mapping by identifying users in the mapping group who need safe permissions. Option A only checks for existence without testing the mapping, B involves authentication checks unrelated to mapping, and D focuses on user presence in a specific group rather than verifying the directory mapping.