CyberArk Defender – PAM — Question 33

A password compliance audit found:
1) One-time password access of 20 domain accounts that are members of Domain Admins group in Active Directory are not being enforced.
2) All the sessions of connecting to domain controllers are not being recorded by CyberArk PSM.
What should you do to address these findings?

Answer options

• A. Edit the Master Policy and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".
• B. Edit safe properties and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".
• C. Edit CPM Settings and add two policy exceptions: enable "Enforce one-time password access", enable "Record and save session activity".
• D. Contact the Windows Administrators and request them to add two policy exceptions at Active Directory Level: enable "Enforce one-time password access", enable "Record and save session activity".

Correct answer: A

Explanation

The correct answer is A because modifying the Master Policy directly addresses the enforcement issues for both one-time password access and session recording. The other options, while they suggest changes, do not directly target the Master Policy which governs these settings for the entire domain, making them less effective in resolving the compliance gaps.