CyberArk Defender – PAM — Question 5

You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How can this be configured to allow for password management using least privilege?

Answer options

• A. Configure each CPM to use the correct logon account.
• B. Configure each CPM to use the correct reconcile account.
• C. Configure the UNIX platform to use the correct logon account.
• D. Configure the UNIX platform to use the correct reconcile account.

Correct answer: C

Explanation

The correct answer is C because configuring the UNIX platform to use the correct logon account allows the CPM to manage passwords without granting root access directly, thus adhering to the principle of least privilege. Options A and B pertain to the CPM's configuration, which does not address the requirement for the UNIX platform, while option D does not utilize the appropriate logon account for direct access.