C.Ark Interview Preparation [PDF]

Zitiervorschau

What is PAM?  It’s a term used to designate special access or abilities above and beyond that of a standard user? privileged access allows organizations to secure their infrastructure and applications,run the business efficiently and maintain the confidentially of sensitive data and critical infrastructure.  IT IS IMPORTANT BECAUSE extending privileged access management to your organization endpoints can help reduce risk by eliminating unnecessary local admin privileges blocking malicious behaviour and strengthening the security of privileged account. 

WORKFLOW:

What is cyber ark? ANS:CyberArk is security tool used for the security of privileged accounts through password management.

What are CyberArk components in detail? ANS: 1) Private ark server(vault):it is most secure place in the network where you can 2)

3) 4)

5)

6)

store your data. since pre-configured. Private client: Private Ark client is the administrative interface to the EPV, after installing the vault server, install the private ark client on the vault server machine so that you can configure vault. Password vault web access: it is a web interface which allows the management of privileged passwords. Central policy manager: this component changes the existing automatically and replaces them with new passwords. also provides reconciliation passwords on remote machines. Privileged session manager web: this component enables the companies to have a cohesive approach to secure access to multiple applications, services and cloud platform. Dr (disaster recover) vault:Disaster Recovery vault is a replication/failover solution designed to create a stand-by copy of production vault on a remote and dedicated machine. That can be made operational quickly if the original vault fails. How to onboard an account into the CyberArk?

Ans.To onboard a privileged account, we need three things Account name - requestor Address - requestor Safe name – based on organization name Platform name.  Go to policies and access control – you can create safe. o Platform name – which exist in target machine – windows, Linux,  Go to administration platform management and we need to duplicate the windows local account. o o o o

The maximum number of password violations?

Ans. 5 times (we can increase up to 99 times) How do you Activate a suspended user? Ans. Logon to primary vault, then click on tools, in that we are having administrative tools just click on users and groups option there we will have a new window in that we are having all the users, by selecting the suspended user name then go to trusted network area from there we can find activate. How to reset a password at vault level? Ans: 1.In the Change Password window, select Change the password only in the Vault. If a predefined password policy is enforced for the account being changed, the password complexity requirements of that policy are displayed. 2.In the Password edit box, specify the password for the CPM to use. 3.In the Confirm Password edit box, type the password again to confirm it. 4.To generate a password automatically, click Generate Password; the Change Password window expands to display the Generate Password options. 5.Click Generate; a random password is generated using the specified password criteria. If the user has the ‘Retrieve account’ authorization, the new password is displayed. 6.Click OK; the CPM changes the selected password to a new specified password. Its progress is displayed in a progress bar.

What are PSM APPUSER & PSM GWUSER? 1. Psm app user (user activities sending to vault) 2. Psm gate way user (connect with vault & establish connection)

What are PVWA APPUSER & PVWA GWUSER? 1. Pvwa app user (user activities sending to vault) 2. Pvwa gate way user (connect with vault & establish connection)

How to check IP address when the internet is not working A reliable way to check that an IP address is not already in use is to logon to a machine that is in the same subnet as the Storwize® V7000 Unified system will use for management communications. Then ping the new IP addresses. For example, ping each of the IP addresses that you intend to use in the InitTool.exe.

What is group policy Ans:- Group Policy is a hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers. Group Policy is primarily a security tool, and can be used to apply security settings to users and computers. What are PVWAAPPUSER & PVWAGWUSER? Ans: PVWAGWuser is used as a gateway account to impersonate the users to access the vault. What are Pareplicate and Parestore

Ans: ThePareplicate utility is a useful way of having a second backup to the vault in the addition to disaster recovery vault The PARestore utility enables you to restore Safes that have previously been either replicated or backed up to the Vault.

What are debugging logs? Ans:This file contains all log messages, including general and informative messages,errors, warnings, these type of messages that are included in this log depend on debug levels. In addition to the flies created by cpm third party logs are also saved. What is the maximum number size of the log files? Ans: Determines the maximum size (MB) of a single log file. When a log file reaches this size, a new file is created. Default: 100MB

What is a logon account? Ans: A logon account can be used to initiate the sessions machine to that do not permit direct logon. when a logon account is associated with a privileged account, it will be used to log onto the remote machine and then elevate itself to the role of the privileged user.

What is a reconcile account? Ans:Reconcile accounts are a type of created linked accounts. You can define a reconciliation account password that will be used to reset the unsynchronized password at account level. You can store this account in a separate Safe, where it is only accessible to Privilege Cloud for reconciliation purposes.

What are domain, local & service accounts? Ans:The CPM can synchronize multiple copies of Windows local accounts that have been changed and are used in different resources in the following services: i. ii. iii. iv. v.

Windows Services Accounts Windows Scheduled Tasks Windows IIS Application Pools Passwords Windows COM+ Applications Windows IIS Directory Security (Anonymous Access) Passwords

How many reports are there in the cyber ark? Ans:There are mainly two types of reports are there.     

1) Operational reports Privileged account inventory Application inventory. 2) Audit/compliance reports Privileged accounts compliance status Entitlement Active log Explain Password upload utility?

Ans: Files required are: BulkUpload.csv, Conf.ini, User.ini, Vault.ini We will update the details (CPMname,Password Name,Safe Name,Policy,Device Type,Password Value(No Value),address,Reserimmediately(Reconcile Task))of accounts which we need to onboard to CyberArk. Conf.ini - will define the file names User.ini - contains the user id and password (which we will create with Createauthfile.exe user.ini)

Vault.ini - Contains Vault name and vault information What is a DNS server? Ans: DNS is a part of domain. Ransomware, malware, anti-virus, phishing? Ans: Malicious software’s that locks and encrypts a victim’s computer or device data, then demands a ransom to remote access Service Now Ans:- incident,request,change What is the latest version of the cyber ark? Ans:- Aug-2021 released (12.2)

How to create a safe Ans:- 1. In the Privilege Cloud portal, click Policies > Safes. The Safes that appear in the list are either Safes created by your user, or Safes for which you have one of the required permissions. 2.Click Create Safe. 3.On the Add Safe page, enter the following information: Safe properties. Description. ... 4.Click Save. How to duplicate a platform Ans:- Click ADMINISTRATION to display the System Configuration page, then click Platform Management to display a list of supported target account platforms. Select an existing platform that is similar to the new target account platform, then click Duplicate; the Duplicate Platform window appears.

How to add exceptions to a platform Ans:- After setting a Master Policy that determines how accounts will be managed in the entire organization, you can create exceptions to add granularity as needed and set different behavior for specific platforms that will override the corresponding rules set by the Master Policy. Execptions can be set for a scope of accounts associated with a specific platform. The Master Policy, together with the exceptions defined on each platform, determine the resultant behavior of the system on each account, based on its Platform. Port numbers – windows, Linux, database, SNMP, SMTP, cyber ark, Mssql, HTTPS, SSL secured & unsecured Ans:-windows—139,445 IP address

Protocol

Port

■

TCP

1858

connectionless DR

ICMPv4

ICMPv4

RDP

TCP

3389

UDP

3389

TCP

9022

DR

■ Backup ■other components ■ Clients

Remote Control Client IP Outbound ports: IP address

Protocol

Port

■

TCP

1858

DR

■ Backup

IP address

Protocol

Port

connectionless DR

ICMPv4

ICMPv4

HTTPS

HTTPS

443

Syslog Server IP

TCP

514

UDP

514

LDAP Server IP

TCP

636

RADIUS Server IP

UDP

1812

SMTP server IP

TCP

25

UDP

162

■other components ■ Clients

What is a bind account Ans:- The BIND account will be used to query the Active Directory database. Create a new account inside the Users container. This account will be used to authenticate as admin on the Cyberark web interface. This account will be used to query the passwords stored on the Active Directory database. What is a shadow user Ans:- A PSM Shadow user is automatically created during a PSM Connection. The PSM Shadow users sandbox the client session. The point of the Shadow users is process isolation, so the programs launched on the same server by different vault users run under different identities, and cannot leak information between the sessions

Explain the PVWA process Ans:- 1.install the Browser. On the PSM machine, install one of the supported browsers and configure it. ... 2.Configure AppLocker. Configure AppLocker to enable the installed browser to run. ... 3.Connection Component settings in PVWA. 4.accounts handling 5.tickets issue handling 6.manage all the accounts (safe,platform,onboarded accounts) Explain, how to Create a cred file error while initiating the PSM session Ans:- At the command line prompt, run the CreateCredFile.exe utility. You must specify the username and password to the Vault. How many tickets do you handle daily Ans:- 30 to 50 tickets How to log in master user Ans:- 1.Place Master CD into server. 2.Double click Private Ark icon. 3. Enter 'Master' as the user and enter password. Backup and restore commands Ans:- evoke backup During a backup operation, the conjur.yml file is included in the archive that is created on the Master node and is saved in the /opt/conjur/backup directory on the Master that is being backedup. When evoke restore is issued, the conjur.yml file is copied to /etc/conjur/config in the Docker container on the new Master.

Explain how to rotate CPM log files Ans:- All the CPM log files can be automatically uploaded to a Safe in the Vault on a regular basis, according to a predefined period of time in the CPM parameters file. Each time a log file is uploaded to the Vault, it is copied to the History subfolder of the Log folder, and the CPM begins writing to a new log file. LogSafeName LogSafeFolderName LogCheckPeriod For example, you could create a Log folder in the ‘CPMLogs’ Safe, and upload the log files into this folder every 24 hours. In this case, the CPM log properties file would look like this: What is secure connect or Adhoc connect ? Ans:- You can connect to any machine through PSM using any account, including those that are not managed in the CyberArk Vault. Connecting to accounts that are not managed (when you know the target machine's credentials) is referred to as Ad Hoc Connections. All ad hoc connection sessions benefit from the standard PSM features, including session recording, detailed auditing, and standard audit records. In addition, authorized users can monitor active sessions in real time, assume control, and terminate them when necessary. What is the server key, public key, private key in the vault ? Ans:- The Server Key is the key used to “open” the Vault, much like the key of a physical Vault. The key is required to start the Vault, after which the Server key can be removed until the Server is restarted. When the Vault is stopped, the information stored in the Vault is completely inaccessible without that key. This method adds an authorized public SSH key for a specific user in the Vault, allowing them to authenticate to the Vault through PSM for SSH

using a corresponding private SSH key. The user who runs this web service requires Reset Users' Passwords permissions in the Vault. The Private Recovery Key is required for the Master User to log on and to open the Safes in the event of Vault recovery. This Key should be stored separately from the Server in a secured place, such as on a disk or CD, in a physical vault. Installation order till V10.6 & after V10.7 Ans:- we implemented REST API versioning. This version includes REST API versions for 10.6 and 10.7 – see it on Swagger. ... Change Directory Mapping Order. Vault services Ans:- 1) Privateark database 2) Privateark server 3) Cyberark logic container 4)Cyberark event notification engine 5) Privateark remote control agent 6)cyber ark windows hardening firewall. vault config files Ans:- 1) dmparm.ini, 2) license.xml, 3) paragent.ini 4) passparm.ini 5) tsparm.ini

vault log files Ans:- - ITA log file PVWA services Ans:- IIS reset and scheduled task( if only a task is scheduled then only it will work) PVWA Configuration files Ans:- web.config PVWA Logfile

Ans:- cyberark.webconsole.log and cyberark.webapplication.log PVWA vault users Ans:- PVWAAppuser , PVWAGWuser

CPM SERVICES Ans:- 1) CyberArk central policy manager scanner ,2) CyberArk central password manager CPM config file Ans:- cpm.ini CPM log files Ans:- - Active logs , history logs , third party logs ( actually pm.log, pm_error.log is enough ) CPM VALUT USER Ans:- Password manager PSM CONFIG file Ans:- basic_psm.ini ( this is the main file) PSM LOG file Ans:- PSM CONSOLE, PSM TRACE PSM Services Ans:- cyberark priviliged session manager PSM vault users Ans:- PSMApp_servername , PSMGW_servername

PSM local users Ans:- - PSMConnect , PSMadminconnect

Ip Adress Internet protocol it uses address of identity for device. Port Number (1858) Vault to machines communicate all the components. Hardening Machine It uses for the in the machine unnecessary of data cleared. Fire Wall Creates a safety barrier between a private network and the public internet. Network firewall and structure fire wall works in same way. Types of previlized accounts

Types of previlized accounts :      

Local administration accounts Privileged user accounts Domain administrative accounts Emergency accounts Service accounts Active directory domain service accounts Application accounts What is debugging

The server has restarted and someone try to generate some reports and went to wrong that time it captured in depth level of logs. What are the components and its services and what purpose they will be used & what are logs created. Services

1)cyber ark notification engine.(send the notifications)

Main service:-

2)cyber ark logic container.(every date will be stored)

Main service:- 3)privateark database.(all cred operations any backup data in msexcel) 4)privaeark remote control agent .(trigger the trap request or ticket quickly to cyber ark team) Main service:-

5)privateark server service.(running on the application) What is credential file and how it works The credential file is to authenticate information for the vault. Configuration files

(main configuration file) i) Dbparm.ini-----everything will be mentioned. (Private ark remote agent) ii) PAR agent.ini----each machine details and configure the traps also. iii) iv)

passparm.ini----password parameter file (max & min length). tsparm.ini-----(dr file will replicated to this file) log’s i)italog----run time and what will happened in vault. ii)tracelog-----it will captured error along the axis. Database All the quarries and all are executed in this file. Syslog Log files will be captured. What are built in accounts

       

auditors epm agent notification engine password manager psm app user psm gate way user psm connect psm admin connnect

   

psm master pvwa app user pvwa gateway accounts What is the difference between pa.client and pvwa

No one can create safe at pa.client and everyone can create only pvwa in Safe creation and and the easy to manage, and better convince. In the pa.client reports are not to generate the pvwa.

What is safe and how it works We are create the safe I can only see the axis, until I give the axis anyone not to see. Unix operator and windows operator & AD-Bridging The given opm & epm uses for the powershell and other coding sections purpose For example if you need 100 unix boxes and then install opms also 100 (each box = one opm) same also windows. OPM-on demand prevailed manager (Unix boxes) EPM-end point prevailed manager (window boxes) AD Bridging Concept:-the 100 unix boxes then avoid the 100 opms for the help of ad-bridging concept and windows also. Logon Account An account that contains the password required to log on to a remote machine in order to perform a task using the regular account. A common use case for using a logon account is managing root accounts on a Unix system.