Learn how to securely onboard 5,000 UNIX root accounts for rotation by the CPM using a secondary account and the principle of least privilege.
Table of Contents
Question
You are onboarding 5,000 UNIX root accounts for rotation by the CPM. You discover that the CPM is unable to log in directly with the root account and will need to use a secondary account.
How should this be configured to allow for password management using least privilege?
A. Configure each CPM to use the correct logon account.
B. Configure each CPM to use the correct reconcile account
C. Configure the UNIX platform to use the correct logon account.
D. Configure the UNIX platform to use the correct reconcile account
Answer
D. Configure the UNIX platform to use the correct reconcile account
Explanation
When onboarding a large number of UNIX root accounts for rotation by the CPM, it is crucial to follow the principle of least privilege. Since the CPM cannot log in directly with the root account, a secondary account must be used.
The best approach is to configure the UNIX platform to use the correct reconcile account. The reconcile account has limited privileges compared to the root account, which aligns with the least privilege principle. It allows the CPM to manage passwords without granting excessive permissions.
By configuring the UNIX platform itself, rather than individual CPMs, you ensure consistency and maintainability across the entire environment. This centralized configuration simplifies management and reduces the risk of misconfigurations.
CyberArk CDE Recertification PAM-CDE-RECERT certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CyberArk CDE Recertification PAM-CDE-RECERT exam and earn CyberArk CDE Recertification PAM-CDE-RECERT certification.