A financial services company is deploying a new PSM farm behind a network load balancer. The security policy mandates that the original client IP address must be logged for all connections to the Vault for audit purposes. The PVWA is also behind a load balancer. Which parameter must be configured on the PVWA to ensure the correct client IP is forwarded and logged?
During a disaster recovery test, a manual failover to the DR Vault was initiated. After the failover, CPM services are unable to manage passwords for any accounts. Log analysis on the CPM server shows 'ITACM024S User is not defined' errors. What is the most likely cause of this issue?
A security team wants to implement a policy where any privileged session that executes the `useradd` command on a Linux server is automatically terminated. Which combination of CyberArk components is required to achieve this automated response? (Select TWO)
True or False: When configuring PSM for SSH, the `sshd_config` file on the PSM server must be manually edited to enable TCP forwarding to allow session recording and control.
A global enterprise with data residency requirements is designing a CyberArk PAM architecture. They have major data centers in North America (NA), Europe (EU), and Asia-Pacific (APAC). The primary Vault must reside in NA. To minimize latency for interactive sessions, PSM servers must be deployed locally in each region. However, all session recordings must be stored centrally in the NA Vault for compliance and security review. **Current Situation:** - A hardened Primary Vault is deployed in the NA data center. - A DR Vault is deployed in a separate NA location. - PVWA and CPM components are deployed in NA. **Requirements:** 1. Deploy PSM servers in NA, EU, and APAC regions. 2. Users in each region must connect through their local PSM for optimal performance. 3. ALL session recordings from ALL regions must be securely transferred and stored in the Primary Vault in NA. 4. The solution must be resilient to network interruptions between regions. Which architectural design best meets these requirements? ```mermaid graph TD subgraph NA_Datacenter [North America] Vault[Primary Vault] PVWA[PVWA] PSM_NA[PSM Server NA] end subgraph EU_Datacenter [Europe] PSM_EU[PSM Server EU] end subgraph APAC_Datacenter [Asia-Pacific] PSM_APAC[PSM Server APAC] end Users_NA((Users NA)) --> PSM_NA Users_EU((Users EU)) --> PSM_EU Users_APAC((Users APAC)) --> PSM_APAC PSM_NA --> Vault PSM_EU -->|Recordings| Vault PSM_APAC -->|Recordings| Vault ```
An administrator needs to configure a new platform for managing Cisco router passwords. The platform must verify the new password immediately after a change and revert to the old password if the verification fails. In the platform settings, under 'Automatic Password Management', which parameter should be set to 'Yes' to enable this functionality?
A new DevOps initiative requires that Jenkins jobs can retrieve database credentials from the Vault without storing any secrets on the Jenkins server itself. The security policy prohibits installing a full Credential Provider on the Jenkins server. Which CyberArk solution should be implemented to meet these requirements securely?
An organization has implemented Just-in-Time (JIT) access using ephemeral accounts for their cloud administrators. A user reports that they can successfully request and connect to a server, but their session disconnects exactly after the time specified in the JIT access policy. What is the expected state of the ephemeral account on the target server after the session disconnects?
A security administrator is hardening a new Vault server according to CyberArk best practices. The administrator runs the `CAVaultHarden.ps1` PowerShell script. Which of the following actions is performed by this script? (Select TWO)
You are tasked with creating a custom connection component for a legacy client-server application using AutoIt. The component must launch the client, wait for a login window with the title "SecureApp Login" to appear, enter the username and password into specific controls, and then click a button labeled "Connect". Which AutoIt function should be used to pause the script until the login window is active?