Exam CS0-002 topic 1 question 254 discussion

I had this on the exam yesterday and "policy based" is not even an option, that has been replaced with "rule based" and everything else is the same. Went with Credential Vaulting and passed!

Credential vaulting is a technique used in privileged access management (PAM) to securely store and manage sensitive credentials, such as passwords and encryption keys. This helps in controlling and monitoring access to privileged accounts, especially emergency and privileged service accounts. By using credential vaulting, organizations can enforce strict access controls, audit and monitor usage, and enhance the overall security of privileged accounts.

Credential vaulting is a feature often found in PAM solutions. It securely stores privileged credentials and can automatically rotate them. It can also provide just-in-time access to privileged accounts, often incorporating multi-factor authentication and providing detailed audit logs. Given that the organization wants to better manage the use of emergency and privileged service accounts, D. Credential Vaulting would be the BEST option to satisfy the organization's goal. This approach offers specialized features for managing privileged accounts, including secure storage, access control, auditing, and often more.

Credential vaulting is a solution that would best satisfy the organization’s goal of implementing a privileged access management solution. Credential vaulting is a technique that securely stores and manages the credentials of privileged accounts, such as emergency and service accounts. Credential vaulting can help prevent unauthorized or accidental use of privileged accounts by enforcing strict access policies, such as requiring approval, authentication, or auditing for each access request. Credential vaulting can also help rotate or expire the passwords of privileged accounts to reduce the risk of compromise3.

What is Password Vaulting? Within the context of enterprise IT and critical infrastructure, password vaulting refers to taking highly-privileged, administrative accounts and passwords out of the direct control of IT staff, and storing them securely in a software vault. The vault then controls who is allowed access, when, and for how long. This reduces the risk of such passwords being abused by internal or external threat actors. The passwords are protected in the vault with access controlled via a role-based access control mechanism. The vault may include additional security features, such as scheduled password rotation and a workflow-based access request and approval mechanism to support a just-in-time access control model.

What is CyberArk Enterprise Password Vault? CyberArk Enterprise Password Vault, a vital component of the CyberArk Privileged Access Manager Solution (PAM), is designed to create, secure, rotate, and control access to privileged accounts and credentials used to access systems throughout an enterprise IT ecosystem.

This looks like Privileged access management to me so i'd say C

Correct answer is C

PAM - as clearly defined.

D is correct. https://www.securelink.com/blog/benefits-of-credential-vaulting/

Has to be C.

I choose C due to PAM.

C - This should be done through a PAM (privileged access solution) solution.

C - By definition it should be policy based access controls