In CyberArk Privilege Cloud / PSM deployments, PSM Health Check is implemented as a dedicated PSM Web Service on each PSM node (typically used by a load balancer to query application-level health). (docs.cyberark.com)
Because the Health Check relies on IIS, CyberArk includes PSM Health Check hardening activities as part of the setup. These hardening activities specifically focus on reducing IIS exposure by removing default/unused IIS components (for example, CyberArk documents that the setup deletes IIS application pools such as “Classic .NET AppPool”, “.NET v2.0”, “.NET v4.5”, etc.). This is a hardening action aimed at minimizing IIS attack surface / insecure defaults—i.e., removing IIS settings/configurations that could be considered security vulnerabilities. (docs.cyberark.com)
Why the other options are not the “purpose”:
B: While Health Check is used for load balancer health probing, “hardening” is not about validating readiness for a load balancer; it’s about tightening IIS-related configuration. (docs.cyberark.com)
C: Service-running checks are part of health determination, but the hardening step is described in docs in terms of IIS hardening activities (like deleting app pools), not just confirming services. (docs.cyberark.com)
D: AppLocker is part of PSM hardening overall, but it’s not the purpose of PSM Health Check hardening (which is IIS-focused). (docs.cyberark.com)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit