CyberArk’s official outbound traffic/network requirements explicitly list the two Privilege Cloud cloud-side endpoints that are required for Secure Tunnel communications (for REST/API calls over HTTPS/443):
Backend service management (Required for Secure Tunnel): https://console.privilegecloud.cyberark.com
Connector (Required for Secure Tunnel): https://connector- .privilegecloud.cyberark.com
These map directly to answer choices A (console) and B (connector-).
Note: Your options use the .cyberark.cloud domain, while CyberArk’s network requirements documentation shows these endpoints in the .cyberark.com domain for Privilege Cloud. The service roles (Console + Connector endpoint) are what Secure Tunnel must reach, and those are the two “Required for Secure Tunnel” services in the official requirements.
Why the other options are not selected (based on what’s “required for Secure Tunnel” in the official allowlist guidance):
C (backend-services…): Not listed in CyberArk’s published “Required for Secure Tunnel” FQDN allowlist entries (console + connector are).
D (telemetry…): Telemetry is a separate capability (dashboards / utilization tracking) and is not documented as the required Secure Tunnel service endpoint.
E (update…): Secure Tunnel upgrade/download processes are documented, but “update.*” is not listed as a required Secure Tunnel cloud endpoint in the outbound allowlist table.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit