Which statement about the Master Policy best describes the differences between one-time password and exclusive access functionality?
A.
Exclusive access means that only a specific group of users may use the account. After an account on a one-time password platform is used, the account is deleted from the safe automatically.
B.
Exclusive access locks the account indefinitely. One-time password can be used replace invalid account passwords.
C.
Exclusive access is enabled by default in the Master Policy. One-time password should only be enabled for emergencies.
D.
Exclusive access allows only one person to check-out an account at a time. One-time password schedules an account for a password change after the MinValidityPeriod period expires.
The Master Policy in CyberArk defines the behavior of one-time passwords and exclusive accessExclusive access ensures that only one user can check out an account at any given time, effectively locking the account during its use to prevent simultaneous access1. On the other hand, one-time password functionality is designed to change the account’s password after it is used, based on a timer set by the MinValidityPeriod parameter in the policy file. This means that once the password is checked out and the timer expires, the Central Policy Manager (CPM) will change the password2. These settings are often used together to maintain accountability and security for the usage of shared privileged accounts. References:
CyberArk Docs: One-time passwords and exclusive accounts1
CyberArk Knowledge Article: CPM: What is the difference between “One Time” and “Exclusive” passwords?2
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit