Scribd
Upload
1K views5 pages

BCIE Assessment Criteria - Password Safe

This document assesses a candidate's skills with the BeyondTrust BCIE - Password Safe system. It lists tasks related to deploying, configuring, and using the system and whether the candidate has mastered, completed with help, or needs training on each task. The assessor will check one box per task and provide a final summary on whether the candidate meets standards or needs retraining. The document captures the assessment date and names of the candidate and assessor.

Uploaded by

aristidezz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views5 pages

BCIE Assessment Criteria - Password Safe

This document assesses a candidate's skills with the BeyondTrust BCIE - Password Safe system. It lists tasks related to deploying, configuring, and using the system and whether the candidate has mastered, completed with help, or needs training on each task. The assessor will check one box per task and provide a final summary on whether the candidate meets standards or needs retraining. The document captures the assessment date and names of the candidate and assessor.

Uploaded by

aristidezz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

BeyondTrust BCIE – Password Safe

Candidate Assessment Document

Candidate Name:

Assessment Date:

Assessor’s Name:

Check in one box


Task Completed Needs
Mastered Not Tested
with help Training
UVM Appliance Deployment
Demonstrate:
 Complete initial configuration wizard
 Configure roles for standalone Password
Safe use ☐ ☐ ☐ ☐
 Software update configuration
 Set security options
 External database and permissions
matrix familiarity
Configure Active/Passive HA
Demonstrate:
 Configure A-P Pair
 Show state
 Failover or reverse roles
☐ ☐ ☐ ☐
Answer:
 What requirements of an A-P pair?
 How is Active state determined?
 What triggers failover?
 What are the recovery state options?
Software Deployment (w/ hardening)
 Install BI
☐ ☐ ☐ ☐
 Install Retina
 Configure Retina Central Policy
Integration w/ AD or LDAP
 Configure a domain with Functional
Account
 Manage AD or LDAP accounts
 Link accounts to domain assets
☐ ☐ ☐ ☐
Onboarding of Assets
(3rd Party Imports, Discovery Scans & Manually)?
 Able to use XML import to onboard a
system?
 Able to use Detailed discover scan for a ☐ ☐ ☐ ☐
windows or Unix system?
 Able to manually onboard a Database
system?
Onboarding of Accounts
 Knows where the password policies are
and able to create 2 or more different
password policies ☐ ☐ ☐ ☐
 Able to manage the target assets and
successfully put the accounts under
management
Configure Automated Password Management
 Show where to enable password
☐ ☐ ☐ ☐
rotation
 Show where to enable DSS Key rotation
Smart Rules (Asset based / Account based)
 Able to show understanding of the
difference between Asset and Account
smart rule
 Create and use an account based smart
rule to automatically onboard the local ☐ ☐ ☐ ☐
administrator account
 Create a smart rule to onboard assets
 Create a smart rule to onboard AD
accounts
 Create Smart Rules to map dedicated
admin accounts
Creating Local User Groups & Active Directory
(Configure RBAC)
 Map groups from Active Directory to B.I.
 Assign console and access permissions
 Configure the roles of requester and
approver in the correct smart group
☐ ☐ ☐ ☐
 Create a local account in B.I.
 Add the created account into an
Auditor’s group
 Test login of both Active Directory and
local accounts for requester
Access policy
 Navigate to access policies
 Create 2 or 3 policies for the following:
• 24 by 7 – Auto approve
• Split policy – Auto approve for ☐ ☐ ☐ ☐
RDP/SSH and one approval on
password
• After hours policy – approvals
Needed
Request RDP/SSH Sessions
 Request RDP session
 Request SSH session
 Demonstrate approval process
☐ ☐ ☐ ☐
 List methods:
o Password Safe web portal
o Direct connect (RDP+SSH)

Session Recordings
(Recording & Replay)
 Grant the Auditor role (under assets)
o Or
 Grant the Recorded Session Reviewer
(under Accounts)
☐ ☐ ☐ ☐
 Log into B.I. using that auditor account
 Find and replay recordings
 Use key word search to search for a
particular command that was previously
recordings (If any)
Analytics & Reporting
(Subscriptions Configuration)
 Navigate to analytics and reporting
 Select a report and set filters, i.e.
password age
 Configure subscriptions to
☐ ☐ ☐ ☐
o Generate the report
o Know how to point to a share
drive
o Know how to set schedule

Integrations

Configure one of the following:


• MFA
☐ ☐ ☐ ☐
• SSO
• 3rd Party app ticketing
• SIEM integration
Assessor’s Final summary and Assessment of candidate:
☐ Meets Standard ☐ Does Not Meet Standard ☐ Retry
Additional Comments (For BTU/PS Dept):

Comments for Candidate:

You might also like