https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Security/PSM-hardening-configuration.htm?Highlight=disable%20support%20for%20browsers

CyberArk’s Privilege Cloud SAML configuration documentation explicitly states: Privilege Cloud supports only one assertion and instructs you to ensure only one assertion is configured in the IdP.

In Privilege Cloud, each Safe controls its own retention policy for account/password objects. CyberArk documentation states that when retention is set by Number of days, the default retention is 7 days.

CyberArk documents that the HTML5 gateway tunnels the session using a secure WebSocket over port 443, enabling users to access PSM sessions from a web browser (instead of requiring an RDP client connection from the endpoint).

In Privilege Cloud remote access for employees, CyberArk describes using Remote Access and HTML5 to enable secure remote access sessions through PSM “from any web browser,” eliminating the need for VPN clients.

Given the provided answer choices, A is the only option that matches the documented “tunneling” role of the HTML5 Gateway (even though the most precise phrasing in CyberArk docs is “tunnels the session between the end user and the PSM machine”).

Why the other options are incorrect:

B: Authentication is handled by Privilege Cloud/IdP mechanisms; the HTML5 gateway’s documented role is session tunneling, not being the primary authenticator.

C: CyberArk explicitly positions HTML5 remote access as eliminating the need for VPN clients (not providing VPN).

D: This is marketing language not reflected as the HTML5 gateway’s documented purpose.

When installing the Privileged Session Manager (PSM) on multiple servers, it is required that each PSM installation has the same path to the same recordings directory. This is necessary to ensure that session recordings are stored consistently across different PSM instances, which is important for high availability and load balancing implementations, as well as for maintaining a unified audit trail.

https://docs.cyberark.com/pam-self-hosted/latest/en/content/pasimp/administrating-the-psmp.htm#Createamaintenanceuser