Which credentials does CyberArk utilize to manage a Target account?

CyberArk utilizes the credentials of the Target account to manage that account effectively. This choice reflects the core functionality of CyberArk, which is designed to secure, manage, and rotate credentials for various target accounts within an organization's environment.

Using the Target account's credentials allows CyberArk to perform actions such as accessing applications, services, and systems that the particular account has permissions for. This method ensures that the access is compliant with the principle of least privilege, where CyberArk may use dedicated accounts with specific permissions rather than relying on more powerful credentials, thus minimizing the risk associated with credential management.

In contrast, the other options refer to different types of credentials that generally do not align with CyberArk's operational model for managing target accounts. For instance, relying on IT administrator credentials could pose more risks since it provides broader access than necessary. Universal admin credentials and default system credentials are typically not used because they may lead to security vulnerabilities due to their wide-reaching or commonly known nature, making them less suitable for securely managing individual target accounts.