What is the function of the CPM regarding password changes?

The function of the CyberArk Central Password Manager (CPM) primarily involves performing password changes and SSH key rotations based on established security policies. This capability is crucial for maintaining the security of privileged accounts, as it automates the process of updating passwords and SSH keys in accordance with specified intervals or triggers. By enforcing these changes, the CPM helps to mitigate risks associated with static passwords, ensuring that they are regularly rotated to prevent unauthorized access.

In this role, the CPM streamlines operations by integrating seamlessly with various systems and applications to update credentials automatically. It ensures that access controls are consistently enforced, reducing the burden on administrators while improving the overall security of privileged access.

While other functions like storing user passwords securely or generating random passwords are important aspects of a comprehensive privileged access management solution, they are not the primary functions of the CPM. The focus of this tool is on the automated management and rotation of passwords and keys, making option B the correct choice.