In privilege users who ever the part of the application or data or any infrastructures for those privilege access has to have these scan called DNS scans. We use CyberArk to scan the performances of all the applications in infrastructure which actually identifies the actual privilege accounts and then privilege accounts basically time bounded some of the privilege accounts are time bounded to the extent of time. however it do not have continues reviews that has to be happened on privilege accounts. definitely we see that uninterrupted privilege accounts. so basically what we do verify the reviews of those privilege accounts priority basis which is part of the policy and remove those accounts accordingly but however if there is any conflict in duties. Basically if an employee has an private account as well as conflicting duty according the access has to be removed. the role of the person is being changed one position to another position we also have to ensure of access towards the person should also be verified and removed if needed and has it also return on the privilege accounts access given on least privilege bases we have to remove the access. if the person is moving for one project to another project or one position to another positing depending upon the roles and responsibilities has to be done. monitoring can only be done manually, and for periodic reviews also can use CyberArk to run the DNS scans which will identify the activity of the privilege accounts for sake, CyberArk capabilities are it does the key stone monitoring of the privilege users and it also does the privilege treat analysis of the privilege accounts so that you know it provides proper solution to manage the privilege accounts in the organization.