Free Practice Questions for SailPoint IdentityIQ-Engineer Exam

In SailPoint IdentityIQ, when dealing with a policy violation of the type "Role Separation of Duties (SOD) Policy," there are specific actions that the policy violation owner can take. These options typically include:

Mitigate:Applying a mitigating control to the violation.

Remediate:Addressing the violation by removing or altering access.

Accept:Acknowledging the violation without making changes, which usually requires justification.

Forward:Assigning the violation to another individual or group for resolution.

The option "Schedule Policy Composition Certification" is not a valid action for addressing a Role SOD Policy violation directly. The concept of scheduling a certification is related to periodic review processes, not immediate policy violation handling. Certification campaigns are scheduled and executed to review roles, entitlements, or policies, but this is not an action taken in response to a specific policy violation.

Thus, "Schedule Policy Composition Certification" is not an appropriate or valid option in this context, and the correct answer isB. No.

The statement that a user's access to the Identity Warehouse is controlled by the QuickLink Populations they are a member of is incorrect. QuickLink Populations in IdentityIQ are used primarily for grouping identities for specific operations, such as access reviews, certifications, or specific application provisioning, rather than directly controlling access to the Identity Warehouse.

Access to the Identity Warehouse is governed by role-based access controls (RBAC), scopes, and the user's entitlements within IdentityIQ. These determine what data and functionality a user can access, including the information in the Identity Warehouse.

Thus, the correct answer isB. No.

The statement istrue. In SailPoint IdentityIQ, it is possible to configure a role to include a set of IdentityIQ capabilities. Capabilities in IdentityIQ are permissions that grant users access to specific functionalities within the platform, such as managing identities, viewing reports, or administering roles. By associating a role with specific capabilities, you can control what actions users assigned to that role can perform within the IdentityIQ environment.

References:

SailPoint IdentityIQ Administration Guide (Role Configuration and Capabilities Section)

SailPoint IdentityIQ Configuration Guide (Sections on Roles and Capabilities)

Yes, disabling all notifications can be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows. In SailPoint IdentityIQ, most workflows, including those in LCM, use control variables to manage various settings, such as whether notifications should be sent. By setting the appropriate control variable (e.g., disabling email notifications) within the workflow configuration, you can effectively suppress all notifications related to that workflow.

Therefore, the correct answer isA. Yes.

This solution correctly addresses the client's requirement. By setting the membership match list to "All" and configuring "Who can members request for?" as "share attributes with the requester," with the attribute set tolocation, the system ensures that users in the "Management" workgroup can only request roles and entitlements for other users who share the same location. This setup effectively filters based on the location attribute, aligning with the client's needs.

References:

SailPoint IdentityIQ Quicklink Population Configuration Guide

SailPoint IdentityIQ Attribute-Based Access Control Guide

Yes, the Provisioning tab under the "Administrator Console" can be used to manually retry provisioning attempts for pending transactions. This feature allows administrators to retry failedprovisioning operations or manually trigger provisioning actions that are in a pending state, providing greater control over the provisioning process.

References:

SailPoint IdentityIQ Administration Guide (Provisioning Management and Manual Retry)

SailPoint IdentityIQ Provisioning Guide

Yes, defining account correlation via a rule is an action that can be performed as part of configuring an application definition in SailPoint IdentityIQ. Account correlation rules are often used to determine how accounts from different sources are linked to identities within IdentityIQ. These rules allow for complex logic to be applied when matching accounts to identities, beyond simple attribute matching.

References:

SailPoint IdentityIQ Administration Guide (Section on Account Correlation)

SailPoint IdentityIQ Application Configuration Guide (Using Rules for Account Correlation)

Placing a QuickLink object directly on a workflow is not a valid step in the development of a custom QuickLink. QuickLinks are used to provide users with easy access to specific tasks or workflows through the IdentityIQ interface, but the QuickLink itself is not embedded within the workflow. Instead, the QuickLink is created as a separate object and associated with the desired workflow or task that it is meant to launch.

The correct approach would involve creating a QuickLink that points to the workflow and then controlling access to the QuickLink by restricting it to a specific QuickLink population (e.g., "Managers"). Therefore, the correct answer isB. No.

Yes, this is indeed one of the primary purposes of an IdentityIQ certification. Certifications are conducted to attest to a user's system access, ensuring that each user has appropriate and justified access rights to applications, data, and systems within the organization. This is central to IdentityIQ’s access governance and compliance processes.

References:

SailPoint IdentityIQ Certification Guide

SailPoint IdentityIQ Governance Overview

The Create Identity Provisioning Policy in SailPoint IdentityIQ is designed to apply specific provisioning rules and actions during the creation of identities, especially when aggregating data from authoritative sources. These policies ensure that newly created identities have valid and authorized attribute values based on organizational rules and compliance requirements.

During identity aggregation from an authoritative source, the provisioning policy can enforce rules such as role assignments, attribute validation, and other actions necessary to ensure that the identity is created correctly and securely.

Therefore, the correct answer isA. Yes.