Free Practice Questions for Saviynt SCAIP Exam

In Saviynt EIC, automation of campaigns based on identity changes is typically achieved usingUser Update Rules. These rules monitor changes in user attributes (such as department, role, manager, or status) and can trigger predefined actions when conditions are met.

Option A is correct because aUser Update Rule can be configured to trigger a campaignwhen specific attribute changes are detected. This allows organizations to automatically initiate certification campaigns when critical identity attributes change, ensuring continuous compliance and governance without manual intervention.

Option B is incorrect because connection attributes are primarily used for provisioning and integration logic, not for triggering campaigns. Option C is partially valid in a general sense, but scheduled campaigns do not dynamically react to attribute changes—they run on predefined schedules regardless of changes. Option D is incorrect because Saviynt supports automation through rules.

Thus,User Update Rules provide an event-driven mechanismto launch campaigns based on real-time user attribute changes, making Option A the correct answer.

In Saviynt EIC,Dynamic Attributesare often used in request forms to capture additional information, and some of these attributes may be configured ashidden fieldsfor backend processing. By default, hidden dynamic attributes are not exposed in workflows, which can prevent administrators from accessing their values during request processing.

To resolve this issue, Saviynt provides a specific configuration inGlobal Configurationscalled“Expose hidden dynamic attributes in workflow”. Enabling this setting (Option A) ensures that even if the dynamic attributes are hidden in the UI, their values are still accessible within workflows for processing, approvals, and provisioning logic.

Option B is incorrect because this setting is not configured at the endpoint level. Option C relates to saving default values but does not ensure visibility in workflows. Option D is unrelated to hidden attribute exposure.

Thus, enabling theGlobal Config setting to expose hidden dynamic attributesis the correct solution to ensure their values are available within workflow execution.

The error message"Connection Name Specified in accountJSON is not found"clearly indicates that the issue is related to theaccountJSON configuration, which directly corresponds toImportAccountJSONin Saviynt REST connector terminology. This JSON is responsible for handling account import (reconciliation) operations, including defining the connection name, API endpoints, and parsing logic for retrieving account data.

TheWSRETRY jobis typically used to retry failed web service (REST) operations, especially related to account imports or provisioning failures. Since the error explicitly referencesaccountJSON, it means the system is unable to locate the connection name defined within theImportAccountJSONconfiguration. This usually happens when the connection name is either misspelled, mismatched with the ConnectionJSON configuration, or incorrectly referenced.

Other options are incorrect becauseCreateAccountJSONis used for provisioning (account creation),ImportUserJSONis for identity import, andImportAccountEntJSONis primarily used for entitlement and combined account-entitlement imports.

Therefore, correcting the connection name inImportAccountJSONresolves this issue.

In Saviynt EIC integration with ServiceNow as a ticketing system (ITSM), various JSON configurations are used to define how tickets are created, updated, and tracked. To enable users tocheck the status of tickets from EIC, the correct configuration isTICKETSTATUSJSON.

TICKETSTATUSJSONis specifically used to define how Saviynt retrieves the current status of a ticket from ServiceNow. It maps the API response fields from ServiceNow (such as state, status, or resolution) to Saviynt fields, allowing the system to display real-time ticket status within the EIC interface.

Option A (SYNCTICKETSTATUSJSON) is typically used for synchronization jobs that update ticket statuses in bulk, not for direct user-level status retrieval. Option B (CREATETICKETJSON) is used only for ticket creation, defining how requests are sent to ServiceNow. Option D is incorrect because Saviynt does support ticket status tracking through proper integration configuration.

Thus,TICKETSTATUSJSONis the correct option to enable visibility of ticket status within Saviynt EIC.

In Saviynt EIC, workflows are a core component used to control approval processes for access requests, provisioning, and other identity lifecycle events. These workflows can be configured at multiple levels depending on the scope and granularity required.

Security System (A)supports workflow configuration to define approval processes at the application level. This allows organizations to enforce consistent approval logic for all endpoints associated with that system.

Endpoint (B)also supports workflow configuration, enabling more granular control where different endpoints within the same security system may require distinct approval processes. This is particularly useful in complex environments with varied access control requirements.

Entitlement Type (D)supports workflows to manage approvals specific to entitlement categories (such as roles, groups, or permissions), ensuring appropriate governance at a finer level.

Global Configuration (C), while important for system-wide settings, is not typically used to directly assign active workflows to access requests. Instead, workflows are selected and applied within modules like Security System, Endpoint, and Entitlement Type.

Thus, the correct modules supporting active workflow configuration areSecurity System, Endpoint, and Entitlement Type.

In Saviynt–ServiceNow integration, user visibility in request forms depends on properidentity correlation between ServiceNow users and Saviynt identities. The most common reason a valid ServiceNow (SNOW) user does not appear in the request form is that theSNOW user record is not linked or mapped to an imported Saviynt user(Option B).

Saviynt relies on its internal identity repository to populate requestable users. Even if a user exists in ServiceNow, they must also exist in Saviynt and be properly correlated (typically via attributes like username, email, or employee ID). Without this linkage, Saviynt cannot recognize the user during request submission, and therefore the user will not appear in the search results.

Option A is incorrect because even if the user already has access, they would still appear in search results (though requests may be restricted). Option C is unrelated to user visibility. Option D is incorrect because lack of an account does not prevent user selection—it only affects provisioning outcomes.

Thus, properuser correlation between SNOW and Saviyntis essential for request visibility.

In Saviynt EIC, theSOD (Segregation of Duties) Risk Evaluation Jobis used to identify conflicts in user access that violate defined SOD policies. To efficiently analyze and review these violations, Saviynt provides several filtering options.

Users (A)is a valid filter that allows administrators to view SOD violations specific to individual users or a group of users. This is helpful for targeted investigations or audits.

Security System (B)is also a valid filter, enabling administrators to narrow down violations based on specific applications or systems. This is useful when analyzing risks within a particular application landscape.

Ruleset (C)is another important filter, as SOD violations are evaluated based on predefined rule sets. Administrators can filter results based on specific rulesets to understand which policies are being violated.

Option D (User Account Evaluation) is not a standard filter in the SOD Risk Evaluation Job. It is more related to job execution scope rather than filtering results.

Thus, the correct answers areUsers, Security System, and Ruleset, which are the primary filters for analyzing SOD violations.

Setting up anEmergency Access Role (EAR)request in Saviynt EIC requires multiple coordinated configurations across different components of the system. Option A is correct because emergency access roles must be configured at therole level, where parameters such as emergency access flag, duration, justification requirement, and elevated privileges are defined.

Option C is also necessary becauseSAV Role Configurationscontrol which users (such as administrators or requesters) have the ability to request or manage emergency access roles. Without proper SAV role permissions, users cannot initiate or approve EAR requests.

Option D is equally important becauseworkflows defined under Global Configurationsgovern the approval process, escalation paths, and auditing requirements for emergency access. These workflows ensure that emergency access is properly controlled, reviewed, and revoked after use.

Since all these configurations collectively enable emergency access functionality in Saviynt, the correct answer isAll the above. This aligns with Saviynt best practices for implementing secure, auditable, and compliant emergency access management.