IdentityIQ-Engineer SailPoint Certified IdentityIQ Engineer Questions and Answers
Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type ' Account Policy ' ?
Proposed Solution:
Schedule Policy Composition Certification
Can this action be performed as part of configuring an application definition in IdentitylQ?
Solution: Specify which users should be provisioned with a basic account as part of a joiner event.
Is this what should be performed in order to generate the database script to extend Managed Attribute attributes in the IdentityIQ database on the initial installation?
Proposed Solution:
Run the extendedSchema script on the IdentityIQ database.
Is this a valid scenario that can be achieved in IdentitylQ by configuring the Quicklink populations?
Solution: Allow a user to create a new identity cube in IdentitylQ.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Filter String
An IdentitylQ engineer needs to extend attributes in an IdentitylQ database after the database has been created.
What are the four minimum steps necessary to achieve this goal?
Drag four options from the left into the answer area on the right, and place them in the correct order.
A bank is two years into an ongoing project to provide all access through roles. The bank is actively using roles and actively adding to their role model. They need to ensure that all roles include the correct entitlements.
Will this certification type achieve the goal?
Solution: Role Composition Certification
A customer wants to make changes in their IdentitylQ user interface. Consider branding and other IdentitylQ Ul changes. Is this statement valid?
Solution: The sets of columns displayed in most tables in the IdentitylQ user interface are controlled by entries in the ColumnConfig elements of the UlConfig object.
IdentityIQ is using emails to notify users about completion of steps within a process, or actions that need to be addressed. To ensure this notification is working, a main configuration must be set up in IdentityIQ to provide mail server and mail server authentication details.
Is this a required setting that an engineer must set up in IdentityIQ in order to ensure successful communication with the SMTP server?
Proposed Solution:
SMTP Port
IdentityIQ is using emails to notify users about completion of steps within a process, or actions that need to be addressed. To ensure this notification is working, a main configuration must be set up in IdentityIQ to provide mail server and mail server authentication details.
Is this a required setting that an engineer must set up in IdentityIQ in order to ensure successful communication with the SMTP server?
Proposed Solution:
Mail Server Certificate
Is this statement correct about writing and executing source mapping rules to populate identity attributes?
Solution: The rule type must be IdentityAttribute.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Specify the email template for notifications.
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Configure a Postlterate rule
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Set the quicklink options to Tor Others " in order to launch the workflow immediately when the quicklink is clicked.
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account and remove all its entitlements on a particular application during Mover events.
Is the following statement about workflows and sub-workflows (subprocesses) true?
Proposed Solution:
Many standard LCM sub-workflows can be leveraged in custom workflows, with their behavior controlled via input variables.
Select the best policy type for defining each access policy. Use the drop-down menus to select your answers.
Is the following a true statement about IdentitylQ authentication and authorization?
Solution: A user ' s access to the Identity Warehouse is controlled by the QuickLink Populations that they are a member of.
Is this a purpose of an IdentitylQ certification?
Solution: to attest lo a user ' s system access
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account on a particular application for one set of users and delete the account for another set of users during administrative Terminations.
is the following a valid role option that can be configured?
Solution: Configure a role to include a set of IdentitylQ capabilities.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Disable all notifications.
A bank is two years into an ongoing project to provide all access through roles. The bank is actively using roles and actively adding to their role model. They need to ensure that all roles include the correct entitlements.
Will this certification type achieve the goal?
Solution: Application Owner Certification
Is this configuration option required when an engineer sets up a SCIM 2.0 application?
Solution: Name
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Owner
Is the following statement about IdentitylQ rule inputs and outputs correct?
Solution: The lypical input variables for a rule are listed in the BeanShell rule editor in IdentitylQ, based on the rule registry.
Is this a benefit of using the Run Rule feature of the Debug-Object page?
Proposed Solution:
It can be used to display the return value of simple code.
The engineer uses the sailpoint.api.IdentityService in a BeanShell method to look up and return all account names for an identity on the application ' MagicBox ' . Is this a correct implementation?
Proposed Solution:
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.tools.GeneralException;
public List getAccountNames(SailPointContext context, Identity identity) throws GeneralException {
IdentityService service = new IdentityService(context);
List < String > accountNames = new ArrayList < String > ();
Link link = service.getLink(identity, " MagicBox " );
while (link != null) {
accountNames.add(link.getNativeIdentity());
}
return accountNames;
}
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Reassign all object ownership to the user ' s manager during Leaver and Termination events.
Is the following statement about workflow step types and their usage true?
Proposed Solution:
A step with the attribute wait= " 1 " will cause the workflow to wait for at least one minute. The workflow will be revived on the next run of the Perform Maintenance Task, after the wait period is over.
Is this an example of a joiner lifecycle event?
Proposed Solution:
An employee previously left the company. Their access was disabled but has been reinstated; the employee needs all of their previous accounts enabled.
IdentitylQ is using emails to notify users about completion of steps within a process, or actions that need to be addressed.
To ensure this notification is working, a main configuration must be set up in IdentitylQ to provide mail server and mail server authentication details.
Is this a required setting that an engineer must set up in IdentitylQ in order to ensure successful communication with the SMTP server?
Solution: Email Protocol
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: Manually retry the provisioning attempt for pending transactions.
An implementation engineer needs to perform an upgrade of IdentitylQ between releases. Is the following statement true?
Solution: Every version release (excluding patch releases) between the current version of IdentitylQ and the target version of IdentitylQ must be installed in sequential order for an upgrade.
IdentitylQ has been installed and set up with the contents of IdentityExtended.hbm.xml as follows:
Is this a correct statement about the installation?
Solution: There is a limitation in this installation: When defining the identity mappings using Global Settings > Identity Attributes, only 12 additional searchable attributes can be defined. Additional identity attributes and mappings can be defined, but they cannot be searchable.
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account and remove all its entitlements on a particular application during Leaver events.
Is this a piece of information that an engineer needs when initially setting up a new IdentityIQ sandbox environment?
Proposed Solution:
the IdentityIQ version
For a user who already has an account on an application and wants to be able to request access to a new account through Manage User Access, does this configuration need to be performed in Lifecycle Manager (LCM)?
Proposed Solution:
Select “Allow requesting new accounts” in the Manage Accounts QuickLink configuration for the user’s QuickLink population.
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of attribute change on the managerStatus attribute with the previous value of true and the new value of false, and add an included identities rule for when the user ' s division attribute had a previous value of IT and a new value of Senior IT.
Is this a purpose of an IdentitylQ certification?
Solution: to review a snapshot of a user ' s system access
Is the following statement true about out-of-the-box reporting?
Proposed Solution:
All out-of-the-box reports in IdentityIQ are stored as TaskDefinition objects.
Can the following IdentitylQ object be extended to store client-specific data by updating the corresponding .HBM file?
Solution: Link
Is this statement true about IdentityIQ ' s syslog event searching capabilities?
Proposed Solution:
When searching the syslog events from the Advanced Analytics page, it is not possible to search syslog events by attributes other than an Incident Code.
Can the rule library named “Common Rules Library” be included in a Rule by adding this code?
Proposed Solution:
< ReferencedRules >
< Reference class= " sailpoint.object.RuleLibrary " name= " Common Rules Library " / >
< /ReferencedRules >
Is the following statement true?
Solution: All Application objects must have an Identity object as the owner.
Is the following a valid role option that can be configured?
Proposed Solution:
Configure a role that can be requested only if the user already has a related role.
Is the following statement about IdentityIQ rule inputs and outputs correct?
Proposed Solution:
The default description of a Rule, which originates from the Rule Registry, usually provides information about the Rule ' s purpose and its expected output.
An engineer is assigned to configure an account attribute. The requirements are:
Purpose: Flag privileged accounts
Read from: Financial application, privileged attribute
Calculate from: Keystore application, responsibility-code attribute
Usage 1: Display as option in Advanced Analytics
Usage 2: Use when writing rules
Usage 3: Include in policies
Does the engineer need to set this configuration option on the account attribute to meet the requirements?
Solution: Edit Mode: Read Only
Can a Workgroup be used for the following scenario?
Solution: Providing a group of users with specific capabilities.
The engineer uses the sailpoint.api.IdentityService in a BeanShell method to look up and return all account names for an identity on the application ' MagicBox ' . Is this a correct implementation?
Proposed Solution:
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.tools.GeneralException;
public List getAccountNames(SailPointContext context, Identity identity) throws GeneralException {
Application application = context.getObjectByName(Application.class, " MagicBox " );
IdentityService service = new IdentityService(context);
List < String > accountNames = new ArrayList < String > ();
List < Link > links = service.getLinks(identity, application);
if (links != null) {
for (Link link : links) {
accountNames.add(link.getNativeIdentity());
}
}
return accountNames;
}
Is the following statement true?
Solution: Every Link object must be associated to an Identity object
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Insert the " Managers " quicklink population as the dynamic scope in the quicklink object.
Is this statement valid regarding the control and usability of the Debug pages in IdentityIQ?
Proposed Solution:
Changing an object ' s name and saving the object is the correct way to create a new copy of the object.
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create a Data Export task.
Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?
Solution: An Application object is not required to aggregate external user account information into IdentitylQ.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Identity Attribute

