For a user who already has an account on an application and wants to be able to request access to a new account through Manage User Access, does this configuration need to be performed in Lifecycle Manager (LCM)?
Proposed Solution:
Select “Allow requesting new accounts” in the Manage Accounts QuickLink configuration for the user’s QuickLink population.
Is the following statement about workflow step types and their usage true?
Proposed Solution:
A step named " end " is required to allow the workflow to end correctly.
Is this a valid statement about connector rules?
Solution: A Post-Iterate Rule, if configured, is run after reading accounts from a SQL Loader application.
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account on a particular application for one set of users and delete the account for another set of users during administrative Terminations.
Can the following action be performed using Rapid Setup application onboarding?
Solution: Specify account correlation by mapping an identity attribute to an account attribute.
Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?
Solution: An Application object is not required to aggregate external user account information into IdentitylQ.
Can this action be performed as part of configuring an application definition in IdentitylQ?
Solution: Specify which users should be provisioned with a basic account as part of a joiner event.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Filter String
Is the following statement about workflows and sub-workflows (subprocesses) true?
Proposed Solution:
Many standard LCM sub-workflows can be leveraged in custom workflows, with their behavior controlled via input variables.
Is the following statement true about out-of-the-box reporting?
Solution: In the Reporting user interface, instances of reports are located on the ' My Reports ' tab, and templates are located on the ' Reports ' tab.
Can the rule library named Common Rules Library " be included in a Rule by adding this code?
Solution:
The engineer is working on a workflow implementation.
After a form step, the workflow can transition to three steps:
Stop if the Reject (back) button is used,
Audit if the Approve (next) button is used and the field named comment is returned from the form to the workflow variable comment and has a value,
Provision otherwise.
The engineer writes the transitions in XML code.
Is this a valid implementation?
Proposed Solution:
< Transition to= " Stop " when= " !ref:approved " / >
< Transition to= " Audit " when= " script:sailpoint.tools.Util.isNotNullOrEmpty(comment); " / >
< Transition to= " Provision " / >
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Run a build with the updated schema placed inside it.
The engineer uses the sailpoint.api.IdentityService in a BeanShell method to look up and return all account names for an identity on the application ' MagicBox ' . Is this a correct implementation?
Proposed Solution:
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.tools.GeneralException;
public List getAccountNames(SailPointContext context, Identity identity) throws GeneralException {
IdentityService service = new IdentityService(context);
List < String > accountNames = new ArrayList < String > ();
Link link = service.getLink(identity, " MagicBox " );
while (link != null) {
accountNames.add(link.getNativeIdentity());
}
return accountNames;
}
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Write an AfterProvisioning rule.
Select the best policy type for defining each access policy. Use the drop-down menus to select your answers.
Can the search type in Syslog be used to accomplish this result?
Solution: Identifying details of a system error presented in the Ul
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Configure a Postlterate rule
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: Manually retry the provisioning attempt for pending transactions.
Is this a piece of information that an engineer needs when initially setting up a new IdentityIQ sandbox environment?
Proposed Solution:
the IdentityIQ version
Can the rule library named Common Rules Library " be included in a Rule by adding this code?
Solution:
An implementation engineer needs to perform an upgrade of IdentityIQ between releases.
Is the following statement true?
Proposed Solution:
All custom branding changes will automatically be updated through the upgrade process.
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create and load a Custom Audit Report TaskDefinition XML and corresponding Custom Audit Report Form XML.
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account and remove all its entitlements on a particular application during Mover events.
Is this statement true about the IdentityIQ Audit functionality and/or options?
Proposed Solution:
The majority of IdentityIQ’s auditing is managed through the Audit Configuration page in the UI.
Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type ' Account Policy ' ?
Proposed Solution:
Export CSV / Import CSV
Is the following statement about IdentitylQ rule inputs and outputs correct?
Solution: A BeanShell rule in IdentitylQ must always return an object derived from the abstract class sailpoint.object.saiipointobject.
Which four steps are necessary for turning on Certifications logging at the severity log level of trace? Drag four options from the left into the answer area on the right, and place them in the correct order.
Is this a true statement about localization support in IdentitylQ?
Solution: The language displayed in the user interface is always based on the default language selected in the global settings.
Is this statement valid regarding the control and usability of the Debug pages in IdentitylQ?
Solution: Workflows can be run directly from the Debug-Object page.
Is the following statement true?
Solution: All ManagedAttribute objects associated to an Identity can be viewed on the ' Attributes ' tab from ' View Identity ' QuickLink.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Disable all notifications.
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: Map the associated WorkflowCase to a particular Provisioning Transaction.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Identity Attribute
A customer wants to make changes in their IdentityIQ user interface.
Consider branding and other IdentityIQ UI changes. Is this statement valid?
Proposed Solution:
If SailPoint is removed from the header bar, “Powered by SailPoint IdentityIQ” must be added to the copyright footer.
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Enter the name of the workflow to launch in the quicklink object.
Is this an example of a mover lifecycle event?
Solution: An employee quits their job and needs all of their accounts disabled.
An engineer is developing an instance of IdentitylQ using the Services Standard Build (SSB) for a client. Is this a valid action the engineer can perform when setting up or using the SSB?
Solution: Place the client ' s identityiq. War file in the home directory of the build.
Is the following a true statement about IdentityIQ authentication and authorization?
Proposed Solution:
Scopes can control the features that are used in IdentityIQ.
Is this a default functionality of the Lifecycle Manager (LCM) module?
Solution: Define Application
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Reassign all object ownership to the user ' s manager during Leaver and Termination events.
Can the Environment tab under ‘Administrator Console’ be used to do the following task?
Proposed Solution:
View status of installed SailPoint modules/extensions.
Is the following a true statement about IdentitylQ authentication and authorization?
Solution: What users can see and do in IdentitylQ can be party controlled by their authorized scope.
An engineer is assigned to configure an identity attribute. The requirements are:
Purpose: Add a user ' s security clearance to their identity
Read from: Workday; if not found in Workday, Contractor file; otherwise, leave empty
Usage 1: Display as option in Advanced Analytics
Usage 2: Use when writing rules
Usage 3: Can be updated through the Edit Identity Quicklink, but Workday is authoritative
Usage 4: List as entitlement on Identity Cubes
Does the engineer need to set this configuration option on the identity attribute to meet the requirements?
Proposed Solution:
Entitlement
An engineer is assigned to configure an account attribute. The requirements are:
Purpose: Flag privileged accounts
Read from: Financial application, privileged attribute
Calculate from: Keystore application, responsibility-code attribute
Usage 1: Display as option in Advanced Analytics
Usage 2: Use when writing rules
Usage 3: Include in policies
Does the engineer need to set this configuration option on the account attribute to meet the requirements?
Solution: Edit Mode: Read Only
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of rule that checks if the previous value is IT and the new value is Senior IT, and return true if the managerStatus on the user ' s Identity Cube is true.
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Set up a new AuditAction in the AuditConfig object XML:
< ObjectAttribute displayName= " User Type " editMode= " Permanent " extendedNumber= " 2 " name= " userType " type= " string " / >
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of attribute change on the managerStatus attribute with the previous value of true and the new value of false, and add an included identities rule for when the user ' s division attribute had a previous value of IT and a new value of Senior IT.
Is the following statement true about out-of-the-box reporting?
Proposed Solution:
All out-of-the-box reports in IdentityIQ are stored as TaskDefinition objects.
Is this where email templates can be viewed after product installation?
Proposed Solution:
In the Debug page as an EmailTemplate object.
Can the following action be performed using Rapid Setup application onboarding?
Proposed Solution:
Specify the account attribute and value filter that identifies a service account.
Is the following statement about workflow step types and their usage true?
Proposed Solution:
A step with the attribute wait= " 1 " will cause the workflow to wait for at least one minute. The workflow will be revived on the next run of the Perform Maintenance Task, after the wait period is over.
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Place a quicklink object on the workflow that is to be launched
Is this an example of a mover lifecycle event?
Solution: A contractor whose contract expired and accounts were disabled has a new contract with the company; the contractor needs all of their previous accounts enabled.