SailPoint Certified IdentityIQ Engineer Exam Questions

Answer : B

The statement is incorrect. When writing and executing source mapping rules to populate identity attributes, the rule itself does not need to persist the identity attribute to the database. In SailPoint IdentityIQ, once the value for an identity attribute has been calculated by a source mapping rule, IdentityIQ automatically handles the persistence of this attribute to the database as part of the aggregation or provisioning process. The developer does not need to explicitly persist the attribute; this is managed by the system.

SailPoint IdentityIQ Source Mapping Guide

SailPoint IdentityIQ Administration Guide (Aggregation and Attribute Mapping Sections)

Answer : A

Yes, Identity Provisioning Policies can indeed be used to include allowed-values definitions or validation logic on fields within SailPoint IdentityIQ. This ensures that only valid or authorized values can be specified for certain fields, such as when using the 'Create Identity' feature to add a new identity. This functionality helps enforce data integrity and compliance with organizational policies by restricting the inputs to predefined or validated options.

SailPoint IdentityIQ Administration Guide (Sections on Identity Provisioning Policies and Field Validation)

SailPoint IdentityIQ Configuration Guide (Policy Enforcement and Validation)

Answer : A

Yes, 'Business Role' is a default role type available in SailPoint IdentityIQ that a manager can request during the access request process. Business Roles typically represent a collection of entitlements or access rights that align with specific job functions or responsibilities within an organization. Managers can use this role type to extend or modify the access granted to an employee.

SailPoint IdentityIQ Role Management Guide

SailPoint IdentityIQ Administration Guide (Sections on Role Types and Access Request)

Answer : B

In SailPoint IdentityIQ, the concept of a 'role' is fundamental to the identity governance framework. The platform supports several default role types that are pre-configured to help organizations manage access effectively. The default role types include:

Business Role: Represents a collection of entitlements necessary for a specific job function within the organization.

IT Role: Aggregates technical entitlements that are typically assigned together, often linked to specific applications or systems.

Application Role: Tied to a specific application, representing roles within that application's context.

Composite Role: A combination of other roles, either business or IT, to form a higher-level role.

The term 'Entitlement Role' is not recognized as a default role type in SailPoint IdentityIQ. While entitlements can be components of roles, 'Entitlement Role' itself is not a predefined role type in the platform. Therefore, the correct answer is B. No.

Reference: This answer is based on the SailPoint IdentityIQ Role Management Guide, which details the standard role types and their usage within the platform. The guide explicitly lists the supported default role types, and 'Entitlement Role' is not among them.

Answer : B

The provided BeanShell code snippet attempts to filter and print the names of GroupDefinition objects owned by 'Randy.Knight.' However, the code contains a few issues that prevent it from functioning correctly as written:

Class Import: The GroupDefinition class should be imported explicitly at the beginning of the script, which is missing here.

Query Execution: The use of context.getObjectsByNumber(GroupDefinition.class, i) is incorrect. This method does not exist in this context. The correct approach would be to use context.getObjects() to retrieve the list of objects and iterate over them.

Looping Logic: The loop logic also contains a flaw. Instead of using a counter-based loop with context.getObjectsByNumber(), the recommended approach is to use context.search() to retrieve a list of filtered objects and then iterate through the results.

A corrected version of this code would look something like this:

import sailpoint.object.GroupDefinition;

import sailpoint.object.Filter;

import sailpoint.object.QueryOptions;

Filter filter = Filter.eq('owner.name', 'Randy.Knight');

QueryOptions qo = new QueryOptions();

qo.addFilter(filter);

List<GroupDefinition> groupDefinitions = context.getObjects(GroupDefinition.class, qo);

for (GroupDefinition group : groupDefinitions) {

System.out.println(group.getName());

}

In this corrected version:

We explicitly import GroupDefinition.

We retrieve the filtered objects with context.getObjects(GroupDefinition.class, qo) instead of getObjectsByNumber.

Thus, the original code is not correct as written. The correct answer is B. No.

Reference: This correction and explanation are based on SailPoint IdentityIQ's API documentation, which provides detailed guidance on the proper methods to retrieve and manipulate objects using Beanshell scripting within the platform.

Answer : A

Yes, the Provisioning tab under the 'Administrator Console' in IdentityIQ can be used to view the specific operations on each attribute being provisioned. This tab provides detailed visibility into the provisioning operations, including which attributes are being modified, created, or removed as part of the provisioning process. This is essential for administrators to monitor and troubleshoot provisioning tasks.

SailPoint IdentityIQ Administration Guide (Provisioning Tab Overview)

SailPoint IdentityIQ Provisioning Guide

Answer : A

Syslog can be used to identify the details of a system error presented in the UI. When a system error occurs, IdentityIQ typically logs detailed error messages, stack traces, and other relevant information to Syslog or other logging frameworks configured in the environment. By reviewing these logs, an administrator or engineer can identify and diagnose the specific error that was encountered in the UI.

SailPoint IdentityIQ Logging and Monitoring Guide

SailPoint IdentityIQ Administration Guide (Sections on Error Handling and Troubleshooting)