SailPoint Certified IdentityIQ Engineer Exam Practice Test

Answer : B

The Rapid Setup user interface in SailPoint IdentityIQ is designed to simplify and streamline common configuration tasks, particularly during the initial setup of IdentityIQ environments. However, it has certain limitations in terms of granularity and customization.

In this case, the requirement is to disable an account on a particular application for one set of users and delete the account for another set of users during administrative terminations. The Rapid Setup interface does not provide options to differentiate between user groups for different actions (disable vs. delete) within the same termination event.

This level of specificity---applying different actions based on user group membership---would require a more advanced setup, possibly involving custom rules or workflows rather than using the Rapid Setup options. Therefore, the correct answer is B. No.

Reference: This answer is based on the SailPoint IdentityIQ Rapid Setup Guide, which describes the capabilities and limitations of the Rapid Setup interface. The guide indicates that more complex scenarios require customization beyond what Rapid Setup can offer.

Answer : A

Yes, specifying which access items may be requested can be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows. In IdentityIQ, control variables within LCM workflows allow administrators to define the scope and criteria for access requests, including restricting or specifying which entitlements, roles, or applications can be requested by users. This is part of the request configuration process, where the access items that users can see and request are defined.

Therefore, the correct answer is A. Yes.

Answer : B

Certifying user expense reports is not a purpose of IdentityIQ certification. IdentityIQ certifications are focused on access and identity governance, specifically reviewing and validating user access rights within systems. Expense report certification would be a different process, typically managed by financial or expense management systems, not by IdentityIQ.

SailPoint IdentityIQ Certification Guide

SailPoint IdentityIQ Governance Overview

Answer : A

The Create Identity Provisioning Policy in SailPoint IdentityIQ is designed to apply specific provisioning rules and actions during the creation of identities, especially when aggregating data from authoritative sources. These policies ensure that newly created identities have valid and authorized attribute values based on organizational rules and compliance requirements.

During identity aggregation from an authoritative source, the provisioning policy can enforce rules such as role assignments, attribute validation, and other actions necessary to ensure that the identity is created correctly and securely.

Therefore, the correct answer is A. Yes.

Answer : B

The statement that a user's access to the Identity Warehouse is controlled by the QuickLink Populations they are a member of is incorrect. QuickLink Populations in IdentityIQ are used primarily for grouping identities for specific operations, such as access reviews, certifications, or specific application provisioning, rather than directly controlling access to the Identity Warehouse.

Access to the Identity Warehouse is governed by role-based access controls (RBAC), scopes, and the user's entitlements within IdentityIQ. These determine what data and functionality a user can access, including the information in the Identity Warehouse.

Thus, the correct answer is B. No.

Reference: This is supported by the SailPoint IdentityIQ Administration Guide, which clarifies the roles of QuickLink Populations and how access controls are implemented in IdentityIQ.

Answer : B

An Account Group Membership Certification is designed to certify group memberships within accounts, typically focusing on the validation of access within specific account groups (e.g., Active Directory groups).

This type of certification does not directly address the accuracy of role composition or the correctness of entitlements assigned within roles. Since the bank's goal is to ensure that all roles include the correct entitlements, an Account Group Membership Certification is not suitable for this purpose.

Thus, the correct answer is B. No.

Answer : B

In SailPoint IdentityIQ, when dealing with a policy violation of the type 'Role Separation of Duties (SOD) Policy,' there are specific actions that the policy violation owner can take. These options typically include:

Mitigate: Applying a mitigating control to the violation.

Remediate: Addressing the violation by removing or altering access.

Accept: Acknowledging the violation without making changes, which usually requires justification.

Forward: Assigning the violation to another individual or group for resolution.

The option 'Schedule Policy Composition Certification' is not a valid action for addressing a Role SOD Policy violation directly. The concept of scheduling a certification is related to periodic review processes, not immediate policy violation handling. Certification campaigns are scheduled and executed to review roles, entitlements, or policies, but this is not an action taken in response to a specific policy violation.

Thus, 'Schedule Policy Composition Certification' is not an appropriate or valid option in this context, and the correct answer is B. No.

Reference: This explanation is corroborated by the SailPoint IdentityIQ Compliance Manager documentation, which outlines the various actions available to policy violation owners when responding to policy violations, including Role SOD policies. The documentation specifies the actions that can be taken, and scheduling a certification is not listed among them in this context.