SailPoint Certified IdentityIQ Engineer Exam Practice Test

Answer : B

The provided BeanShell code snippet attempts to filter and print the names of GroupDefinition objects owned by 'Randy.Knight.' However, the code contains a few issues that prevent it from functioning correctly as written:

Class Import: The GroupDefinition class should be imported explicitly at the beginning of the script, which is missing here.

Query Execution: The use of context.getObjectsByNumber(GroupDefinition.class, i) is incorrect. This method does not exist in this context. The correct approach would be to use context.getObjects() to retrieve the list of objects and iterate over them.

Looping Logic: The loop logic also contains a flaw. Instead of using a counter-based loop with context.getObjectsByNumber(), the recommended approach is to use context.search() to retrieve a list of filtered objects and then iterate through the results.

A corrected version of this code would look something like this:

import sailpoint.object.GroupDefinition;

import sailpoint.object.Filter;

import sailpoint.object.QueryOptions;

Filter filter = Filter.eq('owner.name', 'Randy.Knight');

QueryOptions qo = new QueryOptions();

qo.addFilter(filter);

List<GroupDefinition> groupDefinitions = context.getObjects(GroupDefinition.class, qo);

for (GroupDefinition group : groupDefinitions) {

System.out.println(group.getName());

}

In this corrected version:

We explicitly import GroupDefinition.

We retrieve the filtered objects with context.getObjects(GroupDefinition.class, qo) instead of getObjectsByNumber.

Thus, the original code is not correct as written. The correct answer is B. No.

Reference: This correction and explanation are based on SailPoint IdentityIQ's API documentation, which provides detailed guidance on the proper methods to retrieve and manipulate objects using Beanshell scripting within the platform.

Answer : B

In SailPoint IdentityIQ, when dealing with a policy violation of the type 'Role Separation of Duties (SOD) Policy,' there are specific actions that the policy violation owner can take. These options typically include:

Mitigate: Applying a mitigating control to the violation.

Remediate: Addressing the violation by removing or altering access.

Accept: Acknowledging the violation without making changes, which usually requires justification.

Forward: Assigning the violation to another individual or group for resolution.

The option 'Schedule Policy Composition Certification' is not a valid action for addressing a Role SOD Policy violation directly. The concept of scheduling a certification is related to periodic review processes, not immediate policy violation handling. Certification campaigns are scheduled and executed to review roles, entitlements, or policies, but this is not an action taken in response to a specific policy violation.

Thus, 'Schedule Policy Composition Certification' is not an appropriate or valid option in this context, and the correct answer is B. No.

Reference: This explanation is corroborated by the SailPoint IdentityIQ Compliance Manager documentation, which outlines the various actions available to policy violation owners when responding to policy violations, including Role SOD policies. The documentation specifies the actions that can be taken, and scheduling a certification is not listed among them in this context.

Answer : A

Yes, Identity Provisioning Policies can indeed be used to include allowed-values definitions or validation logic on fields within SailPoint IdentityIQ. This ensures that only valid or authorized values can be specified for certain fields, such as when using the 'Create Identity' feature to add a new identity. This functionality helps enforce data integrity and compliance with organizational policies by restricting the inputs to predefined or validated options.

SailPoint IdentityIQ Administration Guide (Sections on Identity Provisioning Policies and Field Validation)

SailPoint IdentityIQ Configuration Guide (Policy Enforcement and Validation)

Answer : B

Certifying user expense reports is not a purpose of IdentityIQ certification. IdentityIQ certifications are focused on access and identity governance, specifically reviewing and validating user access rights within systems. Expense report certification would be a different process, typically managed by financial or expense management systems, not by IdentityIQ.

SailPoint IdentityIQ Certification Guide

SailPoint IdentityIQ Governance Overview

Answer : A

Yes, specifying which access items may be requested can be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows. In IdentityIQ, control variables within LCM workflows allow administrators to define the scope and criteria for access requests, including restricting or specifying which entitlements, roles, or applications can be requested by users. This is part of the request configuration process, where the access items that users can see and request are defined.

Therefore, the correct answer is A. Yes.

Answer : B

The statement that 'An Application object is not required to aggregate external user account information into IdentityIQ' is false. In SailPoint IdentityIQ, an Application object is essential for aggregating (importing) external user account information. The Application object defines the connection settings, schema, and mapping that enable IdentityIQ to connect to external systems and retrieve identity data. Without an Application object, IdentityIQ would not have the necessary configuration to establish a connection and aggregate user data from external sources.

SailPoint IdentityIQ Administration Guide (Section on Applications and Aggregation)

SailPoint IdentityIQ Integration and Configuration Guide

Answer : B

The statement is incorrect. The 'For Others' option in the quicklink configuration is used to allow users to perform actions on behalf of other identities (e.g., a manager performing an action for a subordinate). However, setting the quicklink to 'For Others' does not make it launch a workflow immediately. To have a quicklink launch a workflow immediately when clicked, you would typically need to configure the quicklink to call the workflow directly, without requiring additional user input. 'For Others' is more about the context of the action rather than triggering workflows automatically.

SailPoint IdentityIQ Quicklink Development Guide

SailPoint IdentityIQ Administration Guide (Quicklink and Workflow Configuration)