SailPoint Certified IdentityNow Engineer IdentityNow-Engineer Exam Practice Test

Answer : B

The default non-production tenant does not have the same full performance scalability as a production tenant. Non-production environments are typically configured with reduced resources since they are intended for testing, development, or demonstration rather than handling large-scale, live workloads.

Key Reference from SailPoint Documentation:

Performance Differences Between Tenants: SailPoint non-production tenants are generally scaled down compared to production environments to reflect their testing and demonstration purposes, not for high-performance or large-scale operations.

Answer : B

No, selecting a checkbox to use the database admin as the service account is not a recommended or required configuration when implementing a source that uses a JDBC connector. Typically, for security and least privilege, a dedicated service account with only the necessary permissions to read and manage identities within the database is used. Granting database administrator (DBA) privileges to the service account introduces unnecessary security risks and is against best practices.

SailPoint IdentityNow JDBC Connector Configuration Guide.

SailPoint IdentityNow Best Practices for Service Accounts Documentation.

Answer : B

No, an SoD (Separation of Duties) policy does not require a control matrix to be defined. While a control matrix can be a useful tool for organizations to visualize and enforce SoD policies by mapping roles to potential conflicting access rights, it is not a mandatory component of an SoD policy. An SoD policy primarily focuses on preventing conflicts of interest by ensuring that no individual has access to perform conflicting tasks within a business process (e.g., approving and processing payments). The control matrix is a recommended method for managing SoD but not a requirement.

Key Reference from SailPoint Documentation:

SoD Policy Overview: SailPoint recommends structuring SoD policies to focus on preventing conflicting access but does not mandate the use of a control matrix, which is an optional best practice for visualizing these controls.

Answer : A

Yes, the SCIM 2.0 Connector is the most suitable connector for this use case. The system described is a modern, cloud-based web application that exposes a fully compliant SCIM 2.0 interface and uses OAuth 2.0 client credentials for authentication. SCIM (System for Cross-domain Identity Management) is a standardized protocol designed to simplify identity management in cloud applications. The SCIM 2.0 Connector in SailPoint IdentityNow is specifically built to integrate with systems that provide a SCIM interface, making it the ideal connector for this scenario.

SailPoint IdentityNow SCIM 2.0 Connector Guide.

SailPoint IdentityNow Cloud-Based Integration Documentation.

Answer : B

The provided use case incorrectly describes the provisioning process on a source that has provisioning disabled. If provisioning is disabled for a source, automated provisioning via the Virtual Appliance and connectors is not possible. The Virtual Appliance cannot retry or carry out the provisioning in this case, as the system explicitly prevents automated provisioning operations on sources marked as non-provisionable.

When a source has provisioning disabled, the system only supports manual provisioning, where a task is opened in IdentityNow for a person to manually execute the provisioning steps. The Virtual Appliance does not handle provisioning for disabled sources, so the described scenario where it retries the request and carries out provisioning is inaccurate.

SailPoint IdentityNow Provisioning Configuration Guide.

SailPoint IdentityNow Virtual Appliance and Connector Operations Documentation.

Answer : B

No, custom connectors are not developed and compiled inside IdentityNow. Custom connectors are typically developed outside of the IdentityNow platform using a development environment and then tested and packaged before being uploaded to the platform. These connectors can be developed using tools provided by SailPoint, but the actual development process occurs externally, not directly within the IdentityNow environment.

Key Reference from SailPoint Documentation:

Custom Connector Development: Custom connectors are developed outside of the IdentityNow platform and then integrated into it for use.

Answer : B

No, an access profile does not directly reference roles to provide access. Instead, access profiles are collections of entitlements or permissions that are bundled together to simplify access provisioning. Access profiles can be associated with roles, but they do not reference roles directly. Roles in IdentityNow define broader sets of permissions, which may include access profiles, but access profiles themselves are not tied directly to roles.

SailPoint IdentityNow Access Profiles Documentation.

SailPoint IdentityNow Roles and Access Profiles Configuration Guide.