SailPoint IdentityNow-Engineer SailPoint Certified IdentityNow Engineer Exam Practice Test

Page: 1 / 14
Total 108 questions
Question 1

When an engineer goes to Global > System Settings and clicks on System Notifications, the following page opens:

What email notifications are enabled if the engineer selects Sources?

Solution: A notification is sent when a source has been in an error state for fifteen minutes.



Answer : A

Yes, SailPoint IdentityNow sends a notification if a source has been in an error state for a sustained period, typically after fifteen minutes. This type of alert helps administrators to be aware of prolonged connection or operational issues with a source, so they can take corrective action promptly. The notification system is designed to escalate issues that may impact synchronization, provisioning, or access-related processes.

Key Reference from SailPoint Documentation:

Error State Notifications: SailPoint IdentityNow sends alerts for sources in error states, including when the error persists for a predefined period such as 15 minutes, helping administrators to respond to ongoing issues.


Question 2

Does this run on the VA?

Solution: IQService



Answer : B

IQService does not run on the Virtual Appliance (VA). It is a separate service that must be installed on a Windows Server within the environment that has access to the target system, particularly for Active Directory and other Windows-based systems. IQService acts as a proxy between the IdentityNow tenant and these target systems, allowing operations such as password management and account provisioning to be executed on systems that do not support native connectors on the VA. It communicates with the VA but is not hosted on it.


SailPoint IdentityNow IQService Installation Guide.

SailPoint IdentityNow Target Connector Architecture.

Question 3

The customer has a system that matches the following description. Is this a suitable connector type to use?

The system is a modern, cloud-based, web application that uses a MySQL database backend provided by the cloud platform. The database is only accessible from the web application. The web application exposes a fully compliant SCIM 2.0 interface with OAuth 2.0 client credentials.

Solution: SCIM 2.0 Connector



Answer : A

Yes, the SCIM 2.0 Connector is the most suitable connector for this use case. The system described is a modern, cloud-based web application that exposes a fully compliant SCIM 2.0 interface and uses OAuth 2.0 client credentials for authentication. SCIM (System for Cross-domain Identity Management) is a standardized protocol designed to simplify identity management in cloud applications. The SCIM 2.0 Connector in SailPoint IdentityNow is specifically built to integrate with systems that provide a SCIM interface, making it the ideal connector for this scenario.


SailPoint IdentityNow SCIM 2.0 Connector Guide.

SailPoint IdentityNow Cloud-Based Integration Documentation.

Question 4

An IdentityNow engineer has set up an access profile for an application. The access profile allows for users to request access, and for a user's manager to approve or deny access.

After a recent staff meeting, management has expressed that they want to remove any approval requirements for this application.

Is management's request possible in IdentityNow. and. if so. are these the recommended steps the engineer should take to meet their new requirement?

Solution: It is possible. Edit the access profile, and uncheck the box marked 'Required Approval'.



Answer : A

Yes, it is possible to remove the approval requirement for an application in IdentityNow by editing the access profile and unchecking the 'Required Approval' box. This configuration change would eliminate the need for a manager or other approver to review access requests, allowing users to be granted access without requiring approval.

Key Reference from SailPoint Documentation:

Access Profile Configuration: Access profiles can be configured to require or not require approval for access requests, and this option can be modified directly in the profile settings.


Question 5

Is this statement true about the purpose of a tenant?

Solution: A non-production tenant is used for testing new features.



Answer : A

Yes, a non-production tenant is typically used for testing new features before they are deployed to the production environment. This allows administrators to validate functionality, identify potential issues, and ensure the features work as expected without affecting the live users and operations.

Key Reference from SailPoint Documentation:

Testing New Features in Non-Production: SailPoint advises using non-production environments for testing new functionalities to safeguard production environments from untested changes.


Question 6

Is this statement correct about security and/or encryption of data?

Solution: When setting up a virtual appliance cluster. SailPoint creates an asymmetnc key pair based on a user-provided passphrase. and then uses this key pair to communication with the IdentityNow tenant.



Answer : A

Yes, this statement is correct. When setting up a Virtual Appliance (VA) cluster, SailPoint does indeed create an asymmetric key pair based on a user-provided passphrase. This key pair is used for secure communication between the Virtual Appliance and the IdentityNow tenant. The asymmetric encryption model uses a public-private key pair where the private key is stored securely within the VA, and the public key is shared with the IdentityNow tenant to establish a secure, encrypted communication channel. This setup ensures that data exchanged between the VA and the IdentityNow tenant remains protected.


SailPoint IdentityNow Virtual Appliance Security Guide.

SailPoint IdentityNow Asymmetric Encryption and Key Management Documentation.

Question 7

Is the following description of an access profile correct?

Solution: It directly references roles to provide access.



Answer : B

No, an access profile does not directly reference roles to provide access. Instead, access profiles are collections of entitlements or permissions that are bundled together to simplify access provisioning. Access profiles can be associated with roles, but they do not reference roles directly. Roles in IdentityNow define broader sets of permissions, which may include access profiles, but access profiles themselves are not tied directly to roles.


SailPoint IdentityNow Access Profiles Documentation.

SailPoint IdentityNow Roles and Access Profiles Configuration Guide.

Page:    1 / 14   
Total 108 questions