QUESTION: 1

For a user who wants to be able to enable an account for a subordinate or themselves through Manage Accounts, does this configuration need to be performed in Lifecycle Manager (LCM)?

Select the Rehire action under Manage Accounts Options in the LCM Configuration.

Solution: Select the Rehire action under Manage Accounts Options in the LCM Configuration.

Yes
No

Answer(s): B

Explanation:

In SailPoint IdentityIQ, the specific configuration that allows a user to enable an account for themselves or a subordinate through the "Manage Accounts" option does not necessarily need to be configured in Lifecycle Manager (LCM) alone.
While LCM does provide extensive capabilities for account management actions like provisioning, rehire, and more, enabling an account is primarily tied to the permissions and entitlements granted to the user through their role, capabilities, and access profiles.

To address the specific functionality described:

Manage Accounts is typically a part of IdentityIQ's broader account management capabilities, which are not exclusively tied to LCM. The ability to enable or disable accounts can be governed by rules and workflows within IdentityIQ, and these may or may not be linked directly to LCM configurations.

Rehire Action in LCM: The "Rehire" action within LCM Configuration is specific to processes related to reactivating an employee's identity when they are rehired. This does not directly relate to enabling an account from the "Manage Accounts" screen. Rehire workflows typically involve reinstating the user's previous access, which could include enabling accounts, but this is a broader process.

Permissions and Roles: The ability to enable accounts is often governed by the permissions assigned to a user's role within IdentityIQ. These permissions may be granted outside of LCM configurations and handled by IdentityIQ's access governance framework.

Workflow Configurations: Enabling or disabling an account could also be tied to specific workflows, which can be configured separately from LCM, using IdentityIQ's workflow engine. These workflows determine the steps and approvals required to perform such actions.

Reference:

SailPoint IdentityIQ Configuration Guide: Account Management

SailPoint IdentityIQ Lifecycle Manager Configuration Guide

SailPoint IdentityIQ Administration Guide (Sections on Roles and Permissions, Workflow Configurations)

Show Answer Next Question

QUESTION: 2

IdentitylQ has been installed and set up with the contents of IdentityExtended.hbm.xml as follows:

Is this a correct statement about the installation?

Solution: There is a limitation in this installation: When defining the identity mappings using Global Settings > Identity Attributes, only 12 additional searchable attributes can be defined. Additional identity attributes and mappings can be defined, but they cannot be searchable.

Yes
No

Answer(s): A

Explanation:

In SailPoint IdentityIQ, the configuration in IdentityExtended.hbm.xml file as shown in the image indeed outlines the use of extended identity attributes. These attributes (extended1, extended2, etc.) are custom attributes that are appended to the standard identity object model to store additional identity-related data.

According to the official SailPoint IdentityIQ documentation, when defining identity mappings under Global Settings > Identity Attributes, only up to 12 additional attributes can be made searchable within the IdentityIQ system. This limitation is crucial because it directly impacts the efficiency of search operations in large environments, where making too many attributes searchable can significantly slow down performance.

Once you define these 12 searchable attributes, any additional attributes can still be added, but they will not be indexed for search operations. This means that while the data in these attributes can be used in workflows, reports, and other operations, they cannot be used in search filters in the IdentityIQ user interface.

This limitation is particularly important when planning the design of the identity schema, as it affects both performance and usability. Therefore, the statement in question is correct and accurately reflects the constraints imposed by SailPoint IdentityIQ in terms of searchable identity attributes.

Reference:

This explanation is derived from the SailPoint IdentityIQ Configuration Guide and official documentation on identity attributes and their limitations. Specifically, this is covered in sections related to extended attributes and searchable properties within the system.

Show Answer Next Question

QUESTION: 3

Is this statement true about certifications?

Solution: The staging period is required.

Yes
No

Answer(s): B

Explanation:

The statement that "the staging period is required" for certifications is not true. In SailPoint IdentityIQ, the staging period is an optional phase during the certification campaign configuration. The staging period is used to pre-generate certifications and allow for any preparatory actions or adjustments before the certifications are officially launched and sent to reviewers. However, it is not a mandatory component for all certification campaigns.

Administrators may choose to bypass the staging period entirely depending on the specific requirements of the certification process or the urgency of the certification campaign. Therefore, while the staging period can be beneficial for managing large or complex certifications, it is not a required step.

Reference:

SailPoint IdentityIQ Certification Overview Guide

SailPoint IdentityIQ Administration Guide (Sections on Certification Configuration and Staging Period)

Show Answer Next Question

QUESTION: 4

Is this statement true about certifications?

Solution: All certifications include generation, the active period, sign-off, and the end period.

Yes
No

Answer(s): A

Explanation:

The statement that "All certifications include generation, the active period, sign-off, and the end period" is true. These stages are fundamental to the certification process in SailPoint IdentityIQ:

Generation: This is the initial stage where the certification campaign is created. During this phase, the system generates the list of items (such as access, roles, or entitlements) that need to be reviewed.

Active Period: Once the certification is generated, it enters the active period. During this time, the designated reviewers are responsible for examining the items in the certification, making decisions (such as approving or revoking access), and providing any necessary comments.

Sign-off: After the active period, the certification moves into the sign-off stage. Here, the final approver(s) review the decisions made during the active period and formally approve or reject the certification outcomes.

End Period: Finally, the end period marks the conclusion of the certification campaign. The certification is closed, and the results are archived. Any necessary actions, such as revoking access or triggering workflows based on the certification decisions, are implemented.

These stages are essential to the structured process that ensures all access rights are properly reviewed and either maintained or adjusted according to the organization's policies.

Reference:

SailPoint IdentityIQ Certification Administrator's Guide

SailPoint IdentityIQ Certification Process Documentation

SailPoint IdentityIQ Administration Guide (Sections on Certification Lifecycle and Workflow)

Show Answer Next Question

QUESTION: 5

Is this a default role type that is available in identitylQ?

Solution: Entitlement Role

Yes
No

Answer(s): B

Explanation:

In SailPoint IdentityIQ, the concept of a "role" is fundamental to the identity governance framework. The platform supports several default role types that are pre-configured to help organizations manage access effectively. The default role types include:

Business Role: Represents a collection of entitlements necessary for a specific job function within the organization.

IT Role: Aggregates technical entitlements that are typically assigned together, often linked to specific applications or systems.

Application Role: Tied to a specific application, representing roles within that application's context.

Composite Role: A combination of other roles, either business or IT, to form a higher-level role.

The term "Entitlement Role" is not recognized as a default role type in SailPoint IdentityIQ.
While entitlements can be components of roles, "Entitlement Role" itself is not a predefined role type in the platform. Therefore, the correct answer is B. No.

Reference:

This answer is based on the SailPoint IdentityIQ Role Management Guide, which details the standard role types and their usage within the platform. The guide explicitly lists the supported default role types, and "Entitlement Role" is not among them.

Show Answer Next Question

QUESTION: 6

Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type 'Role SOD Policy?

Solution: Schedule Policy Composition Certification

Yes
No

Answer(s): B

Explanation:

In SailPoint IdentityIQ, when dealing with a policy violation of the type "Role Separation of Duties

(SOD) Policy," there are specific actions that the policy violation owner can take. These options typically include:

Mitigate: Applying a mitigating control to the violation.

Remediate: Addressing the violation by removing or altering access.

Accept: Acknowledging the violation without making changes, which usually requires justification.

Forward: Assigning the violation to another individual or group for resolution.

The option "Schedule Policy Composition Certification" is not a valid action for addressing a Role SOD

Policy violation directly. The concept of scheduling a certification is related to periodic review processes, not immediate policy violation handling. Certification campaigns are scheduled and executed to review roles, entitlements, or policies, but this is not an action taken in response to a specific policy violation.

Thus, "Schedule Policy Composition Certification" is not an appropriate or valid option in this context, and the correct answer is B. No.

Reference:

This explanation is corroborated by the SailPoint IdentityIQ Compliance Manager documentation, which outlines the various actions available to policy violation owners when responding to policy violations, including Role SOD policies. The documentation specifies the actions that can be taken, and scheduling a certification is not listed among them in this context.

Show Answer Next Question

QUESTION: 7

Is this configuration option required when an engineer sets up a SCIM 2.0 application?

Solution: Comment Character

Yes
No

Answer(s): B

Explanation:

The configuration option "Comment Character" is not required when setting up a SCIM 2.0 application in SailPoint IdentityIQ. The "Comment Character" option is generally used for handling comment lines in flat files or CSV file-based connectors. Since SCIM 2.0 is a RESTful API-based protocol designed for managing identities in a standardized way, this option does not apply to SCIM 2.0 integrations. Therefore, it is not a necessary configuration when working with SCIM 2.0 applications.

Reference:

SailPoint IdentityIQ SCIM 2.0 Integration Guide

SailPoint IdentityIQ Application Configuration Guide (SCIM and REST API sections)

Show Answer Next Question

QUESTION: 8

Is this configuration option required when an engineer sets up a SCIM 2.0 application?

Solution: Name

Yes
No

Answer(s): A

Explanation:

The "Name" configuration option is required when setting up a SCIM 2.0 application in SailPoint IdentityIQ. The "Name" field is a mandatory identifier for the application within IdentityIQ. This name is used throughout the system to reference the application and is critical for configuration, management, and integration processes. Without specifying a name, IdentityIQ cannot properly identify and interact with the SCIM 2.0 application.

Reference:

SailPoint IdentityIQ SCIM 2.0 Application Configuration Guide

SailPoint IdentityIQ Administration Guide (Application Setup and Naming Conventions)

Show Answer Next Question

Free SailPoint IdentityIQ-Engineer Exam Braindumps (page: 2)

Pass your SailPoint Certified IdentityIQ Engineer exam with these free Actual Questions and Answers

QUESTION: 1

Explanation:

Reference:

QUESTION: 2

Explanation:

Reference:

QUESTION: 3

Explanation:

Reference:

QUESTION: 4

Explanation:

Reference:

QUESTION: 5

Explanation:

Reference:

QUESTION: 6

Explanation:

Reference:

QUESTION: 7

Explanation:

Reference:

QUESTION: 8

Explanation:

Reference:

IdentityIQ-Engineer Exam Discussions & Posts