Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. SailPoint
  5. IdentityIQ-Engineer

Free SailPoint IdentityIQ-Engineer Exam Questions (page: 3)

Page 3 of 17
PDF with 122 Questions

Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?

Solution: An Application object is not required to aggregate external user account information into IdentitylQ.

  1. Yes
  2. No

Answer(s): B

Explanation:

The statement that "An Application object is not required to aggregate external user account information into IdentityIQ" is false. In SailPoint IdentityIQ, an Application object is essential for aggregating (importing) external user account information. The Application object defines the connection settings, schema, and mapping that enable IdentityIQ to connect to external systems and retrieve identity data. Without an Application object, IdentityIQ would not have the necessary configuration to establish a connection and aggregate user data from external sources.


Reference:

SailPoint IdentityIQ Administration Guide (Section on Applications and Aggregation)

SailPoint IdentityIQ Integration and Configuration Guide



HOTSPOT (Drag and Drop is not supported)

Match the following IdentitylQ console commands To their functions.

Use the drop-down menus to select your answers. Answer options from the drop-down menus may only be used once Some will not be used at all.



  1. See Explanation for the Answer.

Answer(s): A

Explanation:

Here's how the SailPoint IdentityIQ console commands correspond to their respective functions:

connectorDebug: debug the connector to identify issues in the connector.

source: authenticate to IdentityIQ as another user.

list: list objects.

provision: evaluate and execute a provisioning plan.

Comprehensive Detailed Explanation with All IdentityIQ Engineer Reference connectorDebug:

This command is primarily used to debug connectors within IdentityIQ. Connectors facilitate communication between SailPoint and external systems.
When an issue arises, you use this function to identify and troubleshoot connector-related problems.


Reference:

SailPoint IdentityIQ Console Guide (section on connector troubleshooting).

source:

This command allows you to authenticate as another user within the IdentityIQ system. It's useful for testing user-specific actions or behaviors without logging out and back in.


SailPoint IdentityIQ Admin Guide (section on user authentication and delegation).

list:

This function returns a list of objects or entities within the system. In IdentityIQ, objects could include applications, roles, policies, and more.


SailPoint IdentityIQ Console Reference Guide (list and query commands).

provision:

The provision command evaluates and executes a provisioning plan. This is the actual process that implements changes in user access across connected systems based on the identity lifecycle event.

SailPoint IdentityIQ Provisioning Guide (execution of provisioning plans).

By matching these commands to their respective functions, the detailed functionalities of IdentityIQ's console tools are properly understood for administrative and troubleshooting purposes.



The engineer needs to write some ad-hoc BeanShell code to search for GroupDefmition objects owned by Randy.Knight and print their names. Is this BeanShell code correct as written?

Solution:

  1. Yes
  2. No

Answer(s): B

Explanation:

The provided BeanShell code snippet attempts to filter and print the names of GroupDefinition objects owned by "Randy.Knight." However, the code contains a few issues that prevent it from functioning correctly as written:

Class Import: The GroupDefinition class should be imported explicitly at the beginning of the script, which is missing here.

Query Execution: The use of context.getObjectsByNumber(GroupDefinition.class, i) is incorrect. This method does not exist in this context. The correct approach would be to use context.getObjects() to retrieve the list of objects and iterate over them.

Looping Logic: The loop logic also contains a flaw. Instead of using a counter-based loop with context.getObjectsByNumber(), the recommended approach is to use context.search() to retrieve a list of filtered objects and then iterate through the results.

A corrected version of this code would look something like this:

import sailpoint.object.GroupDefinition;

import sailpoint.object.Filter;

import sailpoint.object.QueryOptions;

Filter filter = Filter.eq("owner.name", "Randy.Knight");

QueryOptions qo = new QueryOptions();

qo.addFilter(filter);

List<GroupDefinition> groupDefinitions = context.getObjects(GroupDefinition.class, qo);

for (GroupDefinition group : groupDefinitions) {

System.out.println(group.getName());

}

In this corrected version:

We explicitly import GroupDefinition.

We retrieve the filtered objects with context.getObjects(GroupDefinition.class, qo) instead of getObjectsByNumber.

Thus, the original code is not correct as written. The correct answer is B. No.


Reference:

This correction and explanation are based on SailPoint IdentityIQ's API documentation, which provides detailed guidance on the proper methods to retrieve and manipulate objects using Beanshell scripting within the platform.



Is this a valid step to take when importing SailPoint XML file objects into IdentitylQ?

Solution: Move the XML file into the IIQ_HOME/WEB-INF/database.

  1. Yes
  2. No

Answer(s): B

Explanation:

The statement suggests moving the XML file into IIQ_HOME/WEB-INF/database as part of the process to import SailPoint XML file objects into IdentityIQ. However, this is not a valid step for importing XML objects.

The correct procedure to import SailPoint XML objects typically involves the following steps:

Use the iiq console command-line tool provided by SailPoint to import the XML file.

The command typically looks like: iiq console import <filename>.xml.

The XML file does not need to be moved to any specific directory like WEB-INF/database for the import process.

Moving the XML file into the WEB-INF/database directory does not align with the documented process and does not facilitate the import. The correct answer is B. No.


Reference:

This answer is based on the official SailPoint IdentityIQ documentation regarding object import procedures, which clearly states that imports should be performed using the IdentityIQ console or through the user interface (for smaller imports).



Is this a valid step to take when importing SailPoint XML file objects into IdentitylQ?

Solution: Import the XML object through the IdentitylQ console.

  1. Yes
  2. No

Answer(s): A

Explanation:

Yes, this is a valid step to take when importing SailPoint XML file objects into IdentityIQ. The IdentityIQ console (iiq console) is a command-line tool used for various administrative tasks, including importing and exporting XML objects.

To import an XML object through the IdentityIQ console, the general procedure involves:

Navigating to the IdentityIQ installation directory.

Running the console with the import command:

iiq console import <filename>.xml

The console will process the XML file, importing the defined objects (roles, policies, identity mappings, etc.) into the IdentityIQ database.

This method is officially documented and is a common practice for importing configuration and objects into SailPoint IdentityIQ. Therefore, the answer is A. Yes.


Reference:

This explanation is derived from the SailPoint IdentityIQ Administration Guide, which details how to manage XML imports and exports using the IdentityIQ console tool.



An engineer needs to trigger a workflow when a Division attribute changes from /7"to Senior IT, but only when the user is a manager.

Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?

Solution: Create a trigger with an event type of rule and return True when the user's previous value of the division attribute is /7"andthe new value of the division attribute is Senior IT.

  1. Yes
  2. No

Answer(s): B

Explanation:

The scenario describes triggering a workflow when a "Division" attribute changes from a specific value to "Senior IT," but only when the user is a manager. The proposed solution suggests creating a trigger with an event type of "rule" that checks the previous and new values of the "Division" attribute.

However, this approach has a couple of issues:

Trigger Configuration: In SailPoint IdentityIQ, a lifecycle event trigger typically operates on changes in identity attributes, but it's not standard to define this trigger using a rule that directly inspects the previous and new values. Instead, the lifecycle event would usually be configured in the context of the application or identity to directly listen to specific changes without needing to define the logic in a custom rule.

Condition Validation: The condition of checking if the user is a manager should ideally be integrated within the workflow itself or the lifecycle event configuration, not just as part of a rule in the trigger.

While a rule can be used to define complex conditions, the correct way to implement this in IdentityIQ would involve setting up the lifecycle event trigger specifically for the attribute change and managing any additional conditions (like checking if the user is a manager) within the workflow or using an appropriate script/rule in that context.

Therefore, while partially correct in approach, the described solution is not the best practice or a valid process in IdentityIQ, so the correct answer is B. No.


Reference:

This answer is based on the SailPoint IdentityIQ Lifecycle Manager Guide, which provides best practices for configuring lifecycle events and triggers, as well as proper use of rules and workflow triggers in these scenarios.



Can the search type in Syslog be used to accomplish this result?

Solution: Identifying the number of employees that report to a specific person

  1. Yes
  2. No

Answer(s): B

Explanation:

Syslog is primarily used for logging system events and not for performing complex searches or queries on hierarchical or organizational data like identifying the number of employees that report to a specific person. Such a query would typically require access to the organizational hierarchy or identity data, which is better achieved through IdentityIQ's reporting or search capabilities within the application rather than using Syslog. Syslog captures log events related to system operations, errors, and other activity logs but isn't designed for the type of structured query described in the question.


Reference:

SailPoint IdentityIQ Logging and Monitoring Guide

SailPoint IdentityIQ Administration Guide (Sections on Reporting and Search)



Can the search type in Syslog be used to accomplish this result?

Solution: Identifying all Link objects from a particular application

  1. Yes
  2. No

Answer(s): B

Explanation:

Syslog is not intended for querying or identifying specific objects, such as all Link objects from a particular application. Syslog is used to record events and log information related to system activities, errors, and operations. To identify all Link objects from a particular application, you would use IdentityIQ's internal search functionality or reports that allow you to filter and retrieve such objects. These tasks involve querying the database and application-specific data structures rather than examining log files.


Reference:

SailPoint IdentityIQ Administration Guide (Section on Objects and Searching)

SailPoint IdentityIQ Configuration Guide (Understanding Link Objects)



Viewing page 3 of 17
Viewing questions 17 - 24 out of 122 questions



Post your Comments and Discuss SailPoint IdentityIQ-Engineer exam prep with other Community members:

IdentityIQ-Engineer Exam Discussions & Posts