xj9 - 19628 - a | 暗記メーカー

xj9 - 19628 - a

98問 • 2年前

問題一覧

What is the term for reading application data into IdentityIQ from external sources?

Aggregation

What is the term for the process of reviewing an identity’s accounts and entitlements on the applications within your enterprise?

Certification

What is the term for writing access changes to applications within your enterprise?

Provisioning

What is the difference between a task and a business process (workflow)?

Tasks perform batch processing and can be scheduled; workflows interact with users and are activated in response to user action/data change.

Implementers can add custom business logic to IdentityIQ using what functionality?

Rules

Rapid Setup is an implementation tool built into the current IdentityIQ product version to help with configuring IdentityIQ.

True

Certification must be part of Phase1 of any IdentityIQ implementation project.

False

How does IdentityIQ communicate with target systems in your environment?

Through connectors and integration modules

When you add extended attributes that are not marked searchable to IdentityIQ, where are these new attributes stored by default?

In a CLOB

It is impossible to have more than 20 extended attributes within IdentityIQ.

False

Authoritative Identity Cubes are created for each account read from all applications.

False

Which of these configurations is part of the Rapid Setup features?

Specifying what attribute identifies a locked account

When an attribute is marked as "searchable", what does this mean?

The attribute is stored in its own column for more efficient access for searching

The terms Identity Attributes and Account Attributes refer to the same thing.

False

A best practice is to assign ownership of objects, such as applications, to workgroups.

True

Entitlements define which areas of the UI a user can access within IdentityIQ.

False

By adding an identity to a workgroup, the identity inherits capabilities assigned to the workgroup.

True

IdentityIQ does not support multi-factor authentication.

False

What is the purpose of groups and populations?

To specify identities to include when performing an IdentityIQ activity, such as running a report.

A group can be defined based on multiple attributes; a population is based on a single attribute.

False

In IdentityIQ, where and how are new Populations created?

In Advanced Analytics, using identity search criteria

Which statement best describes what happens when you click Save Identities as Population?

The list of identities in the population is saved

Account schemas define which account attributes to read from an application when aggregating accounts with IdentityIQ.

True

If we want to add an entitlement to the entitlement catalog, what should we mark the corresponding account attribute as?

Managed

Groups which grant/identify user access on other systems (applications) and loaded into IdentityIQ through (account group) aggregation.

Account Group

Group of IdentityIQ users based on shared value of a single identity attribute and used to define target of operation (e.g. task filter, report filter).

Group (factory)

Group of IdentityIQ users and used for assigning capabilities and scopes to set of users.

Workgroup

Group of IdentityIQ users defined through an Advanced Analytics query and used to define target of operation (e.g. task filter, report filter).

Population

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

False

Which of these is true of manual correlation?

It is not undone or overridden by a subsequent aggregation.

After aggregating, entitlements are added to the Entitlement Catalog, but they are not fully promoted on Identity Cubes until a refresh task has been run.

True

IQService is used for provisioning to Active Directory and to LDAP.

False

The JDBC connector requires a provisioning rule to be written when provisioning to applications of this type.

True

Many IdentityIQ connectors include pre-defined account and group schemas.

True

We discussed two ways to view your application data prior to aggregation. Preview only lists the first 10 records, while __________________ lists all records and more details.

CONNECTOR DEBUG

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

False

Manual correlation will link an account to an identity cube, but only until the next aggregation of that application.

False

Aggregation tasks are always partitioned and executed across multiple hosts.

False

IdentityIQ supports both a delta aggregation and a delta refresh.

True

You can use the Administrator Console to postpone a scheduled task.

True

Which of the following log levels will provide the most detailed information?

Trace

It is a best practice to use Java println statements for logging.

False

When a serious system error occurs, and an incident code is displayed, where would an admin user go to see details of the error?

Advanced Analytics > Syslog Search

Once the spadmin password has been updated from the default, anyone who can authenticate into IdentityIQ can access the IdentityIQ console.

False

The console commands export and import both provide the ability to strip dates and IDs from objects.

True

Which of these is the best definition of Policy?

Business rules that define user access conditions that are unwanted by the business

When a policy violation is identified, a workflow can be initiated by IdentityIQ to address the violation.

True

Which type of IdentityIQ task checks for policy violations?

The Identity Refresh task

Certification Events can be automatically triggered by a wide range of data changes within IdentityIQ, such as changing departments. The Perform Maintenance task must run for the certification process to complete.

True

You can exclude certain users (such as executives) from a certification campaign by using _____________.

An exclusion rule

Which role type supports this scenario: Mark is going to a conference and needs to be able to request access to purchase tickets and file expense reports.

Business

All employees need to be issued an email address and membership in the DomainUsers group in Active Directory on day one of their employment.

Birthright

Required relationships define the IT roles that are mandatory for any user who has a certain business role; while permitted relationships define the IT roles which a user is allowed to have, based on having a certain business role.

True

The certification process can cause provisioning.

True

Access requests cause the generation of a provisioning plan.

True

An application connector can be forced to provision via IdentityIQ work items by removing “PROVISIONING” from the application features string.

True

What is a workflow case?

The object that represents a running instance of a workflow.

From the Administrator Console, you can view details about failed provisioning attempts and create a manual work item to complete the request.

True

The Process Events option in an Identity Refresh task directs IdentityIQ to initiate the lifecycle event workflows.

True

Rapid Setup Joiner runs for all new identity cubes created from any application.

True

You can specify multiple triggers for the mover lifecycle event, for example, watching for changes in job title, department, or manager.

True

Lifecycle Events, outside the Rapid Setup events, can only be used for situations other than joiner, mover, or leaver actions.

False

To be able to view the lifecycle event details under Track My Requests, you must:

Use a workflow that creates and updates the request record

On a per Quicklink population basis, a rule can be implemented to constrain what members can request.

True

A Quicklink population allows you to define a set of users who can make access requests for other sets of users.

True

Through the Manage User Access Quicklink, a user can:

Request or remove entitlements and/or roles

The requestability of an entitlement is configured in the Entitlement Catalog.

True

While requesting access, you can search for entitlements using the extended attributes you’ve added to IdentityIQ.

True

Roles can be configured to automatically be enabled at a specified future date.

True

Attachments can be added in which type of Quicklink process:

Manage User Access

The Recommendation Engine can provide a recommendation for approving or denying a request for access.

True

Quicklink behavior can be configured per Quicklink population.

True

Both methods can disallow users from deleting their accounts on connected systems: In the LCM Configuration, disallow the Delete option for the My Actions category of users and removing access to the Manage Accounts Quicklink for the Self Service Quicklink population.

True

Password Policies must be defined for each application for which managing passwords is supported.

False

You can use the Edit Identity Quicklink to modify an identity’s attributes and trigger attribute synchronization to other applications.

True

IdentityIQ can only monitor for password change requests originating from IdentityIQ.

False

IdentityIQ can kick off a certification campaign for an identity when it detects a change in that person's account attributes.

True

What are batch requests typically used for within IdentityIQ?

Bulk loading identities or identity updates

In IdentityIQ, new account groups can be created and provisioned in a connected application by using the Add New Entitlement button located in the Entitlement Catalog.

True

Which of the following is true of the Rapid Setup Termination process?

It has its own parallel configurations to the Rapid Setup Leaver options.

When designating a batch host, a best practice is to add the host name to the Task ServiceDefinition object and the Request ServiceDefinition object.

True

The critical network performance zone is between the user’s browser and IdentityIQ. It requires a round trip latency of 3ms or less.

False

SailPoint recommends use of multiple environments and a version control system as part of your deployment management strategy.

True

The Services Standard Build (SSB) is a deployment process provided by SailPoint that is required when deploying IdentityIQ.

False

Which of the following is not an IdentityIQ module?

File Access Manager

What are Identities

IdentityIQ users and those with access to systems in your organization

What is an Application

Any resource you want to manage, such as operating systems, directories or databases

What are Entitlements

The type of access a user when logging into an application. Also called permission

What is an Aggregation

Reding or collecting identity data from an enterprise application into IdentityIQ

In IdentityIQ, users can request changes to which of the following?

Roles, Password

Select the types of events that can trigger provisioning in IdentityIQ

A new employee, An employee retires, An employee moves from London to Toronto

The certifier in a certification campaign is always the current manager of each employee.

False

A policy definition disallows an identity to have both Admin and manager access on the Time Clock system. A user already has the Manager entitlement when she submits a request for Admin. IdentityIQ compares the access being requested and the user’s existing access to the policies. What kind of policy is this?

Preventive

Identity search only allows you to search on the standard identity attributes that are pre-defined by IdentityIQ

False

What is displayed on the My Reports tab?

Reports that you have configured and searches that have been saved as reports

IdentityIQ roles are required to ensure proper access security.

False

Roles can be manually requested by users and automatically assigned to users.

True

Select all the objects that support extended attributes.

Identity Cubes, Applications, Entitlements

nace 1

nace 1

ブラックエプロン②(LNB~BNA)

ブラックエプロン②(LNB~BNA)

財務諸表論　理論

財務諸表論　理論

ブラックエプロン　（ランダム問題）

ブラックエプロン　（ランダム問題）

ブラックエプロン抽出器具編①

ブラックエプロン抽出器具編①

aml/cftスタンダード

aml/cftスタンダード

BA対策テストFY22過去問

BA対策テストFY22過去問

気象支援（上田）

気象支援（上田）

機械検査2級(令和元年　択一問題)

機械検査2級(令和元年　択一問題)

画像工学（国試56〜76回）解説あり

画像工学（国試56〜76回）解説あり

半導体製造/集積回路組立2級筆記(A郡真偽法)

ユーザ名非公開 · 37問 · 5日前

半導体製造/集積回路組立2級筆記(A郡真偽法)

半導体

半導体

半導体

半導体

半導体

半導体

財務諸表論【専52】９負債（正誤）

財務諸表論【専52】９負債（正誤）

財務諸表論【専52】４資産総論（正誤）

財務諸表論【専52】４資産総論（正誤）

バイオメカニクス

バイオメカニクス

情報

情報

板倉テスト2

板倉テスト2

coffee academy300 ticket6

ユーザ名非公開 · 33問 · 7日前

coffee academy300 ticket6

33問 • 7日前

ユーザ名非公開

問題一覧

What is the term for reading application data into IdentityIQ from external sources?

Aggregation

What is the term for the process of reviewing an identity’s accounts and entitlements on the applications within your enterprise?

Certification

What is the term for writing access changes to applications within your enterprise?

Provisioning

What is the difference between a task and a business process (workflow)?

Tasks perform batch processing and can be scheduled; workflows interact with users and are activated in response to user action/data change.

Implementers can add custom business logic to IdentityIQ using what functionality?

Rules

Rapid Setup is an implementation tool built into the current IdentityIQ product version to help with configuring IdentityIQ.

True

Certification must be part of Phase1 of any IdentityIQ implementation project.

False

How does IdentityIQ communicate with target systems in your environment?

Through connectors and integration modules

When you add extended attributes that are not marked searchable to IdentityIQ, where are these new attributes stored by default?

In a CLOB

It is impossible to have more than 20 extended attributes within IdentityIQ.

False

Authoritative Identity Cubes are created for each account read from all applications.

False

Which of these configurations is part of the Rapid Setup features?

Specifying what attribute identifies a locked account

When an attribute is marked as "searchable", what does this mean?

The attribute is stored in its own column for more efficient access for searching

The terms Identity Attributes and Account Attributes refer to the same thing.

False

A best practice is to assign ownership of objects, such as applications, to workgroups.

True

Entitlements define which areas of the UI a user can access within IdentityIQ.

False

By adding an identity to a workgroup, the identity inherits capabilities assigned to the workgroup.

True

IdentityIQ does not support multi-factor authentication.

False

What is the purpose of groups and populations?

To specify identities to include when performing an IdentityIQ activity, such as running a report.

A group can be defined based on multiple attributes; a population is based on a single attribute.

False

In IdentityIQ, where and how are new Populations created?

In Advanced Analytics, using identity search criteria

Which statement best describes what happens when you click Save Identities as Population?

The list of identities in the population is saved

Account schemas define which account attributes to read from an application when aggregating accounts with IdentityIQ.

True

If we want to add an entitlement to the entitlement catalog, what should we mark the corresponding account attribute as?

Managed

Groups which grant/identify user access on other systems (applications) and loaded into IdentityIQ through (account group) aggregation.

Account Group

Group of IdentityIQ users based on shared value of a single identity attribute and used to define target of operation (e.g. task filter, report filter).

Group (factory)

Group of IdentityIQ users and used for assigning capabilities and scopes to set of users.

Workgroup

Group of IdentityIQ users defined through an Advanced Analytics query and used to define target of operation (e.g. task filter, report filter).

Population

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

False

Which of these is true of manual correlation?

It is not undone or overridden by a subsequent aggregation.

After aggregating, entitlements are added to the Entitlement Catalog, but they are not fully promoted on Identity Cubes until a refresh task has been run.

True

IQService is used for provisioning to Active Directory and to LDAP.

False

The JDBC connector requires a provisioning rule to be written when provisioning to applications of this type.

True

Many IdentityIQ connectors include pre-defined account and group schemas.

True

We discussed two ways to view your application data prior to aggregation. Preview only lists the first 10 records, while __________________ lists all records and more details.

CONNECTOR DEBUG

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

False

Manual correlation will link an account to an identity cube, but only until the next aggregation of that application.

False

Aggregation tasks are always partitioned and executed across multiple hosts.

False

IdentityIQ supports both a delta aggregation and a delta refresh.

True

You can use the Administrator Console to postpone a scheduled task.

True

Which of the following log levels will provide the most detailed information?

Trace

It is a best practice to use Java println statements for logging.

False

When a serious system error occurs, and an incident code is displayed, where would an admin user go to see details of the error?

Advanced Analytics > Syslog Search

Once the spadmin password has been updated from the default, anyone who can authenticate into IdentityIQ can access the IdentityIQ console.

False

The console commands export and import both provide the ability to strip dates and IDs from objects.

True

Which of these is the best definition of Policy?

Business rules that define user access conditions that are unwanted by the business

When a policy violation is identified, a workflow can be initiated by IdentityIQ to address the violation.

True

Which type of IdentityIQ task checks for policy violations?

The Identity Refresh task

True

You can exclude certain users (such as executives) from a certification campaign by using _____________.

An exclusion rule

Which role type supports this scenario: Mark is going to a conference and needs to be able to request access to purchase tickets and file expense reports.

Business

All employees need to be issued an email address and membership in the DomainUsers group in Active Directory on day one of their employment.

Birthright

True

The certification process can cause provisioning.

True

Access requests cause the generation of a provisioning plan.

True

An application connector can be forced to provision via IdentityIQ work items by removing “PROVISIONING” from the application features string.

True

What is a workflow case?

The object that represents a running instance of a workflow.

From the Administrator Console, you can view details about failed provisioning attempts and create a manual work item to complete the request.

True

The Process Events option in an Identity Refresh task directs IdentityIQ to initiate the lifecycle event workflows.

True

Rapid Setup Joiner runs for all new identity cubes created from any application.

True

You can specify multiple triggers for the mover lifecycle event, for example, watching for changes in job title, department, or manager.

True

Lifecycle Events, outside the Rapid Setup events, can only be used for situations other than joiner, mover, or leaver actions.

False

To be able to view the lifecycle event details under Track My Requests, you must:

Use a workflow that creates and updates the request record

On a per Quicklink population basis, a rule can be implemented to constrain what members can request.

True

A Quicklink population allows you to define a set of users who can make access requests for other sets of users.

True

Through the Manage User Access Quicklink, a user can:

Request or remove entitlements and/or roles

The requestability of an entitlement is configured in the Entitlement Catalog.

True

While requesting access, you can search for entitlements using the extended attributes you’ve added to IdentityIQ.

True

Roles can be configured to automatically be enabled at a specified future date.

True

Attachments can be added in which type of Quicklink process:

Manage User Access

The Recommendation Engine can provide a recommendation for approving or denying a request for access.

True

Quicklink behavior can be configured per Quicklink population.

True

Password Policies must be defined for each application for which managing passwords is supported.

False

You can use the Edit Identity Quicklink to modify an identity’s attributes and trigger attribute synchronization to other applications.

True

IdentityIQ can only monitor for password change requests originating from IdentityIQ.

False

IdentityIQ can kick off a certification campaign for an identity when it detects a change in that person's account attributes.

True

What are batch requests typically used for within IdentityIQ?

Bulk loading identities or identity updates

In IdentityIQ, new account groups can be created and provisioned in a connected application by using the Add New Entitlement button located in the Entitlement Catalog.

True

Which of the following is true of the Rapid Setup Termination process?

It has its own parallel configurations to the Rapid Setup Leaver options.

When designating a batch host, a best practice is to add the host name to the Task ServiceDefinition object and the Request ServiceDefinition object.

True

The critical network performance zone is between the user’s browser and IdentityIQ. It requires a round trip latency of 3ms or less.

False

SailPoint recommends use of multiple environments and a version control system as part of your deployment management strategy.

True

The Services Standard Build (SSB) is a deployment process provided by SailPoint that is required when deploying IdentityIQ.

False

Which of the following is not an IdentityIQ module?

File Access Manager

What are Identities

IdentityIQ users and those with access to systems in your organization

What is an Application

Any resource you want to manage, such as operating systems, directories or databases

What are Entitlements

The type of access a user when logging into an application. Also called permission

What is an Aggregation

Reding or collecting identity data from an enterprise application into IdentityIQ

In IdentityIQ, users can request changes to which of the following?

Roles, Password

Select the types of events that can trigger provisioning in IdentityIQ

A new employee, An employee retires, An employee moves from London to Toronto

The certifier in a certification campaign is always the current manager of each employee.

False

Preventive

Identity search only allows you to search on the standard identity attributes that are pre-defined by IdentityIQ

False

What is displayed on the My Reports tab?

Reports that you have configured and searches that have been saved as reports

IdentityIQ roles are required to ensure proper access security.

False

Roles can be manually requested by users and automatically assigned to users.

True

Select all the objects that support extended attributes.

Identity Cubes, Applications, Entitlements