What is the term for reading application data into IdentityIQ from external sources?

What is the term for the process of reviewing an identity’s accounts and entitlements on the applications within your enterprise?

What is the term for writing access changes to applications within your enterprise?

What is the difference between a task and a business process (workflow)?

Implementers can add custom business logic to IdentityIQ using what functionality?

Rapid Setup is an implementation tool built into the current IdentityIQ product version to help with configuring IdentityIQ.

Certification must be part of Phase1 of any IdentityIQ implementation project.

How does IdentityIQ communicate with target systems in your environment?

When you add extended attributes that are not marked searchable to IdentityIQ, where are these new attributes stored by default?

It is impossible to have more than 20 extended attributes within IdentityIQ.

Authoritative Identity Cubes are created for each account read from all applications.

Which of these configurations is part of the Rapid Setup features?

When an attribute is marked as "searchable", what does this mean?

The terms Identity Attributes and Account Attributes refer to the same thing.

A best practice is to assign ownership of objects, such as applications, to workgroups.

Entitlements define which areas of the UI a user can access within IdentityIQ.

By adding an identity to a workgroup, the identity inherits capabilities assigned to the workgroup.

IdentityIQ does not support multi-factor authentication.

What is the purpose of groups and populations?

A group can be defined based on multiple attributes; a population is based on a single attribute.

In IdentityIQ, where and how are new Populations created?

Which statement best describes what happens when you click Save Identities as Population?

Account schemas define which account attributes to read from an application when aggregating accounts with IdentityIQ.

If we want to add an entitlement to the entitlement catalog, what should we mark the corresponding account attribute as?

Groups which grant/identify user access on other systems (applications) and loaded into IdentityIQ through (account group) aggregation.

Group of IdentityIQ users based on shared value of a single identity attribute and used to define target of operation (e.g. task filter, report filter).

Group of IdentityIQ users and used for assigning capabilities and scopes to set of users.

Group of IdentityIQ users defined through an Advanced Analytics query and used to define target of operation (e.g. task filter, report filter).

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

Which of these is true of manual correlation?

After aggregating, entitlements are added to the Entitlement Catalog, but they are not fully promoted on Identity Cubes until a refresh task has been run.

IQService is used for provisioning to Active Directory and to LDAP.

The JDBC connector requires a provisioning rule to be written when provisioning to applications of this type.

Many IdentityIQ connectors include pre-defined account and group schemas.

We discussed two ways to view your application data prior to aggregation. Preview only lists the first 10 records, while __________________ lists all records and more details.

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

Manual correlation will link an account to an identity cube, but only until the next aggregation of that application.

Aggregation tasks are always partitioned and executed across multiple hosts.

IdentityIQ supports both a delta aggregation and a delta refresh.

You can use the Administrator Console to postpone a scheduled task.

Which of the following log levels will provide the most detailed information?

It is a best practice to use Java println statements for logging.

When a serious system error occurs, and an incident code is displayed, where would an admin user go to see details of the error?

Once the spadmin password has been updated from the default, anyone who can authenticate into IdentityIQ can access the IdentityIQ console.

The console commands export and import both provide the ability to strip dates and IDs from objects.

Which of these is the best definition of Policy?

When a policy violation is identified, a workflow can be initiated by IdentityIQ to address the violation.

Which type of IdentityIQ task checks for policy violations?

Certification Events can be automatically triggered by a wide range of data changes within IdentityIQ, such as changing departments. The Perform Maintenance task must run for the certification process to complete.

You can exclude certain users (such as executives) from a certification campaign by using _____________.

Which role type supports this scenario: Mark is going to a conference and needs to be able to request access to purchase tickets and file expense reports.

All employees need to be issued an email address and membership in the DomainUsers group in Active Directory on day one of their employment.

Required relationships define the IT roles that are mandatory for any user who has a certain business role; while permitted relationships define the IT roles which a user is allowed to have, based on having a certain business role.

The certification process can cause provisioning.

Access requests cause the generation of a provisioning plan.

An application connector can be forced to provision via IdentityIQ work items by removing “PROVISIONING” from the application features string.

What is a workflow case?

From the Administrator Console, you can view details about failed provisioning attempts and create a manual work item to complete the request.

The Process Events option in an Identity Refresh task directs IdentityIQ to initiate the lifecycle event workflows.

Rapid Setup Joiner runs for all new identity cubes created from any application.

You can specify multiple triggers for the mover lifecycle event, for example, watching for changes in job title, department, or manager.

Lifecycle Events, outside the Rapid Setup events, can only be used for situations other than joiner, mover, or leaver actions.

To be able to view the lifecycle event details under Track My Requests, you must:

On a per Quicklink population basis, a rule can be implemented to constrain what members can request.

A Quicklink population allows you to define a set of users who can make access requests for other sets of users.

Through the Manage User Access Quicklink, a user can:

The requestability of an entitlement is configured in the Entitlement Catalog.

While requesting access, you can search for entitlements using the extended attributes you’ve added to IdentityIQ.

Roles can be configured to automatically be enabled at a specified future date.

Attachments can be added in which type of Quicklink process:

The Recommendation Engine can provide a recommendation for approving or denying a request for access.

Quicklink behavior can be configured per Quicklink population.

Both methods can disallow users from deleting their accounts on connected systems: In the LCM Configuration, disallow the Delete option for the My Actions category of users and removing access to the Manage Accounts Quicklink for the Self Service Quicklink population.

Password Policies must be defined for each application for which managing passwords is supported.

You can use the Edit Identity Quicklink to modify an identity’s attributes and trigger attribute synchronization to other applications.

IdentityIQ can only monitor for password change requests originating from IdentityIQ.

IdentityIQ can kick off a certification campaign for an identity when it detects a change in that person's account attributes.

What are batch requests typically used for within IdentityIQ?

In IdentityIQ, new account groups can be created and provisioned in a connected application by using the Add New Entitlement button located in the Entitlement Catalog.

Which of the following is true of the Rapid Setup Termination process?

When designating a batch host, a best practice is to add the host name to the Task ServiceDefinition object and the Request ServiceDefinition object.

The critical network performance zone is between the user’s browser and IdentityIQ. It requires a round trip latency of 3ms or less.

SailPoint recommends use of multiple environments and a version control system as part of your deployment management strategy.

The Services Standard Build (SSB) is a deployment process provided by SailPoint that is required when deploying IdentityIQ.

Which of the following is not an IdentityIQ module?

What are Identities

What is an Application

What are Entitlements

What is an Aggregation

In IdentityIQ, users can request changes to which of the following?

Select the types of events that can trigger provisioning in IdentityIQ

The certifier in a certification campaign is always the current manager of each employee.

A policy definition disallows an identity to have both Admin and manager access on the Time Clock system. A user already has the Manager entitlement when she submits a request for Admin. IdentityIQ compares the access being requested and the user’s existing access to the policies. What kind of policy is this?

Identity search only allows you to search on the standard identity attributes that are pre-defined by IdentityIQ

What is displayed on the My Reports tab?

IdentityIQ roles are required to ensure proper access security.

Roles can be manually requested by users and automatically assigned to users.

Select all the objects that support extended attributes.