Rapid Setup is an implementation tool built into the current IdentityIQ product version to help with configuring IdentityIQ.

Groups which grant/identify user access on other systems (applications) and loaded into IdentityIQ through (account group) aggregation.

What is a workflow case?

Certification Events can be automatically triggered by a wide range of data changes within IdentityIQ, such as changing departments. The Perform Maintenance task must run for the certification process to complete.

Which of these is the best definition of Policy?

Once the spadmin password has been updated from the default, anyone who can authenticate into IdentityIQ can access the IdentityIQ console.

You can exclude certain users (such as executives) from a certification campaign by using _____________.

Password Policies must be defined for each application for which managing passwords is supported.

Group of IdentityIQ users defined through an Advanced Analytics query and used to define target of operation (e.g. task filter, report filter).

By adding an identity to a workgroup, the identity inherits capabilities assigned to the workgroup.

In IdentityIQ, where and how are new Populations created?

The certifier in a certification campaign is always the current manager of each employee.

Roles can be configured to automatically be enabled at a specified future date.

What are Identities

Which type of IdentityIQ task checks for policy violations?

A best practice is to assign ownership of objects, such as applications, to workgroups.

Implementers can add custom business logic to IdentityIQ using what functionality?

You can use the Edit Identity Quicklink to modify an identity’s attributes and trigger attribute synchronization to other applications.

Account schemas define which account attributes to read from an application when aggregating accounts with IdentityIQ.

We discussed two ways to view your application data prior to aggregation. Preview only lists the first 10 records, while __________________ lists all records and more details.

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

Which statement best describes what happens when you click Save Identities as Population?

The Process Events option in an Identity Refresh task directs IdentityIQ to initiate the lifecycle event workflows.

The certification process can cause provisioning.

Group of IdentityIQ users based on shared value of a single identity attribute and used to define target of operation (e.g. task filter, report filter).

Access requests cause the generation of a provisioning plan.

Which of these configurations is part of the Rapid Setup features?

When a serious system error occurs, and an incident code is displayed, where would an admin user go to see details of the error?

Which of the following is true of the Rapid Setup Termination process?

How does IdentityIQ communicate with target systems in your environment?

Both methods can disallow users from deleting their accounts on connected systems: In the LCM Configuration, disallow the Delete option for the My Actions category of users and removing access to the Manage Accounts Quicklink for the Self Service Quicklink population.

You can use the Administrator Console to postpone a scheduled task.

On a per Quicklink population basis, a rule can be implemented to constrain what members can request.

After aggregating, entitlements are added to the Entitlement Catalog, but they are not fully promoted on Identity Cubes until a refresh task has been run.

In IdentityIQ, new account groups can be created and provisioned in a connected application by using the Add New Entitlement button located in the Entitlement Catalog.

It is a best practice to use Java println statements for logging.

In IdentityIQ, users can request changes to which of the following?

All employees need to be issued an email address and membership in the DomainUsers group in Active Directory on day one of their employment.

To be able to view the lifecycle event details under Track My Requests, you must:

Which role type supports this scenario: Mark is going to a conference and needs to be able to request access to purchase tickets and file expense reports.

Which of the following is not an IdentityIQ module?

The critical network performance zone is between the user’s browser and IdentityIQ. It requires a round trip latency of 3ms or less.

Which of the following log levels will provide the most detailed information?

IdentityIQ does not support multi-factor authentication.

Select all the objects that support extended attributes.

Through the Manage User Access Quicklink, a user can:

Authoritative Identity Cubes are created for each account read from all applications.

Quicklink behavior can be configured per Quicklink population.

When an attribute is marked as "searchable", what does this mean?

Group of IdentityIQ users and used for assigning capabilities and scopes to set of users.

What is the term for writing access changes to applications within your enterprise?

What is the difference between a task and a business process (workflow)?

What is the term for reading application data into IdentityIQ from external sources?

What is displayed on the My Reports tab?

Entitlements define which areas of the UI a user can access within IdentityIQ.

The Recommendation Engine can provide a recommendation for approving or denying a request for access.

When a policy violation is identified, a workflow can be initiated by IdentityIQ to address the violation.

What is the term for the process of reviewing an identity’s accounts and entitlements on the applications within your enterprise?

IdentityIQ can kick off a certification campaign for an identity when it detects a change in that person's account attributes.

When designating a batch host, a best practice is to add the host name to the Task ServiceDefinition object and the Request ServiceDefinition object.

SailPoint recommends use of multiple environments and a version control system as part of your deployment management strategy.

What are Entitlements

Select the types of events that can trigger provisioning in IdentityIQ

What is the purpose of groups and populations?

Aggregation tasks are always partitioned and executed across multiple hosts.

Which of these is true of manual correlation?

Identity search only allows you to search on the standard identity attributes that are pre-defined by IdentityIQ

What are batch requests typically used for within IdentityIQ?

What is an Application

Rapid Setup Joiner runs for all new identity cubes created from any application.

Lifecycle Events, outside the Rapid Setup events, can only be used for situations other than joiner, mover, or leaver actions.

Manual correlation will link an account to an identity cube, but only until the next aggregation of that application.

An application connector can be forced to provision via IdentityIQ work items by removing “PROVISIONING” from the application features string.

Accounts are correlated to existing Identity Cubes when the Prune Identity task is run.

A policy definition disallows an identity to have both Admin and manager access on the Time Clock system. A user already has the Manager entitlement when she submits a request for Admin. IdentityIQ compares the access being requested and the user’s existing access to the policies. What kind of policy is this?

It is impossible to have more than 20 extended attributes within IdentityIQ.

The Services Standard Build (SSB) is a deployment process provided by SailPoint that is required when deploying IdentityIQ.

IdentityIQ roles are required to ensure proper access security.

A group can be defined based on multiple attributes; a population is based on a single attribute.

Required relationships define the IT roles that are mandatory for any user who has a certain business role; while permitted relationships define the IT roles which a user is allowed to have, based on having a certain business role.

IdentityIQ can only monitor for password change requests originating from IdentityIQ.

The console commands export and import both provide the ability to strip dates and IDs from objects.

Certification must be part of Phase1 of any IdentityIQ implementation project.

If we want to add an entitlement to the entitlement catalog, what should we mark the corresponding account attribute as?

IdentityIQ supports both a delta aggregation and a delta refresh.

You can specify multiple triggers for the mover lifecycle event, for example, watching for changes in job title, department, or manager.

What is an Aggregation

While requesting access, you can search for entitlements using the extended attributes you’ve added to IdentityIQ.

The JDBC connector requires a provisioning rule to be written when provisioning to applications of this type.

Many IdentityIQ connectors include pre-defined account and group schemas.

IQService is used for provisioning to Active Directory and to LDAP.

When you add extended attributes that are not marked searchable to IdentityIQ, where are these new attributes stored by default?

Roles can be manually requested by users and automatically assigned to users.

From the Administrator Console, you can view details about failed provisioning attempts and create a manual work item to complete the request.

The terms Identity Attributes and Account Attributes refer to the same thing.

The requestability of an entitlement is configured in the Entitlement Catalog.

Attachments can be added in which type of Quicklink process:

A Quicklink population allows you to define a set of users who can make access requests for other sets of users.