Is the following statement about IdentityIQ rule inputs and outputs correct?
Proposed Solution:
The default description of a Rule, which originates from the Rule Registry, usually provides information about the Rule ' s purpose and its expected output.
The engineer is working on a workflow implementation.
After a form step, the workflow can transition to three steps:
Stop if the Reject (back) button is used,
Audit if the Approve (next) button is used and the field named comment is returned from the form to the workflow variable comment and has a value,
Provision otherwise.
The engineer writes the transitions in XML code.
Is this a valid implementation?
Proposed Solution:
< Transition to= " Stop " when= " !ref:approved " / >
< Transition to= " Audit " when= " script:sailpoint.tools.Util.isNotNullOrEmpty(comment); " / >
< Transition to= " Provision " / >
Can this action be performed as part of configuring an application definition in IdentitylQ?
Solution: Define account correlation via a rule.
The engineer is analyzing on a workflow Transition.
The following variable values are known:
Will the workflow continue to this step?
Solution: Approve
Is this a valid statement about connector rules?
Solution: A Post-Iterate Rule, if configured, is run after reading accounts from a SQL Loader application.
Can the following action be performed using Rapid Setup application onboarding?
Solution: Specify the account attribute and value filter that identifies a secondary account.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Create Policy
For a user who wants to be able to enable an account for a subordinate or themselves through Manage Accounts, does this configuration need to be performed in Lifecycle Manager (LCM)?
Select the Rehire action under Manage Accounts Options in the LCM Configuration.
Solution: Select the Rehire action under Manage Accounts Options in the LCM Configuration.
Is this a true statement about localization support in IdentitylQ?
Solution: Localized messages can be retrieved from custom Java/BeanShell code using SailPoint APIs.
Is this a purpose of an IdentitylQ certification?
Solution: to review a snapshot of a user ' s system access
Is this statement valid regarding the control and usability of the Debug pages in IdentityIQ?
Proposed Solution:
Objects can be deleted on a singular basis or in bulk.
A manager wants to extend the access granted to an employee.
Is this a default role type that is available for the manager to request in IdentitylQ during the access request process?
Solution: Business Role
An engineer is developing an instance of IdentitylQ using the Services Standard Build (SSB) for a client. Is this a valid action the engineer can perform when setting up or using the SSB?
Solution: Place the patch jar file in the build ' s base/patch folder that matches the patch version the client is using
Is the following statement true about out-of-the-box reporting?
Solution: In the Reporting user interface, instances of reports are located on the ' My Reports ' tab, and templates are located on the ' Reports ' tab.
Is this configuration option required when an engineer sets up a SCIM 2.0 application?
Solution: Name
Is this statement true about identitylQ ' s syslog event storage?
Solution: IdentitylQ logging and auditing both require extra function calls within the application and will generate data that can be compressed to avoid any storage and Improve overall performance.
Is this statement valid regarding the control and usability of the Debug pages in IdentityIQ?
Proposed Solution:
Changing an object ' s name and saving the object is the correct way to create a new copy of the object.
Match the following IdentitylQ console commands To their functions.
Use the drop-down menus to select your answers. Answer options from the drop-down menus may only be used once Some will not be used at all.
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of rule that checks if the previous value is IT and the new value is Senior IT, and return true if the managerStatus on the user ' s Identity Cube is true.
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Insert the " Managers " quicklink population as the dynamic scope in the quicklink object.
The engineer needs to write some ad-hoc BeanShell code to search for GroupDefmition objects owned by Randy.Knight and print their names. Is this BeanShell code correct as written?
Solution:
Is this statement true about identitylQ ' s syslog event storage?
Solution: Both logging and auditing can have a negative influence on performance. Logging and auditing both require extra function calls within The application and will generate data that will need to be stored.
Can the search type in Syslog be used to accomplish this result?
Solution: Identifying details of a system error presented in the Ul
An engineer is assigned to configure an account attribute. The requirements are:
Purpose: Flag privileged accounts
Read from: Financial application, privileged attribute
Calculate from: Keystore application, responsibility-code attribute
Usage 1: Display as option in Advanced Analytics
Usage 2: Use when writing rules
Usage 3: Include in policies
Does the engineer need to set this configuration option on the account attribute to meet the requirements?
Solution: Source Mappings: Application Rule
Is this statement valid regarding the control and usability of the Debug pages in IdentitylQ?
Solution: The Debug-Logging page does not have to be reloaded when the log4j file is altered while the application server is running.
Can the search type in Identity be used to accomplish this result?
Proposed Solution:
Identifying the number of certifications that are currently in the revocation phase
Is this a correct procedure for testing generated emails in a non-production system?
Proposed Solution:
Change the Email Notification Type to IMAP under Global Settings > Configure IdentityIQ Settings > Mail Settings, run the test scenario, and verify if the emails were successfully delivered to mailboxes specified on Identity objects.
The business analysts for a large hospital need to confirm that their role assignment rules are working correctly. They are performing a final test on the production system by certifying the users who have been assigned the role. The access reviews should be sent to the security team for final sign-off.
Will this certification type achieve the goal?
Proposed Solution:
Role Membership Certification
Can the following action be performed using Rapid Setup application onboarding?
Proposed Solution:
Specify the account attribute and value filter that identifies a service account.
Is the following statement about workflows and sub-workflows (subprocesses) true?
Proposed Solution:
The outputs of a subprocess (sub-workflow) can be returned to variables in the calling workflow using the returns attribute of the calling step.
For example:
< Step icon= " Task " name= " Initialize " posX= " 134 " posY= " 10 "
returns= " identityRequestId,project " send= " identityName,plan " >
...
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution:
A customer wants to make changes in their IdentitylQ user interface. Consider branding and other IdentitylQ Ul changes. Is this statement valid?
Solution: Primary and secondary colors are set through the IdentitylQ Configuration > Miscellaneous page.
Is the following true of Identity Provisioning Policies?
Solution: Identity Provisioning Policies can be used to include allowed-values definitions or validation logic on fields so that only valid/authorized values can be specified for those fields when using the Create Identity feature to add an identity.
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Run the command iiq extendedSchema in the IIQ_Home/WEB-INF/bin directory.
Is the following true of Identity Provisioning Policies?
Proposed Solution:
If no Update Identity Provisioning Policy is defined for the installation, the Create Identity Provisioning Policy will be used in Edit Identity operations.
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create and load a Custom Audit Report TaskDefinition XML and corresponding Custom Audit Report Form XML.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Filter String
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Set up a new AuditAction in the AuditConfig object XML:
< AuditAction displayName= " Custom New Audit Event " enabled= " true " name= " actionname " / >
Is this statement valid regarding the control and usability of the Debug pages in IdentitylQ?
Solution: The application server must be restarted after reloading the logging file through the Debug-Logging page.
Is this a true statement about localization support in IdentitylQ?
Solution: The default language can be changed from English by replacing the appropriate message files.
Is the following statement true?
Proposed Solution:
All ManagedAttribute objects associated to an Identity can be viewed on the ‘Policy’ tab from ‘View Identity’ QuickLink.
Select the best policy type for defining each access policy. Use the drop-down menus to select your answers.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Specify which access items may be requested.
Is this statement true about email templates or behavior within them?
Solution: Only identity object attributes or methods can be accessed through the reference variables of a template ' s input arguments.
Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type ' Account Policy ' ?
Proposed Solution:
Export CSV / Import CSV
Is this a piece of information that an engineer needs when initially setting up a new IdentityIQ sandbox environment?
Proposed Solution:
the IdentityIQ version
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Configure a Postlterate rule
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Enter the name of the workflow to launch in the quicklink object.
Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?
Solution: An Application object is not required to aggregate external user account information into IdentitylQ.
Is the following statement true?
Solution: All Application objects must have an Identity object as the owner.
Is the following statement about workflow step types and their usage true?
Proposed Solution:
A step with the attribute wait= " 1 " will cause the workflow to wait for at least one minute. The workflow will be revived on the next run of the Perform Maintenance Task, after the wait period is over.
A bank is two years into an ongoing project to provide all access through roles. The bank is actively using roles and actively adding to their role model. They need to ensure that all roles include the correct entitlements.
Will this certification type achieve the goal?
Solution: Account Group Membership Certification
Is this statement valid regarding the control and usability of the Debug pages in IdentitylQ?
Solution: Workflows can be run directly from the Debug-Object page.
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of attribute change on the managerStatus attribute with the previous value of true and the new value of false, and add an included identities rule for when the user ' s division attribute had a previous value of IT and a new value of Senior IT.
A customer wants to make changes in their IdentityIQ user interface.
Consider branding and other IdentityIQ UI changes. Is this statement valid?
Proposed Solution:
If SailPoint is removed from the header bar, “Powered by SailPoint IdentityIQ” must be added to the copyright footer.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Specify which applications support password change requests through the IdentityIQ user interface.