SailPoint Certified IdentityIQ Engineer Questions and Answers
Is this statement true about identitylQ ' s syslog event storage?
Solution: IdentitylQ logging and auditing both require extra function calls within the application and will generate data that can be compressed to avoid any storage and Improve overall performance.
Can the Environment tab under ‘Administrator Console’ be used to do the following task?
Proposed Solution:
View status of installed SailPoint modules/extensions.
Is this an example of a joiner lifecycle event?
Proposed Solution:
A contractor whose contract expired and accounts were disabled has a new contract with the company; the contractor needs all of their previous accounts enabled.
Is the following true of Identity Provisioning Policies?
Proposed Solution:
If no Update Identity Provisioning Policy is defined for the installation, the Create Identity Provisioning Policy will be used in Edit Identity operations.
Is this statement correct about writing and executing source mapping rules to populate identity attributes?
Solution: All Identity Mappings must use a rule to set the identity attribute.
Can the search type in Identity be used to accomplish this result?
Proposed Solution:
Identifying details of a system error presented in the UI
Is this a correct procedure for testing generated emails in a non-production system?
Solution: Change the Email Notification Type to Redirect to file using FTP protocol under Global Settings > Configure IdentitylQ Settings > Mail Settings, run the test scenario, and verify that the email text saved to the redirected file.
A bank is two years into an ongoing project to provide all access through roles. The bank is actively using roles and actively adding to their role model. They need to ensure that all roles include the correct entitlements.
Will this certification type achieve the goal?
Solution: Role Composition Certification
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Run the command iiq extendedSchema in the IIQ_Home/WEB-INF/bin directory.
The engineer needs to write some ad-hoc BeanShell code to search for GroupDefmition objects owned by Randy.Knight and print their names. Is this BeanShell code correct as written?
Solution:
The engineer uses the sailpoint.api.IdentityService in a BeanShell method to look up and return all account names for an identity on the application ' MagicBox ' . Is this a correct implementation?
Proposed Solution:
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.tools.GeneralException;
public List getAccountNames(SailPointContext context, Identity identity) throws GeneralException {
Application application = context.getObjectByName(Application.class, " MagicBox " );
IdentityService service = new IdentityService(context);
List < String > accountNames = new ArrayList < String > ();
List < Link > links = service.getLinks(identity, application);
if (links != null) {
for (Link link : links) {
accountNames.add(link.getNativeIdentity());
}
}
return accountNames;
}
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Set up a new AuditAction in the AuditConfig object XML:
< ObjectAttribute displayName= " User Type " editMode= " Permanent " extendedNumber= " 2 " name= " userType " type= " string " / >
Is this a valid step to take when importing SailPoint XML file objects into IdentitylQ?
Solution: Move the XML file into the IIQ_HOME/WEB-INF/database.
For a user who already has an account on an application and wants to be able to request access to a new account through Manage User Access, does this configuration need to be performed in Lifecycle Manager (LCM)?
Proposed Solution:
Select “Allow requesting new accounts” in the Manage Accounts QuickLink configuration for the user’s QuickLink population.
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Place a quicklink object on the workflow that is to be launched
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Create a Custom Certification Event Schedule and associated ruleRunner task.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Specify which applications support password change requests through the IdentityIQ user interface.
Can the following action be performed using Rapid Setup application onboarding?
Solution: Specify account correlation using a rule.
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: View the specific operations on each attribute being provisioned.
Is this configuration option required when an engineer sets up any application?
Proposed Solution:
Identity Attribute
Can the search type in Syslog be used to accomplish this result?
Solution: Identifying the number of employees that report to a specific person
Is this what should be performed in order to generate the database script to extend Managed Attribute attributes in the IdentityIQ database on the initial installation?
Proposed Solution:
Run the extendedSchema script on the IdentityIQ database.
Is the following true of Identity Provisioning Policies?
Proposed Solution:
A self-service Registration Identity Provisioning Policy is required to support the self-service registration workflow (LCM Registration).
Is this statement true about IdentityIQ ' s syslog event searching capabilities?
Proposed Solution:
When searching the syslog events from the Advanced Analytics page, it is not possible to search syslog events by attributes other than an Incident Code.
An engineer is developing an instance of IdentitylQ using the Services Standard Build (SSB) for a client. Is this a valid action the engineer can perform when setting up or using the SSB?
Solution: Place the client ' s identityiq. War file in the home directory of the build.
A bank is two years into an ongoing project to provide all access through roles. The bank is actively using roles and actively adding to their role model. They need to ensure that all roles include the correct entitlements.
Will this certification type achieve the goal?
Solution: Account Group Membership Certification
Is the following statement true about out-of-the-box reporting?
Proposed Solution:
Reports can be scheduled to run at most once per day.
Is this a true statement about localization support in IdentitylQ?
Solution: The default language can be changed from English by replacing the appropriate message files.
Is this a valid step to take when importing SailPoint XML file objects into IdentitylQ?
Solution: Import the XML object through the IdentitylQ console.
Is this statement true about identitylQ ' s syslog event storage?
Solution: IdentitylQ logging events are stored in a database table in addition to log files.
Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type ' Account Policy ' ?
Proposed Solution:
Allow
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Configure a Postlterate rule
Is this a purpose of an IdentitylQ certification?
Solution: to attest to a user ' s integrity
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Run a build with the updated schema placed inside it.
Is this a benefit of using the Run Rule feature of the Debug-Object page?
Proposed Solution:
It can be used to display the return value of simple code.
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Write logic in a BeanShell rule, task, or workflow step to created the audit event, populated with the appropriate data values.
The engineer is working on a workflow implementation.
After a form step, the workflow can transition to three steps:
Stop if the Reject (back) button is used,
Audit if the Approve (next) button is used and the field named comment is returned from the form to the workflow variable comment and has a value,
Provision otherwise.
The engineer writes the transitions in XML code.
Is this a valid implementation?
Proposed Solution:
< Transition to= " Stop " when= " !ref:approved " / >
< Transition to= " Audit " when= " script:sailpoint.tools.Util.isNotNullOrEmpty(comment); " / >
< Transition to= " Provision " / >
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create a Data Export task.
Is the following statement about IdentityIQ rule inputs and outputs correct?
Proposed Solution:
Every BeanShell rule in IdentityIQ rule must produce output.
Can the rule library named “Common Rules Library” be included in a Rule by adding this code?
Proposed Solution:
< ReferencedRules >
< Reference class= " sailpoint.object.RuleLibrary " name= " Common Rules Library " / >
< /ReferencedRules >
Is this a default functionality of the Lifecycle Manager (LCM) module?
Solution: Terminate Identity
The JVM Memory page on IdentitylQ displays the following information:
Solution: How much memory is currently allocated to the JVM heap?
Type your numerical response into the box below.
Can the following action be performed using Rapid Setup application onboarding?
Solution: Specify the account attribute and value filter that identifies a secondary account.
Is this statement true about email templates or behavior within them?
Solution: Only identity object attributes or methods can be accessed through the reference variables of a template ' s input arguments.
Is the following a true statement about IdentityIQ authentication and authorization?
Proposed Solution:
Scopes can control the features that are used in IdentityIQ.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Specify which access items may be requested.
Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?
Solution: An Application object is not required to aggregate external user account information into IdentitylQ.
Is this relationship type available for an IdentityIQ Role that has a multiple-level structure?
Proposed Solution:
Hierarchy
Can the rule library named Common Rules Library " be included in a Rule by adding this code?
Solution:
A customer wants to make changes in their IdentitylQ user interface. Consider branding and other IdentitylQ Ul changes. Is this statement valid?
Solution: The sets of columns displayed in most tables in the IdentitylQ user interface are controlled by entries in the ColumnConfig elements of the UlConfig object.
Is the following statement true about out-of-the-box reporting?
Solution: In the Reporting user interface, instances of reports are located on the ' My Reports ' tab, and templates are located on the ' Reports ' tab.
Is this a default role type that is available in identitylQ?
Solution: Entitlement Role
Is this statement valid regarding the control and usability of the Debug pages in IdentitylQ?
Solution: The application server must be restarted after reloading the logging file through the Debug-Logging page.
Is the following a true statement about IdentitylQ authentication and authorization?
Solution: A user ' s access to the Identity Warehouse is controlled by the QuickLink Populations that they are a member of.
Is this statement true about certifications?
Solution: All certifications include generation, the active period, sign-off, and the end period.
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: Map the associated WorkflowCase to a particular Provisioning Transaction.
Can the search type in Syslog be used to accomplish this result?
Solution: Launching a certification using the search results
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow.
Is this a valid step to take during the development of this custom quicklink?
Proposed Solution:
Place a quicklink object on the workflow that is to be launched.
Is this an example of a joiner lifecycle event?
Proposed Solution:
An employee previously left the company. Their access was disabled but has been reinstated; the employee needs all of their previous accounts enabled.