SAILPOINT IIQ ASSOCIATE EXAM
QUESTIONS AND ANSWERS
What are the Certification phases and what occurs in each phase? - ANSWER-1.
Certification campaign is created
2. Access reviews are created for certifier review
3. Reviewer approves/revokes access
4. User can challenge loss of access (optional step)
5. Reviewer signs off
6. IIQ revokes access
Staging
Active
Challenge
Revocation
What are three common governance policies? - ANSWER-1. Separation of Duties
(SoD) - ensure users don't hold conflicting access
2. Dormant accounts - unused accounts for excessive lengths of time
3. Non-managers with manager access
What are the two processes for Policy Detection? - ANSWER-1. Detection - detect
existing policy violations and revoke
2. Preventative - prevent a policy violation from occurring (ie request for conflicting
access)
What are the steps for an Access Request? - ANSWER-1. Start request for self/other
2. Limit/filter request options based on identity
3. Submit request
4. Provisioning Plan is created
5. Workflow (specific to request) is started to execute request
What is an Access Request? - ANSWER-Systems or processes used to request new
access, make changes to existing access, or remove access to resources within an
organization
What is an Access Review? - ANSWER-A component of a Certification
What is Activity? - ANSWER-The normalized representation of the raw activity data
(i.e. logging in after hours) collection from an activity data source (Windows Event
Log or Syslog).
Activity is represented as a java object (ApplicationActivity) and persisted in DB
What is an Additional Entitlement? - ANSWER-Any entitlement an identity has
access too but that does not comprise a complete role
Role 1 = A, B, C
, User has entitlements A,B,C,D --> D is the additional entitlement
What is Aggregation? - ANSWER-The discovery and collection of information from
the applications configured to work with IIQ
What is an Authoritative Application? - ANSWER-The main repository for employee
data (i.e. HR application)
System from which the majority of identities are built
What are the eight events that can trigger a Workflow? - ANSWER-1. Role creation
2. Identity update
3. Identity refresh
4. Identity correlation
5. Deferred role assignment/deassignment
6. Deferred role activation/deactivation
7. Any Lifecycle Manager event
8. Any Lifecycle Event (changes to an Identity's attributes)
What are Capabilities? - ANSWER-Control access within IIQ. Access if controlled at
the page, tab and field level
What are the two types of Connectors? - ANSWER-1. Application-type: collect
account information
2. Activity-type: collect activity information
Explain the purpose of identity security (four objectives - ANSWER-1. Strengthen
security & reduce risk
2. Improve compliance & audit performance
3. Deliver fast, efficient access to business
4. Reduce operation cost
What are the three questions to answer with identity security? - ANSWER-1. Who
has access?
2. Who should have access?
3. How is that access being used?
What is an Application? - ANSWER-A representation of a business resource (HR
system, Active Directory, etc)
What are the two types of IIQ attributes? - ANSWER-Standard: attributes
automatically included for each identity cube
Extended: custom attributes specific to each IIQ implementation (department,
location, job title, etc)
Compare and contrast Tasks and Workflows - ANSWER-Tasks:
1. Batch jobs that act on objects
2. Scheduled or manually run
3. NO USER INTERACTION (scheduled account aggregation or data refresh)
QUESTIONS AND ANSWERS
What are the Certification phases and what occurs in each phase? - ANSWER-1.
Certification campaign is created
2. Access reviews are created for certifier review
3. Reviewer approves/revokes access
4. User can challenge loss of access (optional step)
5. Reviewer signs off
6. IIQ revokes access
Staging
Active
Challenge
Revocation
What are three common governance policies? - ANSWER-1. Separation of Duties
(SoD) - ensure users don't hold conflicting access
2. Dormant accounts - unused accounts for excessive lengths of time
3. Non-managers with manager access
What are the two processes for Policy Detection? - ANSWER-1. Detection - detect
existing policy violations and revoke
2. Preventative - prevent a policy violation from occurring (ie request for conflicting
access)
What are the steps for an Access Request? - ANSWER-1. Start request for self/other
2. Limit/filter request options based on identity
3. Submit request
4. Provisioning Plan is created
5. Workflow (specific to request) is started to execute request
What is an Access Request? - ANSWER-Systems or processes used to request new
access, make changes to existing access, or remove access to resources within an
organization
What is an Access Review? - ANSWER-A component of a Certification
What is Activity? - ANSWER-The normalized representation of the raw activity data
(i.e. logging in after hours) collection from an activity data source (Windows Event
Log or Syslog).
Activity is represented as a java object (ApplicationActivity) and persisted in DB
What is an Additional Entitlement? - ANSWER-Any entitlement an identity has
access too but that does not comprise a complete role
Role 1 = A, B, C
, User has entitlements A,B,C,D --> D is the additional entitlement
What is Aggregation? - ANSWER-The discovery and collection of information from
the applications configured to work with IIQ
What is an Authoritative Application? - ANSWER-The main repository for employee
data (i.e. HR application)
System from which the majority of identities are built
What are the eight events that can trigger a Workflow? - ANSWER-1. Role creation
2. Identity update
3. Identity refresh
4. Identity correlation
5. Deferred role assignment/deassignment
6. Deferred role activation/deactivation
7. Any Lifecycle Manager event
8. Any Lifecycle Event (changes to an Identity's attributes)
What are Capabilities? - ANSWER-Control access within IIQ. Access if controlled at
the page, tab and field level
What are the two types of Connectors? - ANSWER-1. Application-type: collect
account information
2. Activity-type: collect activity information
Explain the purpose of identity security (four objectives - ANSWER-1. Strengthen
security & reduce risk
2. Improve compliance & audit performance
3. Deliver fast, efficient access to business
4. Reduce operation cost
What are the three questions to answer with identity security? - ANSWER-1. Who
has access?
2. Who should have access?
3. How is that access being used?
What is an Application? - ANSWER-A representation of a business resource (HR
system, Active Directory, etc)
What are the two types of IIQ attributes? - ANSWER-Standard: attributes
automatically included for each identity cube
Extended: custom attributes specific to each IIQ implementation (department,
location, job title, etc)
Compare and contrast Tasks and Workflows - ANSWER-Tasks:
1. Batch jobs that act on objects
2. Scheduled or manually run
3. NO USER INTERACTION (scheduled account aggregation or data refresh)
