SAILPOINT IDN EXAM QUESTIONS
AND ANSWERS
Tina, Chris and Mario are members of the governance group "AD Approvers". The
access profile Z specifies that the "AD Approver" governance group is its approver.
So when Jenny request access profile Z, all three members receive an approval
item. How is the approval handled? - ANSWER-A) All 3 must repond and approve for
the access to be provisioned. Any "deny" response prevents provisioning
B) The first person to complete their approval item (ie. approve or deny) will speak
for the group and the 2 remaining approval items will be deleted
C) All 3 must respond and the decision is made on a majority-rules basis (IE
provisioned if 2 or more approve).
IdentityNow password policies must match downstream system password policies
exactly - ANSWER-True or False
How are IdentityNow password policies applied? - ANSWER-A) All applicable
policies for a users are applied
B) The first applicable exception policy is used, if none apply, the primary policy is
used
C) The primary policy is always used but the first applicable exception policy is
added to it
D) All user passwords for a given source must meet the same requirements
Sources in a password sync group share password requirements and password
changes are applied to them as a set? - ANSWER-True or False
To reset their own forgotten IdentityNow password a user must first prove their
identity thought strong authentication? - ANSWER-True or False
Which of these are searchable objects in IdentityNow? (Choose all that apply) -
ANSWER-A) Identities
B) Sources
C) Entitlements
D) Account Activivty
E) LifeCycle States
F) All the Above
IdentityNow applies a term-only search to all searchable objects looking for the
specified string in all attributes at any level? - ANSWER-True or False
IdentityNow assumes an AND relationship between multiple terms unless OR or || is
explicitly specified. Example: Mainframe Accounting - ANSWER-True or False ???
, Which of the object model components is described by each of the following
statements? - ANSWER-A) Groups together on or more access points from a single
source.
B) Groups access by job role or business function, possibly across sources
C) Defines birthright access for users within each identity profile (Lifecycle state,
access profile, role, entitlement)
Users can be assigned to more than one role or lifecycle state, as needed to drive
the correct access provisioning - ANSWER-True or False
If you define roles, you must model and manage all user access with roles -
ANSWER-True or False
What are the two categories of actions which trigger provisioning? - ANSWER-???
Provisioning requests are always specific to one identity, and contain the key
information needed to fulfill provisioning operations. - ANSWER-True or False
What does an account create profile specify? - ANSWER-A) The mapping of account
attributes to identity attributes in identity creation
B) Whether or not the connector supports creating accounts on a source
C) the set of attributes and values to use in creating an account on a source
What page in IdentityNow allows administrators to view account activity data and
download provisioning audit reports? - ANSWER-???
Which of these is not an option for handling provisioning of passwords for new
accounts? - ANSWER-A) Using a static password for everyone
B) Emailing a generated password to the user
C) Setting an initial password based on identity data the users will know
D) Setting a random password and having the user reset it before logging in.
When defining role membership, which of these can you use as criteria for role
assignment? - ANSWER-A) Account Attributes
B) Identity Attributes
C) IdentityNow user level
D) User Entitlements
Access will be removed from an identity if the access was previously granted by a
role, and that identity no longer meets the role's membership matching criteria? -
ANSWER-True or False
The purpose of attribute synchronization is a push changes to identity attributes
values to source attributes which need to share the same data values? - ANSWER-
True or False
AND ANSWERS
Tina, Chris and Mario are members of the governance group "AD Approvers". The
access profile Z specifies that the "AD Approver" governance group is its approver.
So when Jenny request access profile Z, all three members receive an approval
item. How is the approval handled? - ANSWER-A) All 3 must repond and approve for
the access to be provisioned. Any "deny" response prevents provisioning
B) The first person to complete their approval item (ie. approve or deny) will speak
for the group and the 2 remaining approval items will be deleted
C) All 3 must respond and the decision is made on a majority-rules basis (IE
provisioned if 2 or more approve).
IdentityNow password policies must match downstream system password policies
exactly - ANSWER-True or False
How are IdentityNow password policies applied? - ANSWER-A) All applicable
policies for a users are applied
B) The first applicable exception policy is used, if none apply, the primary policy is
used
C) The primary policy is always used but the first applicable exception policy is
added to it
D) All user passwords for a given source must meet the same requirements
Sources in a password sync group share password requirements and password
changes are applied to them as a set? - ANSWER-True or False
To reset their own forgotten IdentityNow password a user must first prove their
identity thought strong authentication? - ANSWER-True or False
Which of these are searchable objects in IdentityNow? (Choose all that apply) -
ANSWER-A) Identities
B) Sources
C) Entitlements
D) Account Activivty
E) LifeCycle States
F) All the Above
IdentityNow applies a term-only search to all searchable objects looking for the
specified string in all attributes at any level? - ANSWER-True or False
IdentityNow assumes an AND relationship between multiple terms unless OR or || is
explicitly specified. Example: Mainframe Accounting - ANSWER-True or False ???
, Which of the object model components is described by each of the following
statements? - ANSWER-A) Groups together on or more access points from a single
source.
B) Groups access by job role or business function, possibly across sources
C) Defines birthright access for users within each identity profile (Lifecycle state,
access profile, role, entitlement)
Users can be assigned to more than one role or lifecycle state, as needed to drive
the correct access provisioning - ANSWER-True or False
If you define roles, you must model and manage all user access with roles -
ANSWER-True or False
What are the two categories of actions which trigger provisioning? - ANSWER-???
Provisioning requests are always specific to one identity, and contain the key
information needed to fulfill provisioning operations. - ANSWER-True or False
What does an account create profile specify? - ANSWER-A) The mapping of account
attributes to identity attributes in identity creation
B) Whether or not the connector supports creating accounts on a source
C) the set of attributes and values to use in creating an account on a source
What page in IdentityNow allows administrators to view account activity data and
download provisioning audit reports? - ANSWER-???
Which of these is not an option for handling provisioning of passwords for new
accounts? - ANSWER-A) Using a static password for everyone
B) Emailing a generated password to the user
C) Setting an initial password based on identity data the users will know
D) Setting a random password and having the user reset it before logging in.
When defining role membership, which of these can you use as criteria for role
assignment? - ANSWER-A) Account Attributes
B) Identity Attributes
C) IdentityNow user level
D) User Entitlements
Access will be removed from an identity if the access was previously granted by a
role, and that identity no longer meets the role's membership matching criteria? -
ANSWER-True or False
The purpose of attribute synchronization is a push changes to identity attributes
values to source attributes which need to share the same data values? - ANSWER-
True or False
