SailPoint IdentityNow-Engineer SailPoint Certified IdentityNow Engineer Exam Practice Test

Answer : A

Yes, an access profile can be acknowledged during certifications. During access certification campaigns, reviewers can review access profiles as part of the items that need to be certified. They can either approve or revoke access to the access profiles, just like they would with individual entitlements. This ensures that users' access to these bundled entitlements is regularly reviewed and compliant with organizational policies.

SailPoint IdentityNow Certification Campaigns Guide.

SailPoint IdentityNow Access Profile Certification Documentation.

Answer : A

Yes, an access profile allows the definition of an approval process. When an access profile is created, administrators can configure specific approval workflows that must be followed before the access is granted. This includes designating approvers or specifying multiple levels of approval, depending on the organization's policies. This capability is useful for ensuring that sensitive access requests are properly reviewed and approved.

SailPoint IdentityNow Access Request and Approval Workflow Guide.

SailPoint IdentityNow Access Profile Configuration Documentation.

Answer : B

No, an access profile does not directly reference roles to provide access. Instead, access profiles are collections of entitlements or permissions that are bundled together to simplify access provisioning. Access profiles can be associated with roles, but they do not reference roles directly. Roles in IdentityNow define broader sets of permissions, which may include access profiles, but access profiles themselves are not tied directly to roles.

SailPoint IdentityNow Access Profiles Documentation.

SailPoint IdentityNow Roles and Access Profiles Configuration Guide.

Answer : A

Yes, this example accurately describes an IdentityNow data flow for password changes in an Active Directory environment. When a user changes their password in IdentityNow, the request is sent to the virtual appliance, which then communicates with the IQService host. The IQService is responsible for making changes to Active Directory. This flow reflects the standard procedure for password management using IdentityNow with Active Directory, where the virtual appliance and IQService coordinate to complete the password change.

SailPoint IdentityNow Password Management Documentation.

SailPoint IdentityNow IQService and Virtual Appliance Data Flow Guide.

Answer : A

Yes, this statement is correct. When setting up a Virtual Appliance (VA) cluster, SailPoint does indeed create an asymmetric key pair based on a user-provided passphrase. This key pair is used for secure communication between the Virtual Appliance and the IdentityNow tenant. The asymmetric encryption model uses a public-private key pair where the private key is stored securely within the VA, and the public key is shared with the IdentityNow tenant to establish a secure, encrypted communication channel. This setup ensures that data exchanged between the VA and the IdentityNow tenant remains protected.

SailPoint IdentityNow Virtual Appliance Security Guide.

SailPoint IdentityNow Asymmetric Encryption and Key Management Documentation.

Answer : A

Yes, loading entitlement descriptions is considered a best practice before generating the campaign preview for a manager certification campaign. Providing clear and concise entitlement descriptions ensures that managers reviewing access during the certification process have a full understanding of what each entitlement or role entails. This helps in making informed decisions regarding whether an individual's access should be approved or revoked.

Without proper descriptions, the campaign participants might have difficulty evaluating access, which can lead to inefficiencies or errors in the certification process.

SailPoint IdentityNow Certification Campaign Best Practices.

SailPoint IdentityNow Campaign Preparation Guidelines.

Answer : B

The provided use case incorrectly describes the provisioning process on a source that has provisioning disabled. If provisioning is disabled for a source, automated provisioning via the Virtual Appliance and connectors is not possible. The Virtual Appliance cannot retry or carry out the provisioning in this case, as the system explicitly prevents automated provisioning operations on sources marked as non-provisionable.

When a source has provisioning disabled, the system only supports manual provisioning, where a task is opened in IdentityNow for a person to manually execute the provisioning steps. The Virtual Appliance does not handle provisioning for disabled sources, so the described scenario where it retries the request and carries out provisioning is inaccurate.

SailPoint IdentityNow Provisioning Configuration Guide.

SailPoint IdentityNow Virtual Appliance and Connector Operations Documentation.