Jane was managing an AD Group; however, she had to decommission this group and revoke access for all the users.
Which of the following options should be used to perform the above task?
Answer : D
To decommission an AD Group and revoke access for all users, Jane should use D. Entitlement Owner Certification. Here is why:
AD Group as an Entitlement: In Saviynt, an AD Group is typically represented as an Entitlement.
Entitlement Owner Certification: This type of campaign allows the designated owner of an entitlement (in this case, Jane, as the manager of the AD Group) to review and certify who should have access to that entitlement.
Revoking Access: As the Entitlement Owner, Jane can use the certification campaign to:
Review the list of users: See all users who are currently members of the AD Group.
Revoke access for all users: Mark all users for removal from the group.
Decommissioning the Group: After revoking access for all users through the certification, Jane can then proceed with decommissioning the AD Group itself (either through Saviynt if it manages AD group lifecycle or directly in Active Directory).
Why Other Options Are Less Suitable:
A . Segregation of Duties: SoD is a principle, not a specific action for revoking access.
B . Entitlement Update Rule: While rules can automate some actions, a certification campaign provides a more controlled and auditable way to review and revoke access, especially for a sensitive action like decommissioning a group.
C . Mitigation Control: Mitigation controls are used to manage SoD conflicts, not for revoking access to entitlements.
In conclusion: An Entitlement Owner Certification campaign provides a structured and auditable way for Jane to review the membership of the AD Group, revoke access for all users, and prepare for the group's decommissioning, aligning with best practices for access management.
Which of the following options can a Campaign Owner use to view the Entitlements Query that was used in a previously launched Campaign?
Answer : C
To view the Entitlements Query used in a previously launched Campaign in Saviynt, a Campaign Owner can use the C. Campaign Summary. Here's why:
Saviynt's Campaign Summary: The Campaign Summary provides a detailed overview of a campaign's configuration, including:
Campaign Scope: The users, applications, or entitlements included in the campaign.
Filters and Queries: Any filters or queries used to define the campaign scope, including the Entitlements Query.
Certifier Information: Details about the assigned certifiers.
Schedule: The campaign's start and end dates.
Status: The current status of the campaign (e.g., Active, Completed, Expired).
Accessing the Entitlements Query: The Campaign Summary typically includes a section that displays the exact query used to select the entitlements included in the campaign.
Why Other Options Are Less Suitable:
A . Reconfigure option: While you might be able to see the query by going into the reconfiguration, it's not the most direct way. The Campaign Summary is designed to provide this information readily.
B . Campaign Export: Exporting the campaign data might include the list of entitlements but not necessarily the original query used to select them.
D . Export option at the top right corner of the page, next to the Refresh Progress option: This option typically exports the current view of the campaign data, not the underlying configuration details like the Entitlements Query.
In conclusion: The Campaign Summary in Saviynt is the most direct and convenient place for a Campaign Owner to review the detailed configuration of a campaign, including the Entitlements Query used to define the campaign's scope.
The process of Attestation or Certification can be best described as:
Answer : B
The process of Attestation or Certification in the context of Saviynt can be best described as B . Access Reviews. Here's why:
Attestation/Certification: These terms are often used interchangeably in the context of identity governance. They refer to the process of formally reviewing and approving or revoking user access rights.
Access Reviews: This is the broader term that encompasses the entire process of periodically reviewing user access to ensure it is appropriate and aligned with business needs and security policies. Attestation and Certification are specific actions performed within an access review.
Saviynt's Campaigns: Saviynt's campaigns are designed to facilitate and manage access reviews.
Why Other Options Are Less Suitable:
A . Segregation of Duties: SoD is a principle that aims to prevent fraud and errors by dividing critical tasks among different individuals. While access reviews can help enforce SoD, they are not the same thing.
C . Access Request: This is the process of requesting access to resources, which is a separate process from reviewing existing access.
D . Application Onboarding: This is the process of integrating an application into Saviynt, which is a prerequisite for access reviews but not the review process itself.
In conclusion: Attestation or Certification, as performed within Saviynt campaigns, are integral parts of the broader process of Access Reviews, which aim to ensure that user access is appropriate, authorized, and aligned with security policies.
An Application Owner Campaign can have multiple primary Certifiers and a single secondary Certifier.
Answer : B
The statement 'An Application Owner Campaign can have multiple primary Certifiers and a single secondary Certifier' is generally False in Saviynt. Here's why:
Saviynt's Application Owner Campaign: This campaign type is designed for Application Owners to review and certify access to their applications.
Primary Certifier: There is usually a single designated Application Owner for each application. This is because application ownership is typically a single point of accountability. While it is technically possible to assign multiple owners, it is not considered a best practice.
Secondary Certifiers (Backup/Delegates): Application Owner Campaigns can have multiple secondary certifiers. These are often used as:
Backup: To ensure the campaign can proceed if the primary certifier is unavailable.
Delegates: To allow the primary certifier to delegate some of the certification tasks.
Consultants: Other stakeholders, such as security or compliance teams, who can be consulted during the decision-making process.
Why the Statement Is Generally False: The core principle of application ownership implies a single point of accountability. While multiple secondary certifiers can assist, having multiple primary certifiers can lead to confusion and conflicting decisions.
Possible Exceptions (Less Common):
Highly Customized Configurations: In some very specific scenarios, organizations might customize Saviynt to allow multiple primary certifiers for an application, but this is not a standard or recommended practice.
As an Admin, you are required to set up an Entitlement Owner Campaign for Entitlements belonging to an Oracle ERP Endpoint by the Internal Audit team. The Campaign should be launched at the beginning of every month, and only Accounts and Entitlements that meet the prerequisites should be included in the Campaign.
Which of the following 2-key configurations would you recommend for achieving this?
Answer : A
To set up an Entitlement Owner Campaign for Entitlements belonging to an Oracle ERP Endpoint that launches at the beginning of every month, and includes only Accounts and Entitlements that meet the prerequisites, the 2-key configurations you should recommend are A . Use Campaign Template and the Schedule Later option. Here's a breakdown:
Campaign Template:
Purpose: Templates allow you to save a set of campaign configurations as a reusable template. This is ideal for recurring campaigns with consistent settings.
Benefits: Using a template saves time and ensures consistency across multiple campaign instances. You can define the scope (Oracle ERP Endpoint), Certifier type (Entitlement Owners), and other settings within the template.
Prerequisites: You can include logic within the template to filter for Accounts and Entitlements that meet the defined prerequisites.
Schedule Later option:
Purpose: This option allows you to schedule the campaign to launch at a specific date and time in the future.
Recurring Scheduling: You can configure the campaign to run on a recurring schedule, such as the beginning of every month.
Automation: This automates the campaign launch process, eliminating the need for manual intervention each month.
Why Other Options Are Less Suitable:
B . Use Advanced Configurations and Preview mode and create the Campaign at the beginning of each month: This approach is manual and prone to errors. It doesn't leverage the automation benefits of templates and scheduling.
C . Use Advanced Configurations and set the Campaign expiry to 31 days: While setting an expiry is important, it doesn't address the need for recurring monthly launches or using a template for consistent configuration.
D . Cannot be achieved: This is incorrect; the scenario can be easily achieved using Campaign Templates and the Schedule Later option.
Access privileges for any specific Analytical Control can be assigned using SAV Roles. Which of the following tasks can be performed, by default, by users belonging to an SAV Role?
Answer : B
When access privileges for a specific Analytical Control are assigned using SAV Roles in Saviynt, users belonging to that role can, by default, perform the following tasks: B. View Control, Run Control, and View Analytic History of the Control. Here's a breakdown:
Saviynt's Role-Based Access Control (RBAC): Saviynt uses RBAC to manage access to various features and functionalities, including Analytical Controls.
Analytical Controls: These are pre-defined or custom-built analytics reports or dashboards.
Default Permissions: When a user is granted access to an Analytical Control via an SAV Role, they typically receive a set of default permissions:
View Control: Allows the user to view the configuration and definition of the Analytical Control (e.g., the query, parameters, visualization).
Run Control: Allows the user to execute the Analytical Control and generate results.
View Analytic History: Allows the user to see the history of previous executions of the Analytical Control, including the results and timestamps.
Why These Permissions Are Important:
Transparency: Users can understand how the analytics are defined and generated.
Usability: Users can run the analytics and obtain insights.
Auditing: Users can review past results for trend analysis or investigation.
Other Options:
A . Only view the configurations of the Control: This is too restrictive; users need to be able to run the control to get value from it.
C . Only view the Analytic History of the Control: This is also too limited; users should be able to run the control and view its configuration as well.
D . View Control and Run Control: While closer, it's missing the 'View Analytic History' permission, which is important for auditing and analysis.
MISCELLANEOUS
Which of the following formats is suitable for downloading an Analytics report? (Select all that apply)
Answer : A
The formats suitable for downloading an Analytics report in Saviynt typically include A. CSV file and Excel Sheet. Here's an explanation:
Saviynt's Reporting Capabilities: Saviynt provides options for exporting and downloading analytics reports in various formats to facilitate data sharing and further analysis.
Common Export Formats:
CSV (Comma Separated Values): A widely used format for storing tabular data in plain text. It's easily imported into various data analysis tools and spreadsheet programs.
Excel Sheet (e.g., .xlsx): A popular spreadsheet format that allows for data organization, formatting, and calculations.
Why These Formats Are Suitable:
Data Analysis: Both CSV and Excel formats are well-suited for further data analysis and manipulation.
Reporting: They are commonly used for creating reports and sharing data with stakeholders.
Compatibility: Most data analysis and reporting tools support these formats.
Other Less Common Options: While less frequent, Saviynt might offer other export formats like PDF, depending on the specific version and configuration.
B . Text file: Although technically a text file, a raw .txt export might not be as useful for structured data like analytics reports. CSV would be preferred.
In conclusion: CSV and Excel are the most common and practical formats for downloading analytics reports from Saviynt, offering flexibility for data analysis, reporting, and sharing.