Saviynt SAVIGA-C01 Saviynt Certified IGA Professional Exam (L100) Exam Practice Test

Answer : A

To set up an Entitlement Owner Campaign for Entitlements belonging to an Oracle ERP Endpoint that launches at the beginning of every month, and includes only Accounts and Entitlements that meet the prerequisites, the 2-key configurations you should recommend are A . Use Campaign Template and the Schedule Later option. Here's a breakdown:

Campaign Template:

Purpose: Templates allow you to save a set of campaign configurations as a reusable template. This is ideal for recurring campaigns with consistent settings.

Benefits: Using a template saves time and ensures consistency across multiple campaign instances. You can define the scope (Oracle ERP Endpoint), Certifier type (Entitlement Owners), and other settings within the template.

Prerequisites: You can include logic within the template to filter for Accounts and Entitlements that meet the defined prerequisites.

Schedule Later option:

Purpose: This option allows you to schedule the campaign to launch at a specific date and time in the future.

Recurring Scheduling: You can configure the campaign to run on a recurring schedule, such as the beginning of every month.

Automation: This automates the campaign launch process, eliminating the need for manual intervention each month.

Why Other Options Are Less Suitable:

B . Use Advanced Configurations and Preview mode and create the Campaign at the beginning of each month: This approach is manual and prone to errors. It doesn't leverage the automation benefits of templates and scheduling.

C . Use Advanced Configurations and set the Campaign expiry to 31 days: While setting an expiry is important, it doesn't address the need for recurring monthly launches or using a template for consistent configuration.

D . Cannot be achieved: This is incorrect; the scenario can be easily achieved using Campaign Templates and the Schedule Later option.

Answer : A

If the data displayed in the Campaign Preview mode does not meet the requirement in Saviynt, the appropriate action is A. Re-configure Campaign. Here's why:

Saviynt's Campaign Preview Mode: This mode allows administrators to review the data that will be included in a campaign before activating it. It's a crucial step for ensuring that the campaign scope, data, and configuration are correct.

Purpose of Preview Mode: The primary purpose of the preview is to identify any issues or discrepancies in the campaign setup before it goes live.

Re-configure Campaign: If the preview reveals problems (e.g., incorrect users or entitlements are included, the wrong Certifiers are assigned, filters are not working as expected), the administrator needs to go back and re-configure the campaign settings. This might involve:

Adjusting the campaign scope.

Modifying filters or selection criteria.

Changing Certifier assignments.

Updating the campaign schedule or notifications.

Why Other Options Are Incorrect:

B . Check Summary: The summary provides a high-level overview of the campaign, but it doesn't allow for detailed data review like the preview mode.

C . Export Campaign: Exporting the campaign data won't fix the underlying configuration issues.

D . Activate Campaign: Activating a campaign with incorrect data would lead to inaccurate certification decisions and potential security risks.

Answer : A

The option that cannot be regarded as a Smart Filter in Saviynt's User Manager and Service Account Campaigns is A. User's Assigned Role counts. Here's why:

Saviynt's Smart Filters: Smart Filters are pre-defined filters in Saviynt that help Certifiers quickly focus on specific access patterns or risk indicators during a certification campaign. They are designed to highlight potentially problematic or high-risk access.

Examples of Smart Filters:

B . Access with SoD Violations: This is a Smart Filter because it highlights access that violates Segregation of Duties policies, a significant risk indicator.

C . Out-of-Band Access for Entitlements: This is a Smart Filter as it identifies access that was granted outside of the normal Saviynt processes, potentially indicating a security risk.

D . Risk Level for Accounts: This is a Smart Filter because it allows Certifiers to focus on accounts with high-risk levels, which might require more scrutiny.

Why 'User's Assigned Role counts' Is Not a Smart Filter:

Not a Risk Indicator: Simply knowing the number of roles assigned to a user doesn't inherently indicate a risk or a specific access pattern that requires attention. A user might have many roles legitimately, or they might have few roles but with high-risk access.

Not Actionable: This information alone doesn't provide enough context for a Certifier to make an informed decision about whether to approve or revoke access.

Alternative: While not a 'Smart Filter', the number of roles assigned could be a data point displayed within the campaign, but it wouldn't be considered a pre-defined filter for highlighting risks.

Answer : C

The configuration that can be used to allow Certifiers to certify their own access in a Saviynt Campaign is C. Allow Self Certification. Here's why:

Saviynt's Campaign Configuration: Saviynt provides various configuration options to control the behavior of certification campaigns, including how self-certification is handled.

'Allow Self Certification': This specific setting, when enabled, permits Certifiers to review and certify their own access within the campaign.

Security Considerations: While enabling self-certification can streamline the process, it also introduces a potential security risk. Organizations should carefully consider their risk tolerance and compliance requirements before enabling this option.

Alternative Approaches: To mitigate the risks of self-certification, organizations might consider:

Requiring additional approvals: Adding a second level of approval for self-certified items.

Close monitoring: Implementing stricter monitoring and auditing of self-certified access.

Disabling self-certification: In high-security environments, self-certification might be prohibited altogether.

Why Other Options Are Less Suitable:

A . Certify all users by default: This setting is not directly related to self-certification.

B . Show consult for own access: This option usually allows a certifier to consult with another user before making a decision, but doesn't enable self certification.

D . Certification reassignment: This allows for reassigning certification tasks to other users, but doesn't directly address self-certification.

In conclusion: The 'Allow Self Certification' setting in a Saviynt campaign configuration directly controls whether Certifiers can certify their own access, providing flexibility but requiring careful consideration of the associated security implications.

Answer : B

The Job responsible for configuring a dashboard (among other configurations) in a Saviynt Campaign is B. Create or Schedule Attestation Job. Here's a detailed explanation:

Saviynt's Campaigns: Campaigns in Saviynt are used for access certification, allowing reviewers (Certifiers) to review and approve or revoke user access.

Create or Schedule Attestation Job: This job is the core mechanism for creating and configuring various aspects of a campaign, including:

Campaign Scope: Defining which users, entitlements, or resources are included in the campaign.

Certifier Selection: Specifying who will be the reviewers for the campaign.

Scheduling: Setting the start and end dates for the campaign.

Notifications: Configuring email notifications for Certifiers and other stakeholders.

Dashboard Configuration: Defining the information and layout displayed on the campaign dashboard for Certifiers. This includes selecting which data points, charts, and filters are visible.

Why Other Options Are Incorrect:

A . Campaign Export Job: This job is used to export campaign data, not to configure the campaign itself.

C . Campaign Import Job: This job is used to import data into a campaign, typically from an external source.

D . Upgrade Job: This job is related to upgrading the Saviynt platform, not to campaign configuration.

In summary: The 'Create or Schedule Attestation Job' is the central job for setting up and configuring all aspects of a Saviynt campaign, including the dashboard that provides Certifiers with a summarized view of the certification data.

Answer : A

The feature that best describes the Authorization mechanism for the EIC (Enterprise Identity Cloud) application in Saviynt is A. Security System. Here's an explanation:

Saviynt's Security System: This is the core component within Saviynt that handles authentication and authorization for various applications and resources, including EIC.

Authorization in EIC: The Security System determines what actions users are allowed to perform within EIC, such as:

Creating, updating, or deleting users.

Managing roles and entitlements.

Running reports.

Configuring connections.

Role-Based Access Control (RBAC): The Security System typically uses RBAC to manage these permissions. Users are assigned to roles, and roles are granted specific permissions within EIC.

Why Other Options Are Less Relevant:

B . SSO (Single Sign-On): SSO is an authentication mechanism that allows users to log in once and access multiple applications. While Saviynt supports SSO, it's not the primary authorization mechanism for EIC.

C . WSRETRY Job: This is a job related to retrying web service calls, not authorization.

Answer : B

The statement is False. In the provided USER_IMPORT_MAPPING, USERNAME is the user attribute defined in EIC (Enterprise Identity Cloud), and wd:User_Name is the attribute defined in Workday. Here's a breakdown:

Saviynt's USER_IMPORT_MAPPING: This configuration within a connection (in this case, Workday RAAS) defines how data from the connected system (Workday) should be mapped to attributes within Saviynt's EIC.

ImportMapping: This section specifies the mapping between source attributes (Workday) and target attributes (EIC).

USERNAME: In the provided mapping, USERNAME (without the wd: prefix) is the target attribute, meaning it's an attribute within Saviynt's EIC.

wd:User_Name: The wd: prefix typically indicates a Workday attribute. Therefore, wd:User_Name is the source attribute from Workday.

~#~string: This likely indicates the data type of the attribute (string in this case).

Correct Interpretation: The mapping is saying: 'Take the value of the wd:User_Name attribute from Workday and map it to the USERNAME attribute in EIC.'

In essence: The USER_IMPORT_MAPPING defines how data from Workday is translated into Saviynt's internal data model, and in this case, USERNAME belongs to Saviynt (EIC), while wd:User_Name belongs to Workday.