Foundational Concepts

Question 1

What is the purpose of identity security

Answer 1

to securely manage and govern accounts, roles, and entitlements across all applications, systems, data, and cloud services, ensuring consistent and visible security practices throughout the entire organization.

Question 2

Define Identity Cube

Answer 2

multi-dimensional data models of identity information that offer a single, logical representation of each managed user.

Question 3

Define entitlements

Answer 3

the access rights an account has on a source

Question 4

Define Roles

Answer 4

allow you to group related sets of access, from a single source or across multiple sources, to simplify access management for your users.

Question 5

Define Governance Groups

Answer 5

is a group of users that can make governance decisions about access. If your organization has the Access Request or Certifications service, you can configure governance groups to review access requests or certifications.

Question 6

Define Access Requests

Answer 6

Requests made by users, or on behalf of a user, to gain access to specific resources or systems. These requests may be for access to data, applications, networks, or other digital resources.

Question 7

Define Certification Campaigns

Answer 7

a mechanism for reviewing and verifying user access to entitlements (sets of permissions) and approving or removing that access, helping organizations reduce risk of inappropriate access and satisfy audit requirement

Question 8

Define Identity

Answer 8

Represents a person or entity within the organization

Question 9

Identity Mappings

Answer 9

Configure the identities managed by SailPoint, specifying applications and attributes from which identity data is derive

Question 10

Correlation

Answer 10

Match and assign source accounts to identities

Question 11

Attribute Synchronization

Answer 11

Synchronize changes to identity attributes from authoritative sources to target systems

Question 12

Data Segmentation

Answer 12

Define which users have access to specific data segments

Question 13

Accounts:
Provisioning

Answer 13

Create, update, and delete accounts in target systems

Question 14

What does the term ‘Accounts’ represent?

Answer 14

Represents a user’s access to a specific application or resource.

Question 15

What is the purpose of correlation in account management?

Answer 15

Match and assign source accounts to identities.

Question 16

What does provisioning involve?

Answer 16

Create, update, and delete accounts in target systems.

Question 17

What is the function of attribute synchronization?

Answer 17

Synchronize changes to account attributes.

Question 18

What does the search functionality do in account management?

Answer 18

Search for accounts within identities or by specific criteria.

Question 19

What are account schemas used for?

Answer 19

Manage the attributes stored for each account source.

Question 20

What is an Access Profile?

Answer 20

A collection of access rights or entitlements granted to an identity.

Question 21

What is the primary purpose of Access Management?

Answer 21

Control and manage user access to resources.

Question 22

How can Access Profiles be utilized in searching?

Answer 22

Search for access profiles within identities or by specific criteria.

Question 23

What does Data Segmentation allow in relation to Access Profiles?

Answer 23

Define which users can view specific access profiles.

Question 24

What is the function of Nested Queries in Access Profiles?

Answer 24

Use nested queries to search for data within access profiles.

Question 25

What are tags used for?

Answer 25

To apply tags to searchable items for organization and filtering. ## Footnote Tags help categorize and locate items efficiently.

Question 26

What are data segments?

Answer 26

Data segments are created for administrative access that can be delegated to others. ## Footnote This allows for controlled access management.

Question 27

What is the purpose of rules?

Answer 27

Snippets of user code written to inject business logic. Rules are used for various purposes, including aggregation, correlation, and provisioning. Stored as reusable objects in the database ## Footnote Rules automate and streamline processes.

Question 28

What are ManagedAttributes?

Answer 28

ManagedAttributes are used to deal with ManagedAttribute objects. ## Footnote They help in handling specific attributes within the system.

Question 29

What do filters do?

Answer 29

Filters are used to constrain the identities refreshed. ## Footnote They limit the scope of identity data processing.

Question 30

What are provisioning policies (application configuration)?

Answer 30

Provisioning policies in an application configuration define the set of attributes which are needed to complete a provisioning request, whether that request is to create an account, modify an account, add a role to an identity, etc. In some cases, values for the attributes can be auto-calculated based on the field's definition in the provisioning policy; ## Footnote Provisioning policies are implemented as forms

Question 31

What is target mapping?

Answer 31

Target mapping is used to synchronize attributes from SailPoint to target applications. ## Footnote This ensures data consistency across platforms.

Question 32

What are transformation rules?

Answer 32

Transformation rules are used to transform values during synchronization. ## Footnote They facilitate the conversion of data formats as needed.

Question 33

What is IdentityIQ?

Answer 33

The core platform that provides the foundation for SailPoint's products and services. ## Footnote It includes tools and capabilities for managing identities, access, and compliance.

Question 34

What does Identity Governance allow organizations to do?

Answer 34

Manage user identities and access across hybrid environments. ## Footnote Ensures the right individuals have access to the appropriate resources.

Question 35

What is the purpose of Certification in SailPoint?

Answer 35

Facilitates the generation of certificates for compliance management

Question 36

What does the IdentityIQ Compliance Manager help businesses with?

Answer 36

Improving audit and compliance performance while ensuring cost reduction.

Question 37

What are Connectors and Integration Modules?

Answer 37

Modules that enable IdentityIQ to integrate with various applications and data sources. ## Footnote This includes both on-premises and cloud environments.

Question 38

What is the function of User Provisioning?

Answer 38

Automates user provisioning to make change management across the user lifecycle more efficient.

Question 39

What capabilities does Password Management offer?

Answer 39

Robust password management capabilities to strengthen authentication processes. ## Footnote Includes password policy enforcement and self-service password reset.

Question 40

What tools does Access Control provide?

Answer 40

Tools for managing and controlling user access to applications and resources.

Question 41

What is the role of Identity Analytics?

Answer 41

Helps organizations understand their identity and access data, identify risks, and make informed decisions about access privileges.

Question 42

What does Lifecycle Manager provide?

Answer 42

A comprehensive approach to managing the user lifecycle, from onboarding to offboarding. ## Footnote Ensures security and compliance.

Question 43

What is the Identity Security Platform?

Answer 43

A platform that combines identity governance, access management, and identity security capabilities.

Question 44

What is IdentityNow?

Answer 44

A cloud-based IAM tool that works seamlessly with IdentityIQ.

Question 45

What are the four major components of SAILPOINT IDENTITY IQ?

Answer 45

Compliance Manager, Lifecycle Manager, Governance Platform, Password Manament? ## Footnote The fourth component is not mentioned in the provided text.

Question 46

What is the primary function of the Lifecycle Manager?

Answer 46

Automated Change Management ## Footnote It provides automated change management based on configurable identity lifecycle event triggers.

Question 47

What are Lifecycle Events?

Answer 47

Activities that occur during a person's employment, such as joining, changing departments, or leaving. ## Footnote Lifecycle Events can be configured to represent various employment activities.

Question 48

Who can make provisioning requests in the Lifecycle Manager?

Answer 48

users for themselves, managers for their direct reports, and help desk users for themselves and others, depending on the Lifecycle Manager configuration and user roles. ## Footnote Users can request for themselves or for other identities.

Question 49

What does the Lifecycle Manager integrate with?

Answer 49

Business processes ## Footnote It ensures that access changes are handled correctly and efficiently.

Question 50

Fill in the blank: The Lifecycle Manager provides _______ based on configurable identity lifecycle event triggers.

Answer 50

[Automated Change Management]

Question 51

True or False: Lifecycle Events can only represent activities related to leaving a job.

Answer 51

False ## Footnote Lifecycle Events can represent various activities including joining and changing departments.

Question 52

List some activities represented by Lifecycle Events.

Answer 52

* Joining * Mover * Leaving ## Footnote These activities occur during a person's employment.

Question 53

Fill in the blank: The Lifecycle Manager integrates with _______ to ensure access changes are handled correctly.

Answer 53

[Business processes] (workflow)

Question 54

______________________ automates access certifications, policy management, and audit reporting through a unified governance framework. This enables you to streamline compliance processes and improve the effectiveness of identity governance, all while lowering costs.

Answer 54

Compliance Manager

Question 55

_______________________ manages changes to access through user-friendly self-service request and password management interfaces and automated lifecycle events. It provides a flexible, scalable provisioning solution for addressing the constantly evolving access needs of your business in a way that's both efficient and compliant.

Answer 55

Lifecycle Manager

Question 56

Four commons uses of BeanShell Rules

Answer 56

**PC CD** * Provide application provisioning logic * Control certification behavior * Customize data during aggregation * Define unique business policies

Question 57

Define Tasks

Answer 57

are batch jobs that act on objects * Scheduled or manually run * No user interaction

Question 58

Define Business processes

Answer 58

are a set of executable steps that act on objects * Respond to actions in the system * Often interact with a user Triggered by system events or a user request

Question 59

Key Features: Access Certifications

Answer 59

Ensures that users have appropriate access by conducting periodic reviews.

Question 60

Key Features: Access Request Management

Answer 60

Allows users to request access to applications and systems, with a built-in approval workflow.

Question 61

Key Features: Provisioning

Answer 61

Automates the process of granting or removing access to systems and applications.

Question 62

Key Features: Policy Management

Answer 62

Enforces policies related to user access and segregation of duties (SoD)

Question 63

Key Features: Governance Dashboard

Answer 63

Provides reporting and analytics for monitoring access risks and compliance.

Question 64

Key Features: Analytics and Reporting

Answer 64

Offers insights into identity usage, security trends, and compliance metrics.

Question 65

Ensures that users have appropriate access by conducting periodic reviews.

Answer 65

Key Features: Access Certifications

Question 66

Allows users to request access to applications and systems, with a built-in approval workflow.

Answer 66

Key Features: Access Request Management

Question 67

Automates the process of granting or removing access to systems and applications.

Answer 67

Key Features: Provisioning

Question 68

Enforces policies related to user access and segregation of duties (SoD)

Answer 68

Key Features: Policy Management

Question 69

Provides reporting and analytics for monitoring access risks and compliance.

Answer 69

Key Features: Governance Dashboard

Question 70

Offers insights into identity usage, security trends, and compliance metrics.

Answer 70

Key Features: Analytics and Reporting

Question 71

What are batch jobs that act on objects * Scheduled or manually run * No user interaction

Answer 71

Tasks

Question 72

are a set of executable steps that act on objects * Respond to actions in the system * Often interact with a user Triggered by system events or a user request

Answer 72

Define Business processes

Question 73

SailPoint IIQ: Supports a wide range of connectors, including: (4)

Answer 73

LDAP/Active Directory for user authentication and directory services. Databases like Oracle, SQL Server for account and entitlement management. SaaS Applications like Salesforce, Workday, Office 365 for cloud identity management. Mainframes such as RACF, AS/400 for legacy systems.

Question 74

What is the purpose of Role Models?

Answer 74

Defining roles based on job functions and automating access provisioning. ## Footnote Role Models help streamline the process of granting access to systems and data based on predefined job roles.

Question 75

What does Role Mining entail?

Answer 75

Discovering existing access patterns to create efficient role structures. ## Footnote Role Mining analyzes current access permissions to optimize role definitions.

Question 76

What are Role Assignments?

Answer 76

Automatically assigning roles to users based on attributes like department, job title, and location. ## Footnote Role Assignments help in maintaining consistency in user access management.

Question 77

What is the purpose of Role Certifications?

Answer 77

Periodic reviews of role assignments to ensure that users retain only the necessary access. ## Footnote Role Certifications help in maintaining security and compliance by regularly verifying access rights.