SailPoint IdentityNow Exam Questions
and Answers
True or False: As a cloud-based product, IdentityNow can only collect data from other
cloud-based applications. - Correct Answers -False
True or False: IdentityNow has multiple modules, each with a specific feature set, that
will be deployed to a tenant based on the customer's subscription. - Correct Answers -
True
True or False: During implementation, customers choose where their data will reside by
selecting the appropriate availability zone. - Correct Answers -True
Which of the following statement about multi-tenant architecture is true?
1. All tenants have the same governance features modules deployed
2. All tenants must enable all shared features
3. All tenants must have the same number of identities
4. Al tenants have access to a set of shared services - Correct Answers -4. Al tenants
have access to a set of shared services
True or False: Your Virtual appliance(s) communicate with the IdentityNow tenant via
the REST API. - Correct Answers -True
True or False: IdentityNow will attempt to create an identity for each person represented
within an authoritative source. - Correct Answers -True
What is the purpose of a source's account schema?
1. Describes how to connect to the source
2. Contains the aggregation schedule - how often IdentityNow will read data from that
source
3. Describes which data fields to read into IdentityNow - Correct Answers -3. Describes
which data fields to read into IdentityNow
True or False: You an only have one authoritative source within IdentityNow. - Correct
Answers -False
To Create identities with IdentityNow, you must define a(n) ________ and a
corresponding _________.
1. Authoritative source; Application
,2. Application; Template
3. Authoritative Source ; Identity Profile
4.Account; Identity Profile - Correct Answers -3. Authoritative Source ; Identity Profile
True or False: Roles can contain multiple access profiles, but only if all access profiles
contain entitlements from the same source. - Correct Answers -False
An access profile contains one or more entitlements from ______ source(s).
1. One
2. Multiple - Correct Answers -1. One
True or False: All entitlements in IdentityNow must be contained within a role. - Correct
Answers -False
True or False: It is a best practice to run a certification campaign and confirm identities
have the correct access before starting to define roles. - Correct Answers -True
True or False: An identity can only be in one Lifecycle State at a specific moment in
time. - Correct Answers -True
True or False: All access requests must be approved by (at least) one identity before
IdentityNow will provision the new access. - Correct Answers -False
True or False: IdentityNow Admins can specify that certain access requires 3 levels of
approval before that access is provisioned, while other access does not require any
approval before it is provisioned. - Correct Answers -True
True or False: All entitlements that are aggregated into IdentityNow are automatically
visible and requestable in the IdentityNow Request center. - Correct Answers -False
Certifiers make decisions on items in their access reviews during the _________ phase.
1. Generation
2. Preview
3. Active - Correct Answers -3. Active
True or False: Only users with the Admin authorization level can reassign access
reviews to new certifiers. - Correct Answers -False
True or False: Certifiers must make decisions on all items within an access review in
one sitting. - Correct Answers –False
True or False: during the daily scheduled attribute sync processing, all identities are
eligible or this update - Correct Answers -True
True or False: All entitlements that are aggregated into IdN are automatically visible and
requestable in the IdN request center - Correct Answers -False
, Which of these access requests components directly supports requests for access?
Choose all that apply
a. Applications
b. Approval processes
c. Sources
d. Access profiles
e. Roles
f. Identity profiles - Correct Answers -a. Applications
d. Access profiles
e. Roles
True or False: all access requests must be approved by (at least) one identity before
IdN will provision the new access - Correct Answers -False
Selecting __________ for an entitlement under review item will cause IdentityNow to
submit a deprovisioning request to remove that access once the review has been
signed off.
1. Acknowledge
2. Approve
3. Revoke - Correct Answers -3. Revoke
Certifiers will see a "Sig Off" button appear on their access review once they
_____________.
1. Save their first decision
2. Save all decisions for one identity within their access review
3. Save all decisions for all identities within their access review - Correct Answers -3.
Save all decisions for all identities within their access review
Which action(s) will result in a provisioning request to remove entitlement A from Joe's
account?
1. During a manager certification, Joe's manager revokes entitlement A
2. Joe's lifecycle State changes to inactive, which is configured to deprovision all access
and disable all accounts
3. Joe had entitlement A because it was part of Role B. Role B applies only to identities
in the Service department. Joe recently transferred to the Engineering department.
4. All of the above - Correct Answers -4. All of the above
True or False: Access an be removed from an identity if the access was previously
granted by a role, and that identity no longer meets the role's membership matching
criteria. - Correct Answers -True
True or False: IdentityNow will remove entitlements from a provisioning plan if the
identity already has those entitlements. - Correct Answers -True
and Answers
True or False: As a cloud-based product, IdentityNow can only collect data from other
cloud-based applications. - Correct Answers -False
True or False: IdentityNow has multiple modules, each with a specific feature set, that
will be deployed to a tenant based on the customer's subscription. - Correct Answers -
True
True or False: During implementation, customers choose where their data will reside by
selecting the appropriate availability zone. - Correct Answers -True
Which of the following statement about multi-tenant architecture is true?
1. All tenants have the same governance features modules deployed
2. All tenants must enable all shared features
3. All tenants must have the same number of identities
4. Al tenants have access to a set of shared services - Correct Answers -4. Al tenants
have access to a set of shared services
True or False: Your Virtual appliance(s) communicate with the IdentityNow tenant via
the REST API. - Correct Answers -True
True or False: IdentityNow will attempt to create an identity for each person represented
within an authoritative source. - Correct Answers -True
What is the purpose of a source's account schema?
1. Describes how to connect to the source
2. Contains the aggregation schedule - how often IdentityNow will read data from that
source
3. Describes which data fields to read into IdentityNow - Correct Answers -3. Describes
which data fields to read into IdentityNow
True or False: You an only have one authoritative source within IdentityNow. - Correct
Answers -False
To Create identities with IdentityNow, you must define a(n) ________ and a
corresponding _________.
1. Authoritative source; Application
,2. Application; Template
3. Authoritative Source ; Identity Profile
4.Account; Identity Profile - Correct Answers -3. Authoritative Source ; Identity Profile
True or False: Roles can contain multiple access profiles, but only if all access profiles
contain entitlements from the same source. - Correct Answers -False
An access profile contains one or more entitlements from ______ source(s).
1. One
2. Multiple - Correct Answers -1. One
True or False: All entitlements in IdentityNow must be contained within a role. - Correct
Answers -False
True or False: It is a best practice to run a certification campaign and confirm identities
have the correct access before starting to define roles. - Correct Answers -True
True or False: An identity can only be in one Lifecycle State at a specific moment in
time. - Correct Answers -True
True or False: All access requests must be approved by (at least) one identity before
IdentityNow will provision the new access. - Correct Answers -False
True or False: IdentityNow Admins can specify that certain access requires 3 levels of
approval before that access is provisioned, while other access does not require any
approval before it is provisioned. - Correct Answers -True
True or False: All entitlements that are aggregated into IdentityNow are automatically
visible and requestable in the IdentityNow Request center. - Correct Answers -False
Certifiers make decisions on items in their access reviews during the _________ phase.
1. Generation
2. Preview
3. Active - Correct Answers -3. Active
True or False: Only users with the Admin authorization level can reassign access
reviews to new certifiers. - Correct Answers -False
True or False: Certifiers must make decisions on all items within an access review in
one sitting. - Correct Answers –False
True or False: during the daily scheduled attribute sync processing, all identities are
eligible or this update - Correct Answers -True
True or False: All entitlements that are aggregated into IdN are automatically visible and
requestable in the IdN request center - Correct Answers -False
, Which of these access requests components directly supports requests for access?
Choose all that apply
a. Applications
b. Approval processes
c. Sources
d. Access profiles
e. Roles
f. Identity profiles - Correct Answers -a. Applications
d. Access profiles
e. Roles
True or False: all access requests must be approved by (at least) one identity before
IdN will provision the new access - Correct Answers -False
Selecting __________ for an entitlement under review item will cause IdentityNow to
submit a deprovisioning request to remove that access once the review has been
signed off.
1. Acknowledge
2. Approve
3. Revoke - Correct Answers -3. Revoke
Certifiers will see a "Sig Off" button appear on their access review once they
_____________.
1. Save their first decision
2. Save all decisions for one identity within their access review
3. Save all decisions for all identities within their access review - Correct Answers -3.
Save all decisions for all identities within their access review
Which action(s) will result in a provisioning request to remove entitlement A from Joe's
account?
1. During a manager certification, Joe's manager revokes entitlement A
2. Joe's lifecycle State changes to inactive, which is configured to deprovision all access
and disable all accounts
3. Joe had entitlement A because it was part of Role B. Role B applies only to identities
in the Service department. Joe recently transferred to the Engineering department.
4. All of the above - Correct Answers -4. All of the above
True or False: Access an be removed from an identity if the access was previously
granted by a role, and that identity no longer meets the role's membership matching
criteria. - Correct Answers -True
True or False: IdentityNow will remove entitlements from a provisioning plan if the
identity already has those entitlements. - Correct Answers -True
