IdentityIQ-Engineer試験問題集を使って一日でIdentity Security Engineer試験合格目指す(最新の124解答)
IdentityIQ-Engineer試験正確な問題集、学習ノートと理論
質問 # 51
Can the rule library named Common Rules Library" be included in a Rule by adding this code?
Solution:
- A. Yes
- B. No
正解:A
解説:
Yes, the code provided in the second image is correct for including a rule library named "Common Rules Library" in a Rule. The correct syntax is to use class="sailpoint.object.RuleLibrary" and specify the name of the rule library. This allows the Rule to reference the functions and logic defined in the "Common Rules Library." Correct Syntax (from the second image):
<ReferenceRules>
<Reference class="sailpoint.object.RuleLibrary" name="Common Rules Library"/>
</ReferenceRules>
Reference:
SailPoint IdentityIQ Rule Library Documentation
SailPoint IdentityIQ Configuration Guide (Rule and Rule Library Management)
質問 # 52
How should an engineer schedule the tasks to most efficiently achieve the following goals?
Goals:
* Process the Employee Authoritative application at 5:00 AM and 12:00 PM.
* Process the Contractor Authoritative application at 5:10 AM and 12:10 PM.
* Process the Active Directory application at 5:20 AM and 12:20 PM.
* Process the Finance application at 8:00 PM.
* Check for expired work items at 12:00 AM.
* Perform identity request maintenance at 2:00 AM.
Schedule parameters:
* Each application aggregation takes anywhere between 30 minutes and 2 hours.
* The run schedule is for a 24-hour period, which begins at 12:00 AM.
Instructions:
* Drag the required tasks from the left into the answer area on the right, and place them in the correct order, starting at 12:00 AM.
* Ordinal numbers (such as 1st, 2nd, and 3rd) in the options indicate which run of the day it is for the task type.
* There will be unused task options.
正解:
解説:
質問 # 53
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Enter the name of the workflow to launch in the quicklink object.
- A. Yes
- B. No
正解:A
解説:
Yes, this is a valid step. When developing a custom quicklink in SailPoint IdentityIQ, it is important to specify the workflow that the quicklink should launch. This is done by entering the name of the workflow in the quicklink object configuration. This allows the quicklink to trigger the desired workflow when selected by a user, such as a manager, who has access to that quicklink.
Reference:
SailPoint IdentityIQ Quicklink Development Guide
SailPoint IdentityIQ Administration Guide (Custom Quicklinks and Workflow Integration)
質問 # 54
Is the following a true statement about IdentitylQ authentication and authorization?
Solution: A user's access to the Identity Warehouse is controlled by the QuickLink Populations that they are a member of.
- A. No
- B. Yes
正解:A
解説:
The statement that a user's access to the Identity Warehouse is controlled by the QuickLink Populations they are a member of is incorrect. QuickLink Populations in IdentityIQ are used primarily for grouping identities for specific operations, such as access reviews, certifications, or specific application provisioning, rather than directly controlling access to the Identity Warehouse.
Access to the Identity Warehouse is governed by role-based access controls (RBAC), scopes, and the user's entitlements within IdentityIQ. These determine what data and functionality a user can access, including the information in the Identity Warehouse.
Thus, the correct answer is B. No.
Reference:
This is supported by the SailPoint IdentityIQ Administration Guide, which clarifies the roles of QuickLink Populations and how access controls are implemented in IdentityIQ.
質問 # 55
Can a Workgroup be used for the following scenario?
Solution: Automatically creating multiple groups based on the values of a single identity attribute.
- A. No
- B. Yes
正解:A
解説:
A Workgroup in SailPoint IdentityIQ is a collection of users or identities grouped together for the purpose of task assignment, workflow approvals, or certifications. Workgroups are not typically used for automatically creating multiple groups based on the values of a single identity attribute. To achieve automatic grouping based on identity attributes, you would need to use dynamic roles or possibly rule-based population. These methods allow for creating roles or groups dynamically by evaluating identity attributes and assigning memberships accordingly.
Reference:
SailPoint IdentityIQ Administration Guide (Sections on Workgroups and Dynamic Roles) SailPoint IdentityIQ Configuration Guide (Role Management)
質問 # 56
An implementation engineer needs to perform an upgrade of IdentitylQ between releases. Is the following statement true?
Solution: Supported platforms of an older version of IdentitylQ will always be supported in newer versions of IdentitylQ.
- A. No
- B. Yes
正解:A
解説:
The statement that supported platforms of an older version of IdentityIQ will always be supported in newer versions of IdentityIQ is incorrect. As SailPoint releases new versions of IdentityIQ, the list of supported platforms (such as specific versions of Java, databases, application servers, etc.) may change. Newer versions of IdentityIQ might deprecate support for older platforms or require newer versions of software components. It is essential to consult the Release Notes or the Supported Platforms documentation for the specific IdentityIQ version to ensure compatibility.
Thus, the correct answer is B. No.
Reference:
This conclusion is based on SailPoint IdentityIQ Release Notes and Supported Platforms documentation, which specify platform compatibility for each version and often include notes on deprecated platforms.
質問 # 57
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Disable all notifications.
- A. Yes
- B. No
正解:A
解説:
Yes, disabling all notifications can be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows. In SailPoint IdentityIQ, most workflows, including those in LCM, use control variables to manage various settings, such as whether notifications should be sent. By setting the appropriate control variable (e.g., disabling email notifications) within the workflow configuration, you can effectively suppress all notifications related to that workflow.
Therefore, the correct answer is A. Yes.
質問 # 58
An implementation engineer needs to perform an upgrade of IdentitylQ between releases. Is the following statement true?
Solution: Every version release (excluding patch releases) between the current version of IdentitylQ and the target version of IdentitylQ must be installed in sequential order for an upgrade.
- A. No
- B. Yes
正解:A
解説:
When upgrading SailPoint IdentityIQ between releases, it is not necessary to install every version in sequential order between the current version and the target version. SailPoint provides upgrade paths that often allow skipping several major versions by directly upgrading to the desired target version from a supported previous version. However, it is crucial to follow the specific upgrade paths and procedures documented by SailPoint, which may involve intermediate steps or specific considerations depending on the versions involved.
Therefore, the correct answer is B. No.
Reference:
This answer is supported by SailPoint IdentityIQ Upgrade Guides, which detail the approved upgrade paths and instructions for moving between specific versions, indicating that sequential upgrades through every version are not always required.
質問 # 59
Is this a true statement about localization support in IdentitylQ?
Solution: The default language can be changed from English by replacing the appropriate message files.
- A. Yes
- B. No
正解:A
解説:
Yes, this statement is true. The default language of IdentityIQ can be changed from English by replacing the appropriate message files. Administrators can modify or replace the default English message files with those for another language, which will then become the system's default language. This allows IdentityIQ to be localized according to the organization's language preferences.
Reference:
SailPoint IdentityIQ Localization Guide
SailPoint IdentityIQ Administration Guide (Language Settings and Message File Management Sections)
質問 # 60
Can the Provisioning tab under "Administrator Console' be used to do the following task?
Solution: Map the associated WorkflowCase to a particular Provisioning Transaction.
- A. No
- B. Yes
正解:A
解説:
No, the Provisioning tab under the "Administrator Console" is not used to map the associated WorkflowCase to a particular Provisioning Transaction. The Provisioning tab is primarily for monitoring and managing provisioning operations, not for mapping workflow cases to transactions. Such mappings are typically handled within the workflow configuration itself, not through the Provisioning tab.
Reference:
SailPoint IdentityIQ Workflow Guide (Handling Workflow and Provisioning Transactions) SailPoint IdentityIQ Administration Guide (Provisioning Tab Limitations)
質問 # 61
For a user who wants to be able to enable an account for a subordinate or themselves through Manage Accounts, does this configuration need to be performed in Lifecycle Manager (LCM)?
Select the Rehire action under Manage Accounts Options in the LCM Configuration.
Solution: Select the Rehire action under Manage Accounts Options in the LCM Configuration.
- A. No
- B. Yes
正解:A
解説:
In SailPoint IdentityIQ, the specific configuration that allows a user to enable an account for themselves or a subordinate through the "Manage Accounts" option does not necessarily need to be configured in Lifecycle Manager (LCM) alone. While LCM does provide extensive capabilities for account management actions like provisioning, rehire, and more, enabling an account is primarily tied to the permissions and entitlements granted to the user through their role, capabilities, and access profiles.
To address the specific functionality described:
Manage Accounts is typically a part of IdentityIQ's broader account management capabilities, which are not exclusively tied to LCM. The ability to enable or disable accounts can be governed by rules and workflows within IdentityIQ, and these may or may not be linked directly to LCM configurations.
Rehire Action in LCM: The "Rehire" action within LCM Configuration is specific to processes related to reactivating an employee's identity when they are rehired. This does not directly relate to enabling an account from the "Manage Accounts" screen. Rehire workflows typically involve reinstating the user's previous access, which could include enabling accounts, but this is a broader process.
Permissions and Roles: The ability to enable accounts is often governed by the permissions assigned to a user's role within IdentityIQ. These permissions may be granted outside of LCM configurations and handled by IdentityIQ's access governance framework.
Workflow Configurations: Enabling or disabling an account could also be tied to specific workflows, which can be configured separately from LCM, using IdentityIQ's workflow engine. These workflows determine the steps and approvals required to perform such actions.
Reference:
SailPoint IdentityIQ Configuration Guide: Account Management
SailPoint IdentityIQ Lifecycle Manager Configuration Guide
SailPoint IdentityIQ Administration Guide (Sections on Roles and Permissions, Workflow Configurations)
質問 # 62
Is the following statement about workflow step types and their usage true?
Solution: When a wait step is encountered in a foreground workflow, the user will notice this, because the screen will freeze for the specified number of seconds.
- A. No
- B. Yes
正解:A
解説:
No, this statement is incorrect. When a wait step is encountered in a foreground workflow, it does not cause the user's screen to freeze for the specified number of seconds. Instead, the wait step simply pauses the workflow execution for the specified duration, but this is managed in the background. The user interface remains responsive, and the end-user typically won't notice any freezing or delays caused by the wait step itself.
Reference:
SailPoint IdentityIQ Workflow Guide (Section on Workflow Step Types)
SailPoint IdentityIQ Scripting and Workflow Best Practices
質問 # 63
Is this a valid step to take when importing SailPoint XML file objects into IdentitylQ?
Solution: Move the XML file into the IIQ_HOME/WEB-INF/database.
- A. No
- B. Yes
正解:A
解説:
The statement suggests moving the XML file into IIQ_HOME/WEB-INF/database as part of the process to import SailPoint XML file objects into IdentityIQ. However, this is not a valid step for importing XML objects.
The correct procedure to import SailPoint XML objects typically involves the following steps:
Use the iiq console command-line tool provided by SailPoint to import the XML file.
The command typically looks like: iiq console import <filename>.xml.
The XML file does not need to be moved to any specific directory like WEB-INF/database for the import process.
Moving the XML file into the WEB-INF/database directory does not align with the documented process and does not facilitate the import. The correct answer is B. No.
Reference:
This answer is based on the official SailPoint IdentityIQ documentation regarding object import procedures, which clearly states that imports should be performed using the IdentityIQ console or through the user interface (for smaller imports).
質問 # 64
Is the following statement about IdentitylQ rule inputs and outputs correct?
Solution: A BeanShell rule in IdentitylQ must always return an object derived from the abstract class sailpoint.object.saiipointobject.
- A. No
- B. Yes
正解:A
解説:
The statement that a BeanShell rule in IdentityIQ must always return an object derived from the abstract class sailpoint.object.SailPointObject is incorrect. While many rules in IdentityIQ may return objects that derive from SailPointObject, it is not a strict requirement. Rules can return various types of objects depending on their purpose and context. For example, a rule might return a String, Boolean, Map, or even null, depending on what the rule is designed to accomplish.
Therefore, the correct answer is B. No.
Reference:
This conclusion is drawn from the SailPoint IdentityIQ Rule Programming Guide, which explains that the return type of a rule can vary and does not need to be an instance of SailPointObject.
質問 # 65
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Run a build with the updated schema placed inside it.
- A. No
- B. Yes
正解:A
解説:
Running a build with the updated schema placed inside it is not the correct procedure to generate the database script to extend Application attributes in the IdentityIQ database during the initial installation. To extend the schema, you typically need to define the changes in a specific XML schema file and then generate the corresponding database scripts using IdentityIQ tools designed for schema extension. A build process does not inherently generate the required database scripts for extending attributes.
Reference:
SailPoint IdentityIQ Schema Configuration Guide
SailPoint IdentityIQ Installation and Setup Guide
質問 # 66
Is this a correct procedure for testing generated emails in a non-production system?
Solution: Change the Email Notification Type to POP3 under Global Settings > Configure IdentitylQ Settings > Mail Settings, run the test scenario. and verity if the emails were successfully delivered to mailboxes specified on Identity objects.
- A. No
- B. Yes
正解:A
解説:
Changing the Email Notification Type to POP3 under Global Settings > Configure IdentityIQ Settings > Mail Settings is not a correct procedure for testing generated emails in a non-production system. POP3 is an email retrieval protocol, not a method for sending or redirecting email notifications from IdentityIQ. IdentityIQ requires an SMTP server to send emails, and POP3 is typically used by email clients to retrieve emails from a server, not by a server to send emails.
For testing purposes in a non-production environment, you would typically configure the SMTP server settings to either redirect emails to a specific testing mailbox or use a "Redirect to File" option, if available, to capture emails locally.
Thus, the correct answer is B. No.
質問 # 67
Is this configuration option required when an engineer sets up a SCIM 2.0 application?
Solution: Name
- A. Yes
- B. No
正解:A
解説:
The "Name" configuration option is required when setting up a SCIM 2.0 application in SailPoint IdentityIQ. The "Name" field is a mandatory identifier for the application within IdentityIQ. This name is used throughout the system to reference the application and is critical for configuration, management, and integration processes. Without specifying a name, IdentityIQ cannot properly identify and interact with the SCIM 2.0 application.
Reference:
SailPoint IdentityIQ SCIM 2.0 Application Configuration Guide
SailPoint IdentityIQ Administration Guide (Application Setup and Naming Conventions)
質問 # 68
Can this be achieved using Rapid Setup user interface configuration options?
Solution: Disable an account on a particular application for one set of users and delete the account for another set of users during administrative Terminations.
- A. No
- B. Yes
正解:A
解説:
The Rapid Setup user interface in SailPoint IdentityIQ is designed to simplify and streamline common configuration tasks, particularly during the initial setup of IdentityIQ environments. However, it has certain limitations in terms of granularity and customization.
In this case, the requirement is to disable an account on a particular application for one set of users and delete the account for another set of users during administrative terminations. The Rapid Setup interface does not provide options to differentiate between user groups for different actions (disable vs. delete) within the same termination event.
This level of specificity-applying different actions based on user group membership-would require a more advanced setup, possibly involving custom rules or workflows rather than using the Rapid Setup options. Therefore, the correct answer is B. No.
Reference:
This answer is based on the SailPoint IdentityIQ Rapid Setup Guide, which describes the capabilities and limitations of the Rapid Setup interface. The guide indicates that more complex scenarios require customization beyond what Rapid Setup can offer.
質問 # 69
Is this a true statement about localization support in IdentitylQ?
Solution: Message files may be added to support additional languages, but the out-of-the-box supplied message files cannot be modified.
- A. No
- B. Yes
正解:A
解説:
The statement is false. In SailPoint IdentityIQ, while message files may indeed be added to support additional languages, the out-of-the-box supplied message files can also be modified. Administrators can customize these message files to adapt the text in the user interface to better suit the organization's needs. This includes modifying existing translations or adding custom messages to meet specific requirements.
Reference:
SailPoint IdentityIQ Localization Guide
SailPoint IdentityIQ Configuration Guide (Customization of Message Files)
質問 # 70
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Configure a Postlterate rule
- A. No
- B. Yes
正解:A
解説:
A Post-Iterate rule is used in the context of data aggregation or import processes, where it runs after each record has been processed during the iteration of accounts. This type of rule is not appropriate for handling provisioning errors or creating audit records based on provisioning failures. For auditing provisioning errors, you should configure error handling in the provisioning policy or use a custom workflow that logs errors into the audit log. The Post-Iterate rule is irrelevant to provisioning tasks and error logging, making it unsuitable for this purpose. Refer to the SailPoint IdentityIQ documentation on rules and workflows for proper error handling strategies during provisioning.
質問 # 71
Is this statement true about identitylQ's syslog event storage?
Solution: IdentitylQ logging and auditing both require extra function calls within the application and will generate data that can be compressed to avoid any storage and Improve overall performance.
- A. No
- B. Yes
正解:A
解説:
The statement is false. While it is true that logging and auditing require extra function calls and generate data, the suggestion that this data can be compressed to avoid storage issues and improve performance is misleading. In practice, while compression might save storage space, it does not inherently improve performance, particularly because the overhead of compression and decompression could negate the performance benefits. Effective performance management in IdentityIQ involves more nuanced approaches, such as optimizing the level of detail in logs, managing log rotation, and tuning the system for efficient I/O operations.
Reference:
SailPoint IdentityIQ Logging and Auditing Guide
SailPoint IdentityIQ Performance Tuning Guide
質問 # 72
Is this a correct procedure for testing generated emails in a non-production system?
Solution: Change the Email Notification Type to Redirect to file using FTP protocol under Global Settings > Configure IdentitylQ Settings > Mail Settings, run the test scenario, and verify that the email text saved to the redirected file.
- A. No
- B. Yes
正解:A
解説:
The proposed solution suggests changing the Email Notification Type to "Redirect to file using FTP protocol" under Global Settings > Configure IdentityIQ Settings > Mail Settings. However, IdentityIQ does not provide an option to redirect emails to a file using the FTP protocol directly through the Global Settings in the application.
Typically, to test generated emails in a non-production environment, you would change the Email Notification Type to "Redirect to File" (if the option is available) or configure an SMTP server with a different setup that captures emails in a file or a specific mailbox designed for testing purposes. The specific steps for testing email generation may vary, but the solution as stated does not align with standard IdentityIQ practices.
Thus, the correct answer is B. No.
質問 # 73
Is this statement true about the Application, Identity, ManageAttribute, Bundle, and Link objects in IdentitylQ?
Solution: An Application object is not required to aggregate external user account information into IdentitylQ.
- A. No
- B. Yes
正解:A
解説:
The statement that "An Application object is not required to aggregate external user account information into IdentityIQ" is false. In SailPoint IdentityIQ, an Application object is essential for aggregating (importing) external user account information. The Application object defines the connection settings, schema, and mapping that enable IdentityIQ to connect to external systems and retrieve identity data. Without an Application object, IdentityIQ would not have the necessary configuration to establish a connection and aggregate user data from external sources.
Reference:
SailPoint IdentityIQ Administration Guide (Section on Applications and Aggregation) SailPoint IdentityIQ Integration and Configuration Guide
質問 # 74
A client wants users who belong to an IdentitylQ workgroup named Management to be able to request entitlements and roles, but only for other users whose location attribute is the same as theirs.
Is this a population that will achieve the goal?
Solution: Create a quicklink population, set the membership match list to "All," and set "Who can members request for?'' as share attributes with the requester, with the attribute set to location.'
- A. Yes
- B. No
正解:A
解説:
This solution correctly addresses the client's requirement. By setting the membership match list to "All" and configuring "Who can members request for?" as "share attributes with the requester," with the attribute set to location, the system ensures that users in the "Management" workgroup can only request roles and entitlements for other users who share the same location. This setup effectively filters based on the location attribute, aligning with the client's needs.
Reference:
SailPoint IdentityIQ Quicklink Population Configuration Guide
SailPoint IdentityIQ Attribute-Based Access Control Guide
質問 # 75
Can this action be performed as part of configuring an application definition in IdentitylQ?
Solution: Define account correlation via a rule.
- A. Yes
- B. No
正解:A
解説:
Yes, defining account correlation via a rule is an action that can be performed as part of configuring an application definition in SailPoint IdentityIQ. Account correlation rules are often used to determine how accounts from different sources are linked to identities within IdentityIQ. These rules allow for complex logic to be applied when matching accounts to identities, beyond simple attribute matching.
Reference:
SailPoint IdentityIQ Administration Guide (Section on Account Correlation) SailPoint IdentityIQ Application Configuration Guide (Using Rules for Account Correlation)
質問 # 76
......
SailPoint IdentityIQ-Engineer 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
IdentityIQ-Engineer問題集PDFで最速合格希望IdentityIQ-Engineer:https://www.jpntest.com/shiken/IdentityIQ-Engineer-mondaishu
100% 高得点合格保証IdentityIQ-Engineer無制限124解答:https://drive.google.com/open?id=1iCzyhPg4E26QRF5utCZi7ezOGslYmlGz