SLPNT.

1. Identity AI will force approver to choose an option. False.

2. How many types of roles are there in sailpoint? 2.

3. What are the different types of provisioning?

4. Preventative policies can be used to grant access that violates policy? False

5. What is a role called at class level? Set of Access.

6. What reports are listed on the my reports tab within Sailpoint IIQ? Reports that you have configured
and searches that have been saved as reports.

7. Does Sailpoint support management of hybrid environment? Yes.

8. To create spadmin in Identity IQ which file to import? Init.xml

9. Which of these classes are part of provisioning plan?

10. Which of the following is valid module in Sailpoint?

11. What is PII? Personally identifiable information.

12. Administrators can manage all identities in Sailpoint?

13. Which of the following are used during policy evaluation? Risk score , Entitlement , role, attributes.

14. Choose valid access control models. RBAC, MAC, DAC, RB-RBAC.

15. Which LCM events will be triggered when a user is rehired? Mover.

16. An IT role can have only one Entitlement? False

17. What is shown on the my reports tab? Reports that you have configured and searches that have
been saved as reports.

18. Who will be assigned the task of deciding what to do about a violation when Identity IQ identifies
policy violation? Policy Violation owner

19. Which option changes log transmission from EPM client to server? Admin mode.

20. Which LCM event will be triggered when a user is terminated? Leaver

21. Bulk decision can be disabled in certification? True

22. Using which strategy, administrative tasks are only carried out by Administrators who have
administrative credentials?
23. What is account aggregation process in Sailpoint IIq? Pulling data from HR and Authoritative source.

24. Which of these is information associated with identities? Attributes, Accounts, Entitlements, roles.

25. User access level will decide the search options visible in identity analytics? True

26. Which of the following are part of identity governance? Pass. Management , Provisioning

27. Which term describes collecting data from application/source in sailpoint? Aggregation.

28. When you add extended attributes that are not marked searchable to Identity IQ, where are these
new attributes stored by default? CLOB

29. What does the "-clean" option do when exporting Objects?

30. In the aggregation/refresh process, lifecycle events can be launched when a data change is detected
during aggregation. Which option on the refresh task causes the refresh to trigger the lifecycle event
workflows?

31. When implementing policies, a best practice is to set the____option to preview what impact they
will have on the system.

32. What is the minimum process to fully promote entitlements on the identity cube, for example, to
include entitlements in certifications?

33. Which of these options defines how the account attributes within a provisioning plan are populated?

34. ____define which account attributes to read from an application when aggregating accounts with
IdentityIQ.

35. When you view a user's record (identity cube) you can see how a user acquired a role. In the default
role model, what is the difference between assigned and detected? Assigned means that the role is a
business role and that this user was given that role by someone or through a rule; detected means the
role is an IT role and IdentityIQ recognized that the user has the access defined in the role.

36. What is a capability in IdentityIQ?

37. In the standard IdentitylQ access request workflow (LCM Provisioning), the default approver is the
owner. False

38. Why might someone using Identity IQ to aggregate accounts set the option "Disable optimization of
unchanged accounts = true" on application aggregation tasks?

39. Which of the following log levels will provide the most detailed information?

40. What is the difference between a task and a workflow?

41. Lifecycle Events can be created based on native changes. What is a native change?
42. Certification Events can be automatically triggered by a wide range of data changes within
IdentitylQ, such as manager change.

43. The only users who can track an access request are the requesters themselves.

44. Sets of identities in IdentityIQ can be used for a number of purposes, and each is created in a
different way. Select all statements that are correct.

45. Which connector requires a provisioning rule to be written when provisioning to applications of this
type?

46. When you implement with Rapid Setup, the Rapid Setup Joiner, Mover, and Leaver configurations
still require you to write the workflow to execute the process.

47. You can use the Edit Identity Quicklink to modify an identity's attributes and trigger attribute
synchronization to other applications.

48. Rapid Setup Joiner configuration defines the operations that are launched when a user joins a new
group within your organization, such as department transfer.

49. When a serious system error occurs, and an incident code is displayed, where would an admin user
go to see details of the error?

50. The Rapid Setup mover configuration options, which can be triggered when a user moves within
your organization, are:

51. From the Administrator Console, you can view details for a failed provisioning attempt and send a
manual workitem to complete the request.

52. Once a workflow has been launched, what is the name of the object that represents the execution of
the workflow?

53. Entitlements and groups that are included in the Entitlement Catalog have many uses within
IdentityIQ. Which one of the following is NOT a use of items in the Entitlement Catalog?

54. There are five important tasks that are shipped pre-scheduled in IdentitylQ. Which task advances
certifications through their phases and restarts backgrounded workfows?

55. A provisioning plan is passed to a workflow to start the provisioning process. What is included in a
provisioning plan?

Othrs
56. Choose valid access control models?

57. What is the purpose of data labeling?

59. How can we do open AM Silent installation? Open AM config. Tool.

60. AM is giving 500(internal server error) How we can troubleshoot? Refresh or come back later.

61. Preventative policies can be used to grant access that violates policy. No

62. Identify technical controls used to protect information.

63. Which option is available to configure authorization?

64. What configuration file is required to update to add custom attributes in Directory Services.

65. What are the two Cyberark EPM Privilege Management modes? Detect and Elevate.

66. Choose the platform supported by Cyberark EPM? Windows and Mac OS

67. Which config store FR will support? All directory services.

68. Share some examples of post authentication node.

69. Choose the valid type of groups in AD DS. Distributed and Security

70. Is it possible to apply group policy on a container in AD DS. Yes

71. When an attribute change comes through aggregation, attribute synchronization is initiated through
a refresh task that has the Synchronize attributes option selected. Is above statement valid? Yes

72. Cyberark EPM default policies provide a functionality to set policies for privilege applications that are
not handled by any other policy. True

73. A subnet is a container for AD DS objects, such as computers and services that are specific to a
physical location. Yes

74. Setting made to a specific set will affect that set only.

75. Which of these are not single forest partitions in AD DS?

76. You can email reports as an attachments to selected identities in what format? CSV or PDF

77. What permission Users require to view and activate policy recommendations? Full and View

78. You want to copy the data from your on-prem AD to Azure AD. Which tool will you use?

79. Cyberark EPM provides Integration with the following

80. Which CyberArk component is a full LDAP client that can communicate with other LDAP-compliant
directory servers to obtain user identification and security information? The Vault
81. When implementing policies, a best practice is to use the below option to preview what impact the
policy will have on the system.

82. Which claim on Azure AD open ID connect payload identifies the intended recipient of the token?
Aud

83. Which option changes log transmission from EPM client to server. Admin mode.

84.Which of these device registration option will you use to implement Bring your own device policy?
Azure AD registered.

85. Which claim on Azure AD OpenID connect Payload identifies the intended recipient of the token.
Aud.

86. What happens when an AD server configured as Infrastructure master is unavailable? Unable to
make changes to schema.

87. Which of the following is common within a AD DS forest? Schema.

88. You can email report result as an attachments to select identities in what format?

89. CyberArk identity connector must be installed on the Domain controller? False.

90. How many customers does cyberArk provide their services globally ? 6000+.

91. Settings made to a specific set will affect that set only?

92. What is account aggregation process in Sailpoint IIQ?

93. CyberArk identity requires use of third party MFA to include this option? False.

94. Choose the two default roles available in CyberArk identity. Everybody and System Administrator.

95. Which table in Sailpoint stores the identity information?

96. How many victims are needed in order for an attacker to establish a foothold inside a network? 1.

97. Choose MacOS versions supported by Cyberark EPM? Catalina and Big Sur.

98. Identity search only allows you to search on the standard identity attributes that are predefined by
identity IQ. False

99. When an attribute change comes through aggregation, attribute synchronization is initiated through
a refresh task that has the Synchronize attributes option selected. Is above statement valid? True

100. Which all best security layers are at the heart of the Privileged Access security solutions? Firewall,
VPN, Authentication, Access control, Encryption.

101. What are the two decision maker context available working with policy violation?
102. What solution EPM Privilege Management provides to solve highly risk process of granting full
Administrative rights to standard users?

103. Can you change Non-persistent set in Cyberark EPM to regular set? No.

104. What is a characteristics of a ransomware. Ransomware needs privilege accounts to be successful.

105. Each cyberark EPM agent connecting to server will consume a license.