option
Questions
ayuda
daypo
search.php

IDN_3_Platform

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
IDN_3_Platform

Description:
IDN_3_Platform

Creation Date: 2023/01/22

Category: Others

Number of questions: 95

Rating:(0)
Share the Test:
Nuevo ComentarioNuevo Comentario
New Comment
NO RECORDS
Content:

3 methods of authentication in IDN. Native authentication. SSO. Pass through authentication. Strong authentication. IWA.

Which of the following user levels in IdentityNow were introduced in this course?. User. Admin. HelpdesK user. Accountant admin. Provisioning admin.

What are some of the actions available to users in IdentityNow? (select all that apply). They can do any work assigned to them. They can do an access review. They can see the status of all users.

Each appliance in a virtual cluster needs to have its own passphrase. True. FALSE.

Steps for REST API calling. Access Token Request. Access Token Response. API Request. API Response.

IdentityNow's authentication and authorization model is fully OAuth 2.0 compliant, with issued access tokens leveraging the JSON Web Token (JWT) token standard. True. False.

The form parameters for in the OAuth 2.0 Token Request for the Authorization Code grant are as follows: grant_type. client_id. client_secret. code. redirect_uri. authorization_code.

client credential grant flow uses client credentials derived from. a Personal Access Token. exchange an authorization code. refresh token for an access.

Client Credential Grant Flow. grant_type. refresh_token.

Refresh Token Grant Flow. grant_type. refresh_token. client_secret. code.

API Response Codes - OK - Returned if the request was successfully submitted. 200. 401. 403. 404. 500.

API Response Codes - Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. 200. 401. 403. 404. 500.

API Response Codes - Forbidden - Returned if the user you are running as, doesn't have access to this end-point. If you are an admin, make sure you step-up authentication. 200. 401. 403. 404. 500.

API Response Codes - Not Found - Returned if the end-point was not found. Check your URL and try again. 200. 401. 403. 404. 500.

API Response Codes - Internal Server Error - Returned if there is an unexpected error. 200. 401. 403. 404. 500.

CRUD operations via HTTP(s). GET – Read. POST – Write. PUT – Update. DELETE – Delete. CREATE - Create. UPDATE - Update.

Heldesk user has access to: Permissions to enable, disable, and unlock accounts. Enable/Disable an account. Reset users password. Invite a user to join IdentityNow. Unlock user’s account. view dashboards and monitor the IdentityNow system. certification campaigns.

Mandatory Fields within an Identity Profile. Last Name. Work Email. User Name. First name. Password.

Order of steps to implement model for a given HR source. Create Authoritative Source. Create Identity Profile. Configure Identity Profile. Aggregate Authoritative Source Accounts. Create account profile. Configure account profile. Configure identity attribute mapping.

Access profile entitlements can be linked to more than 1 system. True. False.

Requirements from IdentityProvider to be setup in SailPoint IDN. The Entity ID. The Login URL for Post. The Login URL for Redirect. The Logout URL (optional). The Signing Certificate. The Return Certificate.

Identity exceptions found in report can be resolved in following methods. Can fix issues by source data and reaggregate. Fix by transforming data to set a value. Can manually set value for identity. Can ignore attribute issue for identity.

Transforms can be used in which 2 aspects?. Identity profile tranforms on mapping. Account profile transforms. Source profile.

3 email templates exist to notify users for password notifications. Password expiration. User password changed. Helpdesk password. New password change.

Where can you go to view sample searches in IdentityNow?. Click in the empty Search field and view Suggested Searches. Click Query Help.

Using search you can audit provisioning activity or examine user activity such as authentication, access requests, and password changes. TRUE. FALSE.

How can the search activity used to drive compliance activities. Search functionality used to define parameters for a certification campaign or for a policy. Create a lookup for data quality issues. Identify users without line managers.

Which 6 objects are available to be searched?. identities. Access profiles. role. events. Entitlements. account activity. sources.

Which of the following are searchable objects in IdentityNow?. Identities. Entitlements. Lifecycle States.

IdentityNow applies a term-only search to all searchable objects, looking for the specified string in all attributes at any level. TRUE. FALSE.

Using Search you can audit provisioning activity or examine user actions such as authentication, access requests, and password changes. TRUE. FALSE.

IdentityNow assumes an AND relationship between multiple terms unless OR or is explicitly specified. TRUE. FALSE.

Email redirection can be configured globally and common for non-productive tenants. TRUE. FALSE.

T/F every identity is required to login to IDN. FALSE. TRUE.

Strong authentication for admin access or user unlocking requires integreation with 3rd party multifactor authentication system. FALSE. TRUE.

Components that must be configured when defining source configuration. Source metadata. Account schema. Manager correlation.

Components that must be configured when defining identity profile. Identity Attribute Mappings. Authoritative Settings. Lifecycle States (optional).

What is the source configuration attribute that defines which connector to use?. Source type. Source connector. Connector type.

Provisioning Failures Troubleshooting failures that occur when provisioning can be accomplished in several ways. Examine account activities details in Search. All provisioning transactions are recorded as account activities. Perform a pattern analysis and look for isolated or widespread outages. Check account profiles for errors -- data, transforms, etc. Check configurations -- source connectivity details, role, or lifecycle state configurations. Consider external causes. IdentityNow may be fine but external resources could be a problem.

The Dashboard page allows administrators to view account activity data and download provisioning audit reports. TRUE. FALSE.

Provisioning requests are always specific to one identity and contain the key information needed to fulfill provisioning operations. TRUE. FALSE.

Verification of completed provisioning actions is only performed when an automated provisioning process is used. TRUE. FALSE.

Attribute Synch Best Practice. Can be resource intensive so limit attributes to 15. Stagger changes by enabling attributes 1 a day. Mass update attribute changes overnight. Can be resource intensive so limit attributes to 10.

The account ___ defines set of account attributes to collect from source during aggregation. Account Schema. Entitlement. Account.

What 2 types data that connectors can collect from sources. Entitlement. Account. Attributes. Password.

An IdentityNow Helpdesk authorized user is allowed to perform several administrative actions related to assisting users with authentication problems. . Enable, Disable, and Unlock Users Accounts. Invite users to register with IdentityNow. Recover a User's password. Help users reset their passwords.

Can you group entitlements into roles?. Yes, but through access profiles assigned to the role. No.

Recall more than one place in IDN where you can review provisioning activities. Audit Report (Provisioning activity report). Admin Dashboard. Identity activity logs.

How many sources can be referenced in a single access profile. 1. 2. 3.

How many sources can be included in a single role definition. many. 1.

All non-authoritative sources need a separate source of entitlement (group) data that can be aggregated to provide information like display names and descriptions. TRUE. FALSE.

The password policy configuration in IdentityNow captures your password history. TRUE. FALSE.

Why are governance groups beneficial. Governance groups provide better coverage and multiple people who can approve a request. Governance groups provide better coverage and multiple people who must all approve a request.

Is it possible to require 3 levels of approval for access requests?. Yes, you can have access owner, manager and group assigned to approve a request, or no one at all. No, only a single approver can be defined.

How many roles or access profiles can be requested in a single access request. one. many.

Are roles or access profiles required to be associated with an application to be requestable. Access Profile. Role. Entitlement.

Where should you look to find record of all provisioning actions sent to directory system in last seven days. Perform account activity search. Audit Reports.

Governance groups require that all members sign off on an access request before it can be approved. TRUE. FALSE.

All entitlements that are aggregated into IdentityNow are automatically visible and requestable in the Request Center. TRUE. FALSE.

Client Credential Grant Flow. grant_type. client_id. client_secret. code. redirect_uri. authorization_code. refresh_token.

Refresh Token Grant Flow. grant_type. client_id. client_secret. code. redirect_uri. authorization_code. refresh_token.

If you are making a web application, the best grant flow that you should use. Client Credential Grant Flow. Authorization Code grant flow. Refresh Token Grant Flow.

If working with scripts or programs, which token grant flow is best?. Client Credential Grant Flow. Authorization Code grant flow. Refresh Token Grant Flow.

If your APIs can work under and API context without a user, then leveraging a Client Credential grant flow using. OAuth Client credentials. Personal Access Token credentials.

Match search string. Find all identities with username of 'neil.mcglennon'. Find all identities with a custom attribute, department, is 'Inventory'. Find all identities with no email, last name, or username attribute. (Note: This is useful for fixing identity exceptions.). Find all identities with no lifecycle state assigned. Find all identities with email that ends with a certain domain (@acme.com):. Find all identities with a last name which starts with A through M (uses regex). Find all identities which were created within a specified time range (e.g. in the past week timeframe):. Find all identities which have more than 100 accounts:. Find identities which have errors:. Find identities which were recently changed:.

Match search string. Find identities which were recently changed:. Find identities which were recently created:. Find identities which were recently created in an inclusive statement:. Find all identities with a specific start date. Find all identities with a specific end dates:. Find common identities which share manager by display name:. Find common identities which share manager by manager ID:. Find identities with directory accounts which are disabled. Find identities with a certain IdentityNow invitation status: UNREGISTERED. Find identities with a certain IdentityNow invitation status: PENDING.

Match search string. Find identities with a certain IdentityNow invitation status: REGISTERED. Find identities which have manually correlated accounts on a certain source:. Find identities with privileged accounts (on any source):. Find identities with locked accounts (on any source):. Find identities with disabled accounts (on any source):. Find identities with accounts from a source (e.g. Employees) which were created in the past month:. Find identities with AD accounts which have had a password set within a certain time period (using AD passwordLastSet timestamp):. Find all identities on a specific identity profile:. Find all identities who work in London:. Find all identities who work in London who started this year:.

Match search string. Find a user's direct reports:. Find users with a specific role:. Find inactive users with active accounts:. Find out whether privileged access was revoked for previous contingent workers:. Find users who haven't finished registering:. Find users from the Sales department who have Webex accounts who don't have a particular entitlement:. Find identities that don't have a manager:. Find all the identities with elevated user levels (within IdentityNow):. Find all the identities with IdentityNow admin access:. Find all identities that have a lifecycle state of terminated in IdentityNow with accounts on Active Directory that are still enabled:.

Operator || does what?. OR. AND.

Operator && does what?. OR. AND.

Operator !. OR. AND. NOT.

.exact. Matches exact value. Find missing or non null data.

_exists_. Matches exact value. Find missing or non null data.

Passthrough – Authentication. Allows the user to log into IdentityNow using their network credentials. User enters username and password and systems looksup username and maps to an account on authentication source. Authentication messange placed in cluster queue. VA calls up IDN to retrieve messages in queue including authentication. VA calls the appropriate connector for authentication i.e. Active Directory targeting a specific AD targets for bind. VA respond to cloud with the status of authentication request. Configured in admin user interface via Admin > Global > Security Settings > IWA (menu). Utilizes a keytab file that allows IdentityNow to decrypt and utilize the Kerberos ticket to identify and authenticate the user.

Integrated Windows Authentication (IWA) (Single Sign). Utilizes a keytab file that allows IdentityNow to decrypt and utilize the Kerberos ticket to identify and authenticate the user. Configured in admin user interface via Admin > Global > Security Settings > IWA (menu). Allows the user to log into IdentityNow using their network credentials. User enters username and password and systems looksup username and maps to an account on authentication source. Authentication messange placed in cluster queue. VA calls up IDN to retrieve messages in queue including authentication. VA respond to cloud with the status of authentication request. VA calls the appropriate connector for authentication i.e. Active Directory targeting a specific AD targets for bind.

Using another SAML Identity Provider (IdP) to sign-into IdentityNow. IdentityNow becomes the Service Provider (SP). Uses the SAML Federation protocol. Cannot have IdentityNow SSO enabled. i.e. IdentityNow cannot be both SP and IDP. IdentityNow can have SSO enabled and act as both SP and IDP.

End user can do the following. Update their own passwords. Modify their own alternate phone and e-mail attributes. Request application or access for themselves. Launch applications from the Launchpad. Perform tasks & work items assigned to them. Permissions to enable, disable, and unlock accounts. Generate a report with identity details.

Help Desk. Permissions to enable, disable, and unlock accounts. Can view activity and interact with identity data. Enable/Disable an account. Aggregate account information. Invite a user to join IdentityNow. Generate a report with identity details. Certification Campaigns.

Dashboard access. An elevated user with ability to view dashboards and monitor the IdentityNow system. Certification Campaigns view progress on current campaigns. SSO activity. Provisioning. Enable/Disable an account. Invite a user to join IdentityNow.

Certification Administrator. A user with certification admin permissions can create and manage certification campaigns in IdentityNow. If you grant someone the certification admin user level, this will appear in certifications as an entitlement that the reviewer can grant or revoke. Enable/Disable an account. Invite a user to join IdentityNow. Generate a report with identity details.

steps to implement an identity model. Create Authoritative Source. Create Identity Profile. Configure Identity Profile. Aggregate Authoritative Source Accounts.

An identity can only be assigned a single identity profile. True. False.

Identity Profile settings. Account source. Sign in method. Invitation options. Error message for error handling. Attributes. Entitlements.

The admin global activity pages contain following activities. Dashboard Overview. Dashboard Monitor. Connections VA health. Connections Source health. Provisioning activities. Global Activity. Identities Activities. Source Aggregation history. Source Activity. Virtual appliance.

Dashboard overview. Widgets showing sources. Widgets showing cluster. Widgets showing applications. Widgets showing identities. Widgets showing role. Widgets showing entitlements. Connections VA health. Connection source health.

Troubleshooting the Cloud Connector Gateway. Enable Debug per VA Cluster. Connector logs are located on each VA: /home/sailpoint/log/ccg.log. Messages involving Source connection, aggregation, authentication, provisioning. SailPoint Services / Support can also see fragments of these logs remotely. View the dashboard for connection errors.

Troubleshooting Password Interception. PWI interactions are logged to: /var/log/tinyproxy/tinyproxy.log. View the dashboard for connection errors. Connector logs are located on each VA: /home/sailpoint/log/ccg.log.

Service Logs for troubleshooting. Review contents of the service log - sudo journalctl –u service_name. Watch current activity going into the service log - sudo journalctl –f –u service_name. Get boot events - sudo journalctl –b –u service_name.

Audit Reports in Search. All Events - All activity that IdentityNow tracks in audit events. Access Request Activity - All activity related to access requests. Authentication Activity - Events related to any kind of authentication, including into IdentityNow and into apps. Password Changes - All password updates, including for apps, sources, and IdentityNow. Provisioning Activity - View a basic audit report of provisioning events. All Source Activity (Non-Provisioning) - All activity on all sources, not including provisioning activity. Certification Campaigns - Campaign status and activity.

Activity on Admin Dashboard. System Component Status (Sources, Clusters, Applications, Identities). System Activity (Last 5 activities in the system). To Do Tasks (Manual Provisioning Activities). Org Information. Password Resets. Certification Campaigns. SSO. Provisioning (Last 7 days). Authentication Activity. Access Request Activity.

OR statement. OR. AND. ||. Single quotes '. &&.

AND statements. OR. AND. ||. Single quotes '. &&.

There are three main components of a transform object: id/name. type. attributes. value. account.

Transforms are primarily used in two places. On an identity profile for identity attribute calculation. on a source profile for determining new account attribute values for provisioning operations. On entitlement matching and assignments.

Network tools. dig. host. ifconfig. ping. tb. nc. traceroute. tcpdump. curl. ldapsearch.

Report abuse