SailPoint IdentityIQ-Associate Exam Dumps

Yes. In SailPoint IdentityIQ, marking an application account schema attribute as managed identifies that attribute as governance-relevant access data. This is commonly applied to attributes that contain entitlement-like values, such as groups, roles, permissions, or application access assignments. When the attribute is managed, IdentityIQ can create and maintain managed attribute records for the values discovered during aggregation, allowing those values to be represented in the entitlement catalog with business metadata such as display name, description, owner, requestability, and classification.

This managed designation supports governance processes, including certifications. In an access review, reviewers need to evaluate meaningful access items rather than raw account data. Managed entitlement values can therefore be surfaced as reviewable access so managers, application owners, or entitlement owners can approve, revoke, or otherwise act on them during certification campaigns.

This does not mean the attribute itself is simply editable in IdentityIQ; editability is controlled separately through provisioning policies, forms, workflows, and connector support. The managed flag is primarily about governing the attribute's values as access.

Reference topics: Applications --- schema attribute properties; Access Modeling --- entitlement catalog; Governance --- certification review items.

Yes. In SailPoint IdentityIQ provisioning, the system evaluates the requested access change in the context of the identity's existing application accounts. When a provisioning request requires a modification on an application, IdentityIQ must determine whether the identity already has an account, represented by a Link, on that application. If no existing account is available and the requested change requires one, IdentityIQ can include account creation as part of the provisioning activity before applying attribute or entitlement modifications.

This behavior is central to request-based provisioning. For example, if a user requests an entitlement on an application where they do not yet have an account, IdentityIQ cannot simply add the entitlement to a nonexistent account. The provisioning process must first establish the account, collect required values through provisioning policies, and then apply the requested access. The provisioning plan may therefore be expanded or adjusted during compilation and fulfillment.

Therefore, the statement is true: IdentityIQ can determine whether an account must be created before modification. Reference topics: Provisioning, provisioning plan processing, account requests, provisioning policies, account creation, entitlement modification, and plan compilation.

Recording which data a user downloads is not a core purpose of Identity Governance and Administration in SailPoint IdentityIQ. IGA is concerned with governing identities, accounts, access, entitlements, roles, policy violations, certifications, access requests, and provisioning. Its central objective is to answer questions such as who a user is, what access they have, whether that access is appropriate, who approved it, and whether access complies with defined business and security policies.

Tracking the specific files, records, or data objects downloaded by a user is typically associated with data activity monitoring, data loss prevention, security information and event management, or user behavior analytics. IdentityIQ may integrate with other systems and can govern access to applications or repositories that contain sensitive data, but it does not primarily function as a tool for recording every data download event.

In IdentityIQ terms, the governance focus is identity security: access visibility, access certification, policy enforcement, role modeling, lifecycle management, and provisioning controls. Reference topics: Foundational Concepts, purpose of identity security, common IdentityIQ terms, governance model, certifications, policies, and provisioning.

The statement is not accurate as written. In IdentityIQ LifeCycle Manager, allowing users to request a new account on an application does not automatically mean they can request an additional account on that same application. These are related but distinct account request scenarios. A new account request typically applies when an identity does not already have an account on the target application. An additional account request applies when an identity already has an account and the application is configured to support more than one account for the same identity.

Whether additional accounts are available depends on the application's account model, connector support, application configuration, request configuration, and provisioning policy behavior. Some applications support only one account per identity; in those cases, IdentityIQ may allow creation of the initial account but not allow a second or additional account. Manage Accounts can expose account lifecycle actions such as create, modify, enable, disable, unlock, delete, or request additional accounts, but only when the underlying application and IdentityIQ configuration support those operations.

Reference topics: User-Driven Requests --- account request types and operations; Applications --- connector and application settings; Provisioning --- provisioning policies and account creation behavior.

No. In IdentityIQ, a birthright role is intended to represent access that is automatically assigned to identities based on defined business criteria, such as lifecycle state, department, location, job function, or other identity attributes. The purpose of a birthright role is automatic access assignment, not user-driven request selection. Rapid Setup can help configure common access-modeling and application-onboarding elements more efficiently, including birthright access patterns, but the birthright concept remains assignment-based rather than request-based.

Requestable access is handled through the access request model, where users select roles, entitlements, or other access items made available through request configuration and QuickLinks. Birthright access is different because it is granted when an identity satisfies the role assignment criteria and is recalculated through identity refresh and role evaluation. Making birthright roles requestable would undermine their purpose as standard baseline access automatically derived from identity data.

Therefore, the statement is inaccurate. Rapid Setup birthright roles are used for automated assignment and baseline access, not as requestable access items. Reference topics: Applications, Rapid Setup, Access Modeling, birthright roles, role assignment, identity refresh, and User-Driven Requests.