L100 Fixed

Question 1

An Application Owner can have multiple primary Certifiers and a single secondary Certifier.
T/F

Answer 1

FALSE

Question 2

An Application Owner can have a single primary Certifiers and multiple secondary Certifiers
T/F

Answer 2

TRUE

Question 3

Single sign on is enabled in EIC using Azure Identity Provider. In this scenario, can the user log in using Azure and EIC native authentication?
T/F

Answer 3

FALSE

Question 4

Which of the following options support Authentication mechanisms in Saviynt?
A. None of the below
B. REST
C. LDAP
D. SAML 2.0
E. Database

Answer 4

C. LDAP
D. SAML 2.0
E. Database

Question 5

What is not a valid status Type in Certification?
Preview, Launching, Discontinued, Delete

Answer 5

Delete

Question 6

Which of the following must be linked to the Active Directory Security System to automatically reconcile Accounts from AD into Saviynt?

Answer 6

AD Connection

Question 7

what Job needs to run for the detective SOD?

Answer 7

RiskSODEvaluationJob

Question 8

Which of the following options can a Campaign Owner use to view the Entitlements Query that was used in a previously launched Campaign?
A. Campaign Export
B. Export option at the top right corner of the page, next to the Refresh Progress option
C. Campaign Summary
D. Reconfigure option

Answer 8

C. Campaign Summary

Question 9

Which of the following formats is suitable for downloading an Analytics report? (Select all that apply)
A. CSV file and Excel Sheet
B. Text file
C. CSV file only

Answer 9

A. CSV file and Excel Sheet

Question 10

Marty, an Administrator, reconciled Oracle Accounts into Saviynt. During the import, the incoming accounts were required to be mapped to the existing users in Saviynt. Which of the following Rules should be used to successfully associate Accounts to the correct users?
A. Account to User Rule
B. Account Name Rule
C. Technical Rule
D. User Account Correlation Rule

Answer 10

D. User Account Correlation Rule

Question 11

Which of the following Application types can be associated with the Automated Provisioning configuration turned OFF?
A. Service Desk Application
B. Hybrid Application
C. Connected Application
D. Disconnected Application

Answer 11

D. Disconnected Application

Question 12

————– refers to any type of access that is associated with a managed system or application, such as groups, roles, permissions, or responsibilities.
A. Entitlements
B. Endpoints
C. Workflows
D. Accounts

Answer 12

A. Entitlements

Question 13

As part of a recent organizational change, John, a Security Consultant, was moved from Department A to B.

To follow the Least Privilege Principle, there is a requirement to certify all existing entitlements of John by relevant stakeholders. Now, you have configured a User Update Rule to launch a certification when the department changes. Which of the following actions will you configure to support this scenario?
A. Launch Manager Campaign
B. Launch Service Account Campaign
C. Launch Entitlement Owner Campaign
D. Launch Organization Owner Campaign

Answer 13

C. Launch Entitlement Owner Campaign

Question 14

Which of the following SAV Roles grant users the privilege to edit UI Labels?
A. UIADMIN ROLE
B. ROLE_ADMINUI
C. ADMINULROLE
D. ROLE.UIADMIN

Answer 14

B. ROLE_ADMINUI

Question 15

If you want an application to be available for requesting access (self or other), which of the following should be configured?
A. Proposed Accounts Workflow
B. Access Remove Workflow
C. Access Add Workflow
D. Emergency Access ID Request Workflow

Answer 15

C. Access Add Workflow

Question 16

What triggers a Request Rule?
A. When a user is imported
B. When Access Request is created and matches the conditions
C. When the Run Detective Rule job is run
D. When changes are detected in the import

Answer 16

B. When Access Request is created and matches the conditions

Question 17

Which of the following Account statuses is not considered in a User Manager Campaign certification?
A. Manually Suspended
B. Inactive
C. Suspended from Import Service
D. Manually Provisioned

Answer 17

D. Manually Provisioned

Question 18

Which of the following Role types should be selected for a Role containing Entitlements that span across multiple applications?
A. Application Role
B. Transactional Role
C. Enabler Role
D. Enterprise Role

Answer 18

D. Enterprise Role

Question 19

Which of the following configurations can be used to allow Certifiers to certify their own access?
A. Certify all users by default
B. Show consult for own access
C. Allow Self Certification
D. Certification reassignment

Answer 19

C. Allow Self Certification

Question 20

Accounts, Entitlement types, and Entitlement data of an application are directly associated with:
A. Endpoints
B. Roles
C. Workflows
D. Security Systems

Answer 20

A. Endpoints

Question 21

What is a Campaign?
A. Group of similar Endpoints
B. Group of User Groups
C. Group of Dashboards
D. Group of similar Certifications

Answer 21

D. Group of similar Certifications

Question 22

Which is logical grouping of entitlements (access) that define the ability of users to perform business tasks.

Answer 22

Functions

Question 23

Which of the following Connections is used for integrating Saviynt with a ticketing system?
Service Ticket Connection
Ticket Connection
Service Desk Connection
Provisioning Connection

Answer 23

Service Desk Connection

Question 24

Jane was managing an AD Group; however, she had to decommission this group and revoke access for all the users. Which of the following options should be used to perform the above task?
A. Segregation of Duties
B. Entitlement Update Rule
C. Mitigation Control
D. Entitlement Owner Certification

Answer 24

D. Entitlement Owner Certification

Question 25

Anitha, a manager, has a large number of users reporting to her, with most of them working remotely. Which of the following Campaign Types would you recommend for this scenario to reduce certification fatigue for Anitha? Launch User Manager Campaign and then Self Certification Campaign on certified items Launch Application Owner Campaign and then Self Certification Campaign on certified items Launch a Self-Certification Campaign and then User Manager Campaign on certified items Launch Service Account Campaign and then User Manager Campaign on certified items As an Admin, you are required to set up an Entitlement Owner Campaign for Entitlements belonging to an Oracle ERP Endpoint by the Internal Audit team. The Campaign should be launched at the beginning of every month, and only Accounts and Entitlements that meet the prerequisites should be included in the Campaign.

Answer 25

Launch a Self-Certification Campaign and then User Manager Campaign on certified items

Question 26

Which of the following 2-key configurations would you recommend for achieving this? A. Use Campaign Template and the Schedule Later option B. Use Advanced Configurations and Preview mode and create the Campaign at the beginning of each month C. Use Advanced Configurations and set the Campaign expiry to 31 days D. Cannot be achieved

Answer 26

A. Use Campaign Template and the Schedule Later option

Question 27

To help users make informed and quick decisions, Saviynt provides filters for retrieving Certification data in the User Manager Campaign and Service Account Campaign. Which of the following options cannot be regarded as a Smart Filter? A. User's Assigned Role counts B. Access with SoD Violations C. Out-of-Band Access for Entitlements D. Risk Level for Accounts

Answer 27

A. User's Assigned Role counts

Question 28

Which of the following features best describe the Authorization mechanism for the EIC application? A. Security System B. SSO C.WSRETRY Job

Answer 28

A. Security System

Question 29

As per the above mapping, USERNAME is the user attribute defined in Workday, and User_Name is the attribute defined in EIC. T/F

Answer 29

False

Question 30

------------ allows detection of access rights granted outside the Saviynt platform. REST API B. RevokeOutOfBandAccessJob C. Bulk Upload D. ARS > Request Access for Others

Answer 30

B. RevokeOutOfBandAccessJob

Question 31

ABC Company has set up a one-level workflow for an application, where the lone approver is the manager of the beneficiary. Margaret, who is Edward’s manager, raised an access request on behalf of Edward. Which of the following statements would be true/applicable? A. Manager's approval is auto-approved B. Manager's approval is auto rejected C. Manager must manually approve/reject the request D. None of the above

Answer 31

A. Manager's approval is auto-approved

Question 32

________ filters the requestable applications under "Request New Access." A. Access Add Workflow B. Access Query C. Provisioning Connection D. Whom to Request

Answer 32

B. Access Query

Question 33

Which of the following aspects in EIC is regarded as a unique identity of a person? A. Endpoint B. Employee C. Account D. User

Answer 33

D. User

Question 34

Multiple indices can be selected while creating Analytics using the Elasticsearch Query. T/F

Answer 34

True

Question 35

A Campaign Owner can create various types of a User Manager Campaign to save different settings for various categories of Manager Access Reviews. Options: A. Global Configurations B. Campaign Types C. Campaign Templates D. Campaign Previews

Answer 35

C. Campaign Templates

Question 36

Which of the following connection types is best suited to expose Workday reports as a data service? Options: A. Workday-RAAS B. Workday-REST C. Workday-OAuth D. Workday-SOAP

Answer 36

A. Workday-RAAS

Question 37

The Max Authentication Session parameter in Single Sign-On settings specifies the maximum duration, in seconds, for which an SSO session will remain valid. The default value is 3600 seconds. If the session logout value defined in IDP is 10,000 seconds and Max Authentication Session in Saviynt SSO is 5000 seconds, how long will the session last? Options: A.5000 seconds B.10,000 seconds C.3600 seconds D. None of the above

Answer 37

A.5000 seconds

Question 38

Where can an Admin get the details of a successfully executed Rule? Options: A. Archived Rule Trail B. Archived Application Logs C. Current Rule Trail D. Action Trail

Answer 38

C. Current Rule Trail

Question 39

Which of the following statuses is applicable for the "Add Access" task type when the task is successfully completed? Options: A. Provisioned B. Success C. Manually Provisioned D. Active

Answer 39

A. Provisioned

Question 40

In the process of setting up Single Sign -On using SAML 2.0, the "SP Entity ID" acts as a unique identifier for the Saviynt SP. If "SP Entity ID" is set to the value of SaviyntSP, which of the following will be the correct Single Sign -On URL to log in to EIC? https//myorg.saviyntcloud.com/ECM/saml/SSO/SaviyntSP https//myorg.saviyntcloud.com/SaviyntSP https//myorg.saviyntcloud.com/ECM/saml/SSO/alias/SaviyntSP

Answer 40

https//myorg.saviyntcloud.com/ECM/saml/SSO/alias/SaviyntSP

Question 41

(Paraphrasing) Which action is not allowed via a request form when setting up access requests in Saviynt? Add Entitlements Remove Entitlements Add Organization Entitlements Remove Organization Entitlements

Answer 41

Remove Entitlements

Question 42

In Saviynt Segregation of Duties (SOD), what is a ruleset composed of?

Answer 42

A ruleset is a set of risks.

Question 43

In Saviynt SOD, in what formats can you export existing rulesets?

Answer 43

CSV and Excel (.xls) file.

Question 44

What triggers a Function Object Request in an SOD ruleset?

Answer 44

When the function owner adds, removes, or modifies one or more objects in the Function > Child Authorization tab.

Question 45

For which ruleset types are Function Object Requests applicable?

Answer 45

Both SAP type rulesets and SAP Group rulesets.

Question 46

What triggers a Function Entitlement Request in SOD?

Answer 46

When the function owner adds, removes, or modifies one or more entitlements in the Function > Entitlements tab.

Question 47

When are risks associated to an organization in Saviynt SOD?

Answer 47

When any conflicting access is granted to a user or a group.

Question 48

In Saviynt SOD, up to how many functions can be mapped to a single risk?

Answer 48

Up to 5 functions.

Question 49

In Saviynt SOD, to what can each risk be mapped?

Answer 49

Each risk can be mapped into a business process area.

Question 50

Who can manage risks in Saviynt SOD?

Answer 50

Only the risk owner can manage the risks.

Question 51

In Saviynt SOD, what are functions?

Answer 51

Logical grouping of entitlements (access) that defines a user's ability to perform business tasks.

Question 52

What Saviynt function types are available in SOD?

Answer 52

Non-SAP, SAP, and SAPGROUP.

Question 53

Which logical operators are allowed for SAP-type functions in Saviynt?

Answer 53

AND and OR.

Question 54

Which logical operators are allowed for Non-SAP-type functions in Saviynt?

Answer 54

AND, OR, and NOT.

Question 55

Which logical operators are allowed for SAPGROUP-type functions in Saviynt?

Answer 55

AND and OR.

Question 56

When does the Exclusion Query field appear in the function configuration?

Answer 56

Only when Non-SAP is selected as the Saviynt Function Type.

Question 57

In what formats can you export existing functions in Saviynt SOD?

Answer 57

CSV, Excel, and Complete Export.

Question 58

In Saviynt, what is a business process in the context of SOD?

Answer 58

A grouping of one or more functions and roles representing a collection of related, structured activities or tasks.

Question 59

In what formats can you export existing Business process rulesets in Saviynt SOD?

Answer 59

CSV and Excel.

Question 60

In SOD simulation, what are simulations based on in the Simulation workbench?

Answer 60

Security System and Endpoint.

Question 61

In Saviynt, what can SAV roles be used to control with respect to dashboards?

Answer 61

Whether dashboards for individual modules are enabled or disabled.

Question 62

In campaign status, what does the 'In Progress' status indicate?

Answer 62

Campaigns which are new or in process for review.

Question 63

What does the 'Total Number of retries' field configure for e-Signature verification?

Answer 63

The maximum number of times a user can retry entering validation credentials (username and password); attempts beyond this are rejected and the certification cannot be locked.

Question 64

What is the purpose of the 'Default Certifier' setting in a certification campaign?

Answer 64

To select a default certifier who can certify all the accounts belonging to an inactive or unavailable certifier (Manager or Secondary Manager).

Question 65

Before configuring SAML single sign-on (SSO) for Saviynt EIC, where must the user exist?

Answer 65

In both EIC and the SAML 2.0-compliant identity provider (IdP).

Question 66

What must users be assigned in EIC as a prerequisite for SAML SSO?

Answer 66

An appropriate SAV role.

Question 67

What cryptographic and metadata artifacts are required as prerequisites for configuring SAML SSO in Saviynt EIC?

Answer 67

SAML metadata (.xml) files and an X.509 certificate with validity up to three years.

Question 68

Which configuration items must be in place for user-account mapping when setting up SSO and provisioning in Saviynt?

Answer 68

A User Account Correlation Rule on the Endpoint and attribute mappings on the Connection.