Which of the following Jobs should be created and scheduled to evaluate Rules on a need basis?
Correct Answer: A
The Job that should be created and scheduled to evaluate Rules on a need basis in Saviynt is A. Run Detective Rules and Take Action. Here's an explanation: * Saviynt's Jobs: Saviynt uses Jobs to perform various tasks, including data imports, rule evaluations, and provisioning operations. * "Run Detective Rules and Take Action": This specific job is designed to: * Evaluate Rules: It evaluates rules that are configured for detective (monitoring) purposes. These rules typically check for specific conditions or changes in user attributes, access rights, or other data. * Take Action (Optional): Based on the rule evaluation results, the job can be configured to automatically take actions, such as: * Generating alerts or notifications. * Creating tasks for administrators to review. * Triggering workflows. * Automatically remediating issues (e.g., revoking access if a rule detects a violation). * Scheduling: This job can be scheduled to run periodically (e.g., daily, hourly) to continuously monitor for changes and enforce defined rules. * On-Demand Execution: You can also run this job on-demand to evaluate rules immediately. * Other Options: * B. Provisioning Job: This job is primarily used for provisioning access to target systems, not for evaluating general-purpose rules. * C. User Import via Connection: This job is for importing user data from external sources. * D. Trigger Chain Job: This allows for running a series or "chain" of jobs, but it doesn't directly evaluate rules itself.
Question 2
A Campaign Owner can create various types of a User Manager Campaign to save different settings for various categories of Manager Access Reviews.
Correct Answer: C
To save different settings for various categories of Manager Access Reviews within User Manager Campaigns, a Campaign Owner can create C. Campaign Templates. Here's why: * Saviynt's Campaign Templates: Templates allow you to pre-configure various settings for a campaign and save them as a reusable template. This includes settings related to: * Campaign Scope: Defining which users, applications, or entitlements are included. * Certifier Selection: Specifying the type of certifiers (e.g., Managers, Application Owners). * Scheduling and Notifications: Setting up the campaign schedule and email notifications. * Advanced Configurations: Including filters, risk scores, and other advanced settings. * Multiple Templates for Different Categories: A Campaign Owner can create multiple templates, each tailored to a specific category of Manager Access Review. For example: * Template 1: For high-risk applications, with stricter filters and more frequent reviews. * Template 2: For low-risk applications, with broader scope and less frequent reviews. * Template 3: For specific departments or business units, with customized certifier selection. * Benefits of Using Templates: * Consistency: Ensures that similar types of reviews are conducted consistently. * Efficiency: Saves time by eliminating the need to configure each campaign from scratch. * Reduced Errors: Minimizes the risk of manual configuration errors. * Why Other Options Are Less Suitable: * A. Global Configurations: Global configurations apply to all campaigns, not to specific categories of reviews. * B. Campaign Types: Campaign types (e.g., User Manager, Entitlement Owner) define the overall purpose of the campaign, not the specific settings for different categories within a campaign type. * D. Campaign Previews: Previews are for reviewing the campaign data before launch, not for saving different configurations. In conclusion: Campaign Templates in Saviynt provide a powerful way to save and reuse different configurations for various categories of Manager Access Reviews, promoting consistency, efficiency, and accuracy in the certification process.
Question 3
Which of the following Account statuses is not considered in a User Manager Campaign certification?
Correct Answer: D
The Account status that is not typically considered in a User Manager Campaign certification in Saviynt is D. Manually Provisioned. Here's why: * Saviynt's User Manager Campaign Focus: User Manager Campaigns primarily focus on reviewing and certifying access that is actively managed and tracked within Saviynt. * Account Statuses and Their Relevance: * A. Manually Suspended: Indicates an account that has been intentionally disabled within Saviynt. These accounts are often included in reviews to ensure the suspension is still valid. * B. Inactive: Indicates an account that has not been used for a certain period. These accounts are often included in reviews to determine if they should be disabled or removed. * C. Suspended from Import Service: Indicates an account that has been suspended due to issues during an import process. These accounts are typically reviewed to resolve the import problem and determine the appropriate account status. * Manually Provisioned Accounts: These accounts are created directly in the target system, bypassing Saviynt's provisioning processes. As such, they might not be fully tracked or managed within Saviynt. * Out-of-Band Access: Manually provisioned accounts represent a form of out-of-band access, which is often excluded from standard User Manager Campaigns. * Separate Review Process: Organizations might have separate processes for reviewing manually provisioned accounts, such as using the RevokeOutOfBandAccessJob or a different type of campaign. In conclusion: While other account statuses like Manually Suspended, Inactive, and Suspended from Import Service are relevant to access management within Saviynt and are often included in User Manager Campaigns, Manually Provisioned accounts might be excluded because they represent access granted outside of Saviynt's control and might require a different review process.
Question 4
ABC Company intends to implement a workflow that involves Saviynt User Group's approval. Which of the following Workflow blocks is appropriate for this implementation?
Correct Answer: B
To implement a workflow involving a Saviynt User Group's approval, the appropriate workflow block is B. TASK Access Approve. Here's an explanation: * Saviynt's Workflow Engine: Saviynt's workflow engine allows for the creation of complex approval processes using various building blocks or activities. * TASK Access Approve: This specific activity is designed to handle approval steps within a workflow. It allows you to define who the approver(s) should be and how the approval should be processed. * User Group Approval: To implement approval by a Saviynt User Group, you would configure the "TASK Access Approve" activity as follows: * Approver Type: You would select "User Group" as the approver type. * User Group Selection: You would then specify the particular Saviynt User Group that should be responsible for the approval. * Approval Logic: You can define whether all members of the group must approve, or if a certain number or percentage of approvals is sufficient. * Saviynt User Groups: User Groups in Saviynt are collections of users, often based on department, role, or other criteria. They are useful for managing access and approvals at a group level. * Other Options: * A. CONDITION IF Else: This block is used for branching logic in a workflow, not specifically for assigning approvals to user groups. * C. Action Prompt: This might be used for displaying information or collecting input, but not for defining an approval step. * D. TASK Custom Assignment: While you could potentially use custom assignment with scripting to achieve user group approval, the "TASK Access Approve" activity provides a more straightforward and built-in way to do it. In conclusion: The "TASK Access Approve" workflow block in Saviynt, configured with a User Group as the approver type, is the most appropriate and direct way to implement a workflow that requires approval from a specific Saviynt User Group.
Question 5
To help users make informed and quick decisions, Saviynt provides filters for retrieving Certification data in the User Manager Campaign and Service Account Campaign. Which of the following options cannot be regarded as a Smart Filter?
Correct Answer: A
The option that cannot be regarded as a Smart Filter in Saviynt's User Manager and Service Account Campaigns is A. User's Assigned Role counts. Here's why: * Saviynt's Smart Filters: Smart Filters are pre-defined filters in Saviynt that help Certifiers quickly focus on specific access patterns or risk indicators during a certification campaign. They are designed to highlight potentially problematic or high-risk access. * Examples of Smart Filters: * B. Access with SoD Violations: This is a Smart Filter because it highlights access that violates Segregation of Duties policies, a significant risk indicator. * C. Out-of-Band Access for Entitlements: This is a Smart Filter as it identifies access that was granted outside of the normal Saviynt processes, potentially indicating a security risk. * D. Risk Level for Accounts: This is a Smart Filter because it allows Certifiers to focus on accounts with high-risk levels, which might require more scrutiny. * Why "User's Assigned Role counts" Is Not a Smart Filter: * Not a Risk Indicator: Simply knowing the number of roles assigned to a user doesn't inherently indicate a risk or a specific access pattern that requires attention. A user might have many roles legitimately, or they might have few roles but with high-risk access. * Not Actionable: This information alone doesn't provide enough context for a Certifier to make an informed decision about whether to approve or revoke access. * Alternative: While not a "Smart Filter", the number of roles assigned could be a data point displayed within the campaign, but it wouldn't be considered a pre-defined filter for highlighting risks.
