All IdentityIQ-Associate Test Inside SailPoint Questions

The statement is true. In SailPoint IdentityIQ, account attributes are defined on the application’s account schema. The application definition tells IdentityIQ how to represent accounts from a connected source, and the account schema specifies which attributes exist on those accounts. Examples may include account ID, display name, email, status, department, groups, roles, permissions, or other source-specific fields returned by the connector during aggregation.

This is distinct from identity attributes, which are stored on the IdentityCube and represent normalized identity-level data used across IdentityIQ. Account attributes belong to application account links, while identity attributes belong to the identity model. During aggregation, IdentityIQ reads account data according to the application schema and stores the discovered values as account/link attributes. Some account schema attributes may also be marked as managed when their values represent entitlement-like access that should be governed through the Entitlement Catalog.

Therefore, account attributes are correctly defined in the application account schema. Reference topics: Applications — application definitions, account schema attributes, schema attribute properties; Identity Modeling — identity attributes versus account attributes; Access Modeling — managed attributes and entitlement catalog.

No. Connector-based delta processing is not available to all connectors in SailPoint IdentityIQ. Delta aggregation is a performance optimization that allows IdentityIQ to process only changes since a previous aggregation, instead of reading and processing the complete account population each time. However, this capability depends on whether the selected connector and target system support reliable change detection.

Some systems can expose changes through timestamps, change logs, sequence numbers, tokens, directory synchronization controls, or similar mechanisms. Other systems, such as simple file-based sources or connectors without change-tracking capability, may only support full aggregation. Because IdentityIQ connector behavior is connector-dependent, delta processing cannot be treated as a universal aggregation option.

The application’s connector selection determines which aggregation options are available, including whether connector-based delta processing can be enabled. Administrators must verify connector capability and configure aggregation accordingly.

Therefore, the statement is false because connector-based delta processing is a performance option only for supported connectors, not for every connector in IdentityIQ. Reference topics: Applications, aggregation task options, connector-dependent capabilities, account aggregation, delta aggregation, and performance optimization.

Yes. In SailPoint IdentityIQ, some application connectors include predefined schema information because the structure of accounts and groups on those target systems is well known to the connector. When an application is created and a specific connector type is selected, IdentityIQ may automatically populate schema elements such as the account schema, native identity attribute, display attribute, common account attributes, and sometimes group or entitlement schema definitions. This is common for standard connectors where the managed system has a predictable object model.

However, predefined does not mean final or immutable. The application administrator must still review and adjust the schema to ensure it accurately represents the implementation, including which attributes are aggregated, which attributes are searchable, which attributes are entitlements, and which attributes are used for identity correlation. Other connector types, such as generic JDBC, delimited file, or custom connectors, may require more manual schema definition.

This statement is therefore accurate because connector selection can provide default schema structure. Reference topics: Applications, connector selection, account schema, group schema, schema attributes, aggregation configuration, and application definition.

No. Defining access conditions that violate business policies is not provisioning. In SailPoint IdentityIQ, this activity belongs to governance and policy configuration. Policies define conditions that IdentityIQ should detect as violations, such as separation-of-duty conflicts, prohibited combinations of access, excessive privilege, or access that conflicts with organizational rules. These policies are evaluated against identities, roles, accounts, and entitlements to identify existing or potential violations.

Provisioning is the execution or fulfillment of access changes. Examples of provisioning include creating an account, modifying account attributes, adding or removing entitlements, disabling an account, deleting an account, or generating manual fulfillment work items. A policy violation may influence provisioning by blocking a request, warning the requester, requiring approval, or triggering remediation, but defining the violation condition itself is not a provisioning action.

Therefore, the described action is governance policy definition, not provisioning. Reference topics: Governance, policy configuration, policy detection, preventive policy checking, Provisioning, provisioning plans, remediation, and access-change fulfillment.