Pass4Future also provide interactive practice exam software for preparing SailPoint Certified IdentityIQ Associate (IdentityIQ-Associate) Exam effectively. You are welcome to explore sample free SailPoint IdentityIQ-Associate Exam questions below and also try SailPoint IdentityIQ-Associate Exam practice test software.
Do you know that you can access more real SailPoint IdentityIQ-Associate exam questions via Premium Access? ()
Is this definition of Identity Cube accurate?
An IdentityIQ account
Answer : B
No. An Identity Cube is not an IdentityIQ account. In SailPoint IdentityIQ, the Identity Cube is the central identity record that represents a person or identity being governed by the platform. It consolidates identity attributes, correlated application accounts, account links, entitlements, assigned roles, detected roles, manager relationship, lifecycle state, policy violations, and other governance-relevant information.
An ''IdentityIQ account'' usually refers to a login account or user object that allows someone to access the IdentityIQ application itself. That is different from the Identity Cube, which is used to model the user's enterprise identity and access across connected systems. For example, one Identity Cube may contain links to multiple accounts such as Active Directory, Workday, ServiceNow, database accounts, and cloud application accounts.
Therefore, the proposed definition is inaccurate because it confuses an application login account with the broader identity model used for governance. Reference topics: Identity Modeling, IdentityCube contents, identity attributes, application account links, entitlements, roles, manager correlation, and Identity Warehouse.
Can this method be used to include entitlements or groups in the Entitlement Catalog?
Mark an attribute as multi-valued in the application schema and run an account aggregation.
Answer : B
No. Marking an attribute as multi-valued does not, by itself, cause IdentityIQ to treat that attribute as an entitlement or include its values in the Entitlement Catalog. In an application schema, the multi-valued setting only indicates that the account attribute can contain more than one value. It describes data structure, not governance meaning.
To include access values in the Entitlement Catalog, the relevant schema attribute must be configured as an entitlement-bearing attribute, or group objects must be properly configured and aggregated through the application's group schema where applicable. IdentityIQ then recognizes those values as governable access rights and can represent them as managed attributes in the Entitlement Catalog. Once cataloged, they can be reviewed, certified, requested, described, owned, risk-scored, and governed by policy.
For example, an account attribute such as ''groups'' may be multi-valued, but IdentityIQ must also know that those values represent access rights. Without entitlement configuration, the aggregation stores attribute values on the account but does not properly model them as catalog entitlements.
Reference topics: Access Modeling, Entitlement Catalog, managed attributes, application schema attributes, entitlement attribute configuration, group schema, and account aggregation.
Is this definition of Identity Cube accurate?
A snippet code containing custom business logic
Answer : B
No. This definition describes a rule more closely than an Identity Cube. In SailPoint IdentityIQ, an Identity Cube is the centralized identity model that represents a person or non-person identity inside IdentityIQ. It contains consolidated identity information such as identity attributes, correlated application accounts, assigned and detected roles, entitlements, manager relationship, lifecycle state, policy violations, certifications, and other governance-relevant data.
A ''snippet of code containing custom business logic'' refers to a BeanShell rule. Rules are executable logic used to customize IdentityIQ behavior in areas such as aggregation, correlation, provisioning, policy evaluation, workflow processing, and identity attribute transformation. They are configuration objects containing code, while Identity Cubes are data/model objects representing identities and their access.
Therefore, the statement is inaccurate because an Identity Cube is not custom code. It is the core identity record used by IdentityIQ for governance, access modeling, policy detection, requests, certifications, and provisioning decisions.
Reference topics: Identity Modeling, IdentityCube contents, identity attributes, correlated accounts, roles and entitlements, BeanShell rules, Foundational Concepts, and IdentityIQ object model.
Is this statement true about Rapid Setup?
Rapid Setup birthright roles are requestable.
Answer : B
No. In IdentityIQ, a birthright role is intended to represent access that is automatically assigned to identities based on defined business criteria, such as lifecycle state, department, location, job function, or other identity attributes. The purpose of a birthright role is automatic access assignment, not user-driven request selection. Rapid Setup can help configure common access-modeling and application-onboarding elements more efficiently, including birthright access patterns, but the birthright concept remains assignment-based rather than request-based.
Requestable access is handled through the access request model, where users select roles, entitlements, or other access items made available through request configuration and QuickLinks. Birthright access is different because it is granted when an identity satisfies the role assignment criteria and is recalculated through identity refresh and role evaluation. Making birthright roles requestable would undermine their purpose as standard baseline access automatically derived from identity data.
Therefore, the statement is inaccurate. Rapid Setup birthright roles are used for automated assignment and baseline access, not as requestable access items. Reference topics: Applications, Rapid Setup, Access Modeling, birthright roles, role assignment, identity refresh, and User-Driven Requests.
Is this statement true about attributes in IdentityIQ?
Identity attributes hold details about a user.
Answer : A
The statement is true. In SailPoint IdentityIQ, identity attributes are stored on the IdentityCube and represent normalized information about a user. These attributes describe the identity at the governance level rather than describing a single account on a connected application. Common examples include first name, last name, email, department, location, job title, employee number, manager, lifecycle state, and status.
Identity attributes are important because IdentityIQ uses them throughout identity governance processes. They support identity correlation, manager correlation, certification scoping, policy evaluation, role assignment, lifecycle events, access request routing, reporting, and population or group membership. Identity attributes may be sourced from an authoritative application, derived from account data, calculated through rules, or refreshed through Identity Refresh processing.
This differs from account attributes, which are defined in an application account schema and belong to a specific application account link. Identity attributes provide the consolidated user profile that IdentityIQ uses to make governance decisions.
Reference topics: Identity Modeling --- IdentityCubes, identity attributes versus account attributes, manager correlation, Identity Refresh options.
