Free Practice Questions for the SailPoint Identity Security Engineer IdentityIQ-Engineer Exam (2026 Updated)
At Marks4sure, we are dedicated to providing IT professionals with the most accurate and reliable preparation materials for the SailPoint IdentityIQ-Engineer exam. To support your certification journey, we have made a selection of our premium 2026 Identity Security Engineer practice questions and answers available completely free. You can take this practice test as many times as you need. Every question includes a detailed, expertly verified explanation to ensure you fully grasp the core security concepts before test day.
Can the following IdentitylQ object be extended to store client-specific data by updating the corresponding .HBM file?
Solution: WorkItem
Is this a purpose of an IdentitylQ certification?
Solution: to review a snapshot of a user ' s system access
Can the search type in Identity be used to accomplish this result?
Proposed Solution:
Identifying the number of employees that report to a specific person
The engineer uses the sailpoint.api.IdentityService in a BeanShell method to look up and return all account names for an identity on the application ' MagicBox ' . Is this a correct implementation?
Proposed Solution:
import sailpoint.api.IdentityService;
import sailpoint.api.SailPointContext;
import sailpoint.object.Application;
import sailpoint.object.Identity;
import sailpoint.object.Link;
import sailpoint.tools.GeneralException;
public List getAccountNames(SailPointContext context, Identity identity) throws GeneralException {
Application application = context.getObjectByName(Application.class, " MagicBox " );
IdentityService service = new IdentityService(context);
List < String > accountNames = new ArrayList < String > ();
List < Link > links = service.getLinks(identity, application);
if (links != null) {
for (Link link : links) {
accountNames.add(link.getNativeIdentity());
}
}
return accountNames;
}
Is this what should be performed in order to generate the database script to extend Application attributes in the IdentitylQ database on the initial installation?
Solution: Add the new object attribute to the Application ObjectConfig in IdentitylQ.
Is the following statement about workflows and sub-workflows (subprocesses) true?
Solution: Sub-workflows can be nested up to 3 levels only.
An engineer needs to trigger a workflow when a Division attribute changes from IT to Senior IT, but only when the user is a manager.
Is this a valid process that the engineer could use to launch a workflow for a lifecycle event?
Proposed Solution:
Create a trigger with an event type of create.
An IdentitylQ engineer needs to extend attributes in an IdentitylQ database after the database has been created.
What are the four minimum steps necessary to achieve this goal?
Drag four options from the left into the answer area on the right, and place them in the correct order.
Is this statement true about email templates or behavior within them?
Solution: Only identity object attributes or methods can be accessed through the reference variables of a template ' s input arguments.
The engineer needs to write some ad-hoc BeanShell code to search for GroupDefmition objects owned by Randy.Knight and print their names. Is this BeanShell code correct as written?
Solution:
A manager wants to extend the access granted to an employee.
Is this a default role type that is available for the manager to request in IdentityIQ during the access request process?
Proposed Solution:
HR Role
The engineer is configuring a new application definition.
The customer wants an Audit record to be created with the error message, if provisioning fails.
Is this the rule an engineer should write to accomplish the goal?
Solution: Write an AfterProvisioning rule.
Is this relationship type available for an IdentityIQ Role that has a multiple-level structure?
Proposed Solution:
Hierarchy
Can this action be performed as part of configuring an application definition in IdentitylQ?
Solution: Specify which users should be provisioned with a basic account as part of a joiner event.
Is this what should be performed in order to generate the database script to extend Managed Attribute attributes in the IdentityIQ database on the initial installation?
Proposed Solution:
Run the extendedSchema script on the IdentityIQ database.
Assuming that the policy violation owner has the necessary permissions, is this a valid option for the policy violation owner to use when acting on a policy violation of type ' Account Policy ' ?
Proposed Solution:
Schedule Policy Composition Certification
Can the following action be performed using Rapid Setup application onboarding?
Proposed Solution:
Specify the account attribute and value filter that identifies a service account.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Disable all notifications.
Is the following statement true?
Proposed Solution:
All ManagedAttribute objects associated to an Identity can be viewed on the ‘Policy’ tab from ‘View Identity’ QuickLink.
IdentitylQ is using emails to notify users about completion of steps within a process, or actions that need to be addressed.
To ensure this notification is working, a main configuration must be set up in IdentitylQ to provide mail server and mail server authentication details.
Is this a required setting that an engineer must set up in IdentitylQ in order to ensure successful communication with the SMTP server?
Solution: Email Protocol
Can the following IdentityIQ object be extended to store client-specific data by updating the corresponding .HBM file?
Proposed Solution:
Bundle
Is this configuration option required when an engineer sets up a SCIM 2.0 application?
Solution: Comment Character
Is the following true of Identity Provisioning Policies?
Proposed Solution:
A self-service Registration Identity Provisioning Policy is required to support the self-service registration workflow (LCM Registration).
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Check if an access request would violate any policies, and allow the requester to review before submitting.
Can a Workgroup be used for the following scenario?
Solution: Automatically creating multiple groups based on the values of a single identity attribute.
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution:
Can the search type in Syslog be used to accomplish this result?
Solution: Launching a certification using the search results
A client wants users who belong to an IdentitylQ workgroup named Management to be able to request entitlements and roles, but only for other users whose location attribute is the same as theirs.
Is this a population that will achieve the goal?
Solution: Create a quicklink population, set the membership match list to " All, " and set " Who can members request for? ' ' as share attributes with the requester, with the attribute set to location. '
Can the search type in Syslog be used to accomplish this result?
Solution: Identifying the number of employees that report to a specific person
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create and load a Custom Audit Report TaskDefinition XML and corresponding Custom Audit Report Form XML.
Is the following true of Identity Provisioning Policies?
Proposed Solution:
If no Update Identity Provisioning Policy is defined for the installation, the Create Identity Provisioning Policy will be used in Edit Identity operations.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Specify which applications support new account requests.
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Set up a new AuditAction in the AuditConfig object XML:
< ObjectAttribute displayName= " User Type " editMode= " Permanent " extendedNumber= " 2 " name= " userType " type= " string " / >
A manager wants to extend the access granted to an employee.
Is this a default role type that is available for the manager to request in IdentitylQ during the access request process?
Solution: Business Role
An engineer needs to first create a custom audit event and then set up an associated report. What are four steps to accomplish this goal?
Solution: Create a Data Export task.
Is this a benefit of using the Run Rule feature of the Debug-Object page?
Solution: It can be used to create/modify/delete SailPoint database objects.
Is the following statement about IdentitylQ rule inputs and outputs correct?
Solution: The lypical input variables for a rule are listed in the BeanShell rule editor in IdentitylQ, based on the rule registry.
How should an engineer schedule the tasks to most efficiently achieve the following goals?
Goals:
• Process the Employee Authoritative application at 5:00 AM and 12:00 PM.
• Process the Contractor Authoritative application at 5:10 AM and 12:10 PM.
• Process the Active Directory application at 5:20 AM and 12:20 PM.
• Process the Finance application at 8:00 PM.
• Check for expired work items at 12:00 AM.
• Perform identity request maintenance at 2:00 AM.
Schedule parameters:
• Each application aggregation takes anywhere between 30 minutes and 2 hours.
• The run schedule is for a 24-hour period, which begins at 12:00 AM.
Instructions:
• Drag the required tasks from the left into the answer area on the right, and place them in the correct order, starting at 12:00 AM.
• Ordinal numbers (such as 1st, 2nd, and 3rd) in the options indicate which run of the day it is for the task type.
• There will be unused task options.
Is this a purpose of an IdentityIQ certification?
Proposed Solution:
to attest assignment of roles to users
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Solution: Specify which access items may be requested.
Is this an example of a joiner lifecycle event?
Proposed Solution:
An employee previously left the company. Their access was disabled but has been reinstated; the employee needs all of their previous accounts enabled.
Is this a benefit of using the Run Rule feature of the Debug-Object page?
Proposed Solution:
It can be used to display the return value of simple code.
Is this statement true about certifications?
Solution: The staging period is required.
A client needs a custom quicklink, which only managers can launch, in order to launch a simple workflow. Is this a valid step to take during the development of this custom quicklink?
Solution: Insert the " Managers " quicklink population as the dynamic scope in the quicklink object.
Is the following statement about workflow step types and their usage true?
Proposed Solution:
A step named " end " is required to allow the workflow to end correctly.
Is the following statement true about out-of-the-box reporting?
Proposed Solution:
Reports can be scheduled to run at most once per day.
Is this a purpose of an IdentityIQ certification?
Proposed Solution:
to ensure SailPoint is in compliance with the ISO 9001 government regulation
Can the search type in Identity be used to accomplish this result?
Proposed Solution:
Identifying the number of certifications that are currently in the revocation phase
Is the following true of Identity Provisioning Policies?
Solution: Identity Provisioning Policies can be used to include allowed-values definitions or validation logic on fields so that only valid/authorized values can be specified for those fields when using the Create Identity feature to add an identity.
Can the Provisioning tab under " Administrator Console ' be used to do the following task?
Solution: View the specific operations on each attribute being provisioned.
Can the following be achieved via configuration of control variables in the out-of-the-box Lifecycle Manager (LCM) workflows?
Proposed Solution:
Specify which applications support password change requests through the IdentityIQ user interface.
An engineer needs to first create a custom audit event and then set up an associated report.
What are four steps to accomplish this goal?
Proposed Solution:
Set up a new AuditAction in the AuditConfig object XML:
< AuditAction displayName= " Custom New Audit Event " enabled= " true " name= " actionname " / >
Is this statement true about identitylQ ' s syslog event storage?
Solution: Both logging and auditing can have a negative influence on performance. Logging and auditing both require extra function calls within The application and will generate data that will need to be stored.
Is the following statement true?
Solution: All Application objects must have an Identity object as the owner.
Can the Environment tab under ‘Administrator Console’ be used to do the following task?
Proposed Solution:
View status of installed SailPoint modules/extensions.
IdentityIQ is using emails to notify users about completion of steps within a process, or actions that need to be addressed. To ensure this notification is working, a main configuration must be set up in IdentityIQ to provide mail server and mail server authentication details.
Is this a required setting that an engineer must set up in IdentityIQ in order to ensure successful communication with the SMTP server?
Proposed Solution:
SMTP Port


