SailPoint Identity Security Engineer Certification Sample Questions

01. Which attribute is required to enable correct identity correlation across multiple sources?
a) Display name
b) Email address
c) Unique identifier
d) Lifecycle state

02. When aggregating data from an Active Directory source, which configuration considerations are required?
(Select all that apply.)
a) Properly scoped service account permissions
b) Correct domain and forest configuration
c) Enable certification campaigns before aggregation
d) Network connectivity between VA and domain controllers

03. Why is it important to grant only required access for platform tasks?
a) Improves aggregation speed
b) Reduces security risk
c) Simplifies identity modeling
d) Eliminates approval workflows

04. An organization is onboarding both employees and vendors into Identity Security Cloud. Employees are sourced from Workday, while vendors are sourced from a CSV feed. Employee data must always take precedence over vendor data.
Vendors should receive limited access and be fully de-provisioned upon contract end. Managers must approve access requests and certifications.
Which configurations are required to ensure manager-based approvals function correctly?
(Choose two.)
a) Manager correlation rules
b) Access profiles
c) Identity priority settings
d) Approval policies

05. Where should an engineer look to identify activity records when troubleshooting failed platform actions?
a) Certification history
b) Identity attributes
c) Activity search
d) Source configuration

06. An organization integrates Identity Security Cloud with Active Directory and a database source. Aggregations intermittently fail for the database source, while AD aggregations succeed. The VA is deployed on-premise with limited network access.
The engineering team needs to identify the cause and stabilize aggregations without increasing cloud data exposure.
What is the most likely cause of the database aggregation failures?
a) JDBC connectivity or credential issues
b) Incorrect lifecycle configuration
c) Missing certification campaigns
d) Identity profile conflicts

07. You are configuring provisioning for a source that supports multiple accounts per identity. Which best practices should be followed?
(Choose two)
a) Allow unlimited accounts without constraints
b) Define a unique account correlation attribute
c) Explicitly model account lifecycle behavior
d) Use a single provisioning policy for all account types

08. A platform team reports intermittent failures when executing workflows. Some actions complete successfully, while others fail without clear errors. Engineers need to identify where failures occur, confirm execution order, and validate access permissions for workflow actions.
Where should engineers look to determine which workflow step failed?
a) Activity search
b) Certification records
c) Identity attributes
d) Source schema

09. Which factors affect provisioning behavior when using different role assignment types?
(Select all that apply.)
a) Certification campaign status
b) Role removal timing
c) Birthright vs request role
d) Account correlation logic

10. An identity already has access to an application through a birthright role. A request role containing the same entitlement is later assigned. What is the expected provisioning outcome?
a) The entitlement is provisioned again
b) The entitlement is removed and re-added
c) The request role overrides the birthright role
d) No provisioning action occurs