Master Saviynt SAVIGA-C01 Exam with Reliable Practice Questions

Correct : B

The component that filters the requestable applications under 'Request New Access' in Saviynt is the Access Query. Here's a detailed explanation:

Saviynt's Access Request System (ARS): As the front end for requesting access, the ARS needs a mechanism to determine which applications (and entitlements) should be displayed to a user as requestable.

Access Query: This is a powerful feature within Saviynt that allows administrators to define specific criteria to control the visibility of applications and entitlements in the ARS. Think of it as a filter that determines what a user can see and request.

How Access Queries Work:

Defined on Applications/Entitlements: Access Queries are configured on individual applications or entitlements within Saviynt.

Based on User Attributes: They use user attributes (e.g., department, location, job title, group memberships) and other criteria (e.g., risk level) to determine if a user should see a particular application or entitlement.

Dynamic Filtering: When a user accesses the 'Request New Access' section, Saviynt evaluates the Access Queries associated with each application and entitlement in real-time. Based on the user's attributes, the system dynamically filters the list, showing only the applications and entitlements that match the query conditions.

Saviynt's Security Model: Access Queries are a fundamental part of Saviynt's security model. They ensure that users are only presented with access options that are relevant and appropriate for their role and context, preventing accidental over-provisioning and reducing the attack surface.

Other Options:

Access Add Workflow: While essential for processing access requests, the workflow itself doesn't filter which applications are initially displayed.

Provisioning Connection: This relates to how Saviynt connects to target systems for automated provisioning. It doesn't control the initial visibility of applications in the ARS.

Whom to Request: This setting might determine the available approvers, but it doesn't filter the list of requestable applications.

In essence: Access Queries act as a dynamic filter, leveraging user attributes and defined criteria to determine which applications and entitlements are presented to a user within Saviynt's 'Request New Access' interface, ensuring a personalized and secure access request experience.

Correct : A

In Saviynt's Access Request configurations, the following can be set up as either optional or mandatory based on business requirements:

A . Approval comments: When an approver approves or rejects a request, they can be required to provide comments, or it can be made optional.

B . Add Attachment: Requesters can be allowed or required to attach supporting documentation to their access requests.

C . Business justification at Request level: Requesters can be obligated to provide a business justification for their access request, or it can be made optional.

Here's a breakdown with Saviynt IGA references:

Saviynt's Access Request System (ARS) Configuration: Saviynt provides granular control over the ARS's behavior, allowing administrators to customize various aspects of the request process, including data validation and required fields.

Mandatory vs. Optional Fields: Many fields and actions within the ARS can be configured as either mandatory or optional. This allows organizations to tailor the request process to their specific needs and compliance requirements.

Configuration Locations: These settings are typically found within the ARS configuration section of Saviynt's administrative interface.

Approval Comments: Often configurable within the workflow definition, at the approval step level. You can define whether comments are required for approval, rejection, or both.

Add Attachment: Generally found under general ARS settings, allowing you to enable or disable attachments and potentially set them as mandatory.

Business Justification: Also found within the ARS settings, allowing you to toggle the requirement for a business justification at the request level or even at the individual entitlement level.

Business Rationale: The flexibility to make these elements optional or mandatory allows organizations to balance the need for information with the desire for a streamlined user experience. For example, high-risk access requests might require detailed justification and attachments, while low-risk requests might not.

Saviynt's Audit Trail: Regardless of whether these fields are mandatory or optional, Saviynt's audit trail will capture the information provided, ensuring a complete record of the request and approval process.

In summary: Saviynt's ARS allows administrators to configure approval comments, attachments, and business justifications as either optional or mandatory, providing the flexibility to adapt the access request process to meet diverse organizational needs and compliance requirements.

Correct : C

The maximum file attachment limit for a request in Saviynt is typically 10. Here's an explanation:

Saviynt's Access Request System (ARS): The ARS allows users to attach files to access requests to provide supporting documentation or justification.

Attachment Limits: To prevent excessive storage usage and potential performance issues, Saviynt imposes limits on the number and size of attachments allowed per request.

Default Limit: The default maximum number of attachments allowed per request in Saviynt is generally 10.

Configuration: While 10 is the common default, it's worth noting that this limit might be configurable within the ARS settings in some Saviynt deployments. However, significantly increasing this limit could impact performance.

File Size Limit: In addition to the number of attachments, there's also usually a limit on the individual file size and the total size of all attachments combined. This is also generally configurable. These file size limits are important for maintain system stability and performance.

Error Handling: If a user attempts to exceed the attachment limit, Saviynt will typically display an error message, preventing them from submitting the request until the number of attachments is reduced.

Correct : D

To make an Entitlement request time-bound in Saviynt, the configuration used on the Entitlement Type is D. Start Date/End Date while raising a Request. Here's a breakdown:

Saviynt's Entitlement Management: Entitlements represent specific access rights within an application. Saviynt allows fine-grained control over how these entitlements are requested and granted.

Entitlement Type Configuration: Within Saviynt, each Entitlement Type can be configured with various settings that govern its behavior during access requests.

Time-Bound Access: To enforce time-limited access, Saviynt provides the option to require a Start Date and End Date during the request process.

'Start Date/End Date while raising a Request': This configuration setting, when enabled on an Entitlement Type, forces the requester to specify a desired start and end date for the access. This ensures that the granted access will only be valid for a specific period.

Saviynt's Workflow Engine and Provisioning: When a request with a start and end date is approved, Saviynt's workflow engine will typically handle the provisioning and de-provisioning based on these dates. If connected integration is set up, it may schedule the activation and deactivation of the access in the target system accordingly.

Other Options:

A . Ask for Start Date while revoking: This setting is related to revoking access, not granting time-bound access.

B . Allow update of Access End Date: This allows modification of the end date after the access has been granted, but it doesn't enforce a time-bound request from the outset.

C . Config JSON for Request Dates: While JSON might be used internally for configuration, this is not the specific setting that directly enables time-bound access requests.

In summary: The 'Start Date/End Date while raising a Request' configuration on an Entitlement Type in Saviynt is the key to enforcing time-bound access, ensuring that access is granted only for a specific, pre-defined period.

Correct : B

The Saviynt feature that allows detection of access rights granted outside the Saviynt platform is the B. RevokeOutOfBandAccessJob. Here's a detailed explanation:

Out-of-Band Access: This refers to access that is provisioned directly in the target system, bypassing the normal access request and approval processes within Saviynt. This can create security risks and compliance issues.

Saviynt's Reconciliation Process: Saviynt uses a reconciliation process to compare the access rights defined within its system with the actual access rights present in connected applications.

RevokeOutOfBandAccessJob: This specific job is designed to identify and flag out-of-band access. It works by:

Importing Account and Entitlement Data: The job imports data from the target system, capturing the current state of user access.

Comparing with Saviynt Data: It compares this imported data with the access rights managed within Saviynt.

Identifying Discrepancies: Any discrepancies, where a user has access in the target system that wasn't granted through Saviynt, are identified as out-of-band access.

Taking Action (Optional): The job can be configured to automatically revoke this out-of-band access or to simply generate a report for review and manual remediation. Or it can be configured to create a task for an administrator to review.

Saviynt's Access Governance: This feature is a crucial part of Saviynt's overall access governance capabilities, helping organizations maintain control over user access and enforce the principle of least privilege.

Other Options:

A . REST API: While Saviynt's REST API can be used to interact with the system and potentially retrieve access data, it's not the specific feature designed for out-of-band access detection.

C . Bulk Upload: This is a method for importing data into Saviynt, but it doesn't inherently detect out-of-band access.

D . ARS > Request Access for Others: This is part of the access request process, not related to detecting access granted outside of Saviynt.

In conclusion: The RevokeOutOfBandAccessJob in Saviynt plays a vital role in identifying and remediating out-of-band access, ensuring that access rights are managed centrally and consistently through the Saviynt platform.