Sun Certified Integrator for Identity Manager 7.1 (CX-310-400)

Product Description

Sun Certified Integrator for Identity Manager 7.1

The Sun Certified Integrator for Identity Manager 7.1 exam is for enterprise software integration specialists with extensive job-role experience using best practices in architecting, designing, implementing, testing, and deploying identity management solutions for typical provisioning automation and compliance scenarios. Candidates should be familiar with two deployments and/or have at least six to twelve months of experience.

Exams purchased on the Web site may only be used in the US. If you reside outside the US please select a country to inquire about products delivered in your country. Once exam vouchers are purchased you have up to one year from the date of purchase to use it. Each voucher is valid for one exam and may only be used at an Authorized Prometric Testing Center in the country for which it was purchased. Please be aware that exam vouchers are nonrefundable for any reason.

Details

• Delivered at: Authorized Worldwide Prometric Testing Centers
• Prerequisites: None
• Other exams/assignments required for this certification: None
• Exam type: Multiple Choice
• Number of questions: 56
• Pass score: 43% (24 of 56 questions)
• Time limit: 90 minutes

Back to top

Languages

Back to top

Exam Objectives

• Describe the market and specific business problems that Identity Manager is designed to address, and be able to contrast provisioning applications with single sign-on and federation services.
• Describe the Identity Manager architecture and its basic functions; be familiar with the various services provided, including reconciliation, data synchronization, and workflow-based request and provisioning and the components that must integrated seamlessly as part of a complete solution, including but not limited to forms, workflow definitions, rules, roles, and delegated administration features.
• Identify differences in the architecture of and types of problems addressed by Identity Manager SPE solutions as they pertain to transaction rates, request handling, and workflow complexity; be familiar with how data flows through SPE, the underlying data model, how delegated administration is described, and where the core Identity Manager product fits into the total solution.
• Describe a phased approach to deploying Identity Manager, identifying what features are packaged in the major deliverables of password management, identity synchronization, consolidated user administration (delegated administrator provisioning), and user self- service request; detail the order in which the phases are typically delivered and why.

• Describe the structure of a user object, including how resource references work, where passwords are stored, and how to extend the user data model. Detail how multiple accounts on the same resource are stored, how they are represented in forms and workflow, and how the identity template is used for new account names.
• Describe the process of seeding the identities, including how to choose the authoritative source, how to decide which attributes are stored, where they are stored, and why they are stored; describe the considerations that go into the login name for the user and techniques for generating unique identifiers.
• Describe how reconciliation is used to seed identities and correlate resource accounts. Identify the difference between full and incremental reconciliation, how correlation and confirmation rules work, how and where workflows can be integrated, and how attribute-level changes can be detected and synchronized.
• Describe how to configure reconciliation to perform certain tasks, including how to seed the repository, how to detect and link or remediate native resource account changes, how to report on orphaned accounts; be familiar with what information is passed to optional reconciliation workflows, and the typical actions that can be taken in response to various situations detected by reconciliation.

• Describe XPRESS, its rationale as compared to using existing, compiled languages, and its applications in the product, including rules, workflow, and forms.
• Write XPRESS code to execute algorithms that process strings, lists, handle GenericObjects, invoke Java™ classes, and invoke and interact with JavaScript™ technology.
• Given XPRESS code, validate syntax and debug for errors, demonstrating familiarity with XPRESS tracing and using the IDE debugger.

• Describe the business applications and features of SPML in an Identity Manager deployment as it relates to SOA/Middleware. Describe the advantages and disadvantages of using SPML to other interfaces provided by Identity Manager, including level of integration, ease of deployment, customizability, and availability of out of the box features.
• Describe the advantages and disadvantages of Identity Manager’s implementation of SPML 1.0 and SPML 2.0, detailing the request types available in each standard and what is implemented by Identity Manager; develop and debug request examples from both standards.

• Describe the Identity Synchronization process, paying careful attention to the view life cycle for both users and processes. Detail the dependencies and configuration requirements imposed in supporting Identity Synchronization on various resources, including Active Directory, Lightweight Directory Access Protocol (LDAP), and relational datastores, among others, and different ways to integrate with systems that do NOT allow direct connections.
• Describe the various Identity Synchronization features, how they work, and how they should be applied in various situations; topics include, but are not limited to, scheduling recurring runs, configuring the MetaView and Input Form, writing correlation/confirmation/delete rules, customizing and integrating provisioning workflows, and debugging. Compare and contrast Identity Synchronization to reconciliation.
• Describe Identity Synchronization best practices related to Identity Synchronization, demonstrating where and how to apply business logic given the various forms applied during processing, techniques for pre-filtering events and streamlining provisioning, configuration options that reduce the frequency and duration of fetches, and strategies for (and consequences of) distributing processing load in multi-instance environments through background provisioning.

• Describe the relationship between the various Identity Manager delegated administration model components, including rights, authorization types, capabilities, admin roles, organizations, and forms, and how these objects interact to ensure separation of duties and privacy. Describe how the manager / employee relationship is represented and used in Identity Manager. Describe how authorization types are used to provide fine-grained control over objects and work-item delegation.
• Demonstrate a thorough understanding of the view life cycle in the admin user interface. Demonstrate how to customize and override existing forms and workflow, including scaling to large numbers of resource types and / or instances, consolidating out of the box, resource type-specific forms into a unified admin form, adding notifications, and trapping and handling provisioning errors, among others. Describe how to launch custom workflows from both the home and account list tabs. Demonstrate techniques for customizing the look and feel and localization of a deployed solution.
• Describe the various security risks with an Identity Management solution and describe how Identity Manager is architected to reduce exposure, including encryption of secret data, passwords, and gateway traffic and the generation, management, and encryption of server encryption keys; describe how the product increases security around audit logs and approvals and how to enable these features; describe techniques to secure traffic to resources, such as Active Directory, LDAP, relational database management system (RDBMS), and UNIX® hosts, among others. Describe various ways in which to authenticate users, and the advantages and disadvantages of each, including single sign-on, pass through authentication to various resources, and local authentication.
• Describe how to implement a compliance solution with Identity Manager, including configuration of audit policies, controls (separation of duties), and access reviews. Describe the process of certification, including attestation, mitigation and / or remediation, and entitlement record generation and reporting. Describe how you can use roles and resource groups to group entitlements, simplifying application provisioning and reducing controls violations.

• Describe the advantages and disadvantages of using the user interface for delegated administration as compared to the admin user interface and SPML / Simple Object Access Protocol (SOAP) interface, taking into account customizability of the interfaces, how the delegated admin model is enforced, how views are handled (view life cycle), and the ability to lock down the interfaces; demonstrate an understanding of when and where to apply the various interfaces.
• Describe how to implement complex workflows, with special attention to view handling, wizard form processing, the WorkItem data model and ManualAction options; implement custom workflows, including, but not limited to, anonymous enrollment, user and resource account renames, and deferred tasks, among others. Implement custom workflow applications and integrate them into the configuration IDE.
• Describe Password Management options and customizations, including defining String Policies and expiring and distributing first time password changes; implement password synchronization on resources, such as active directory and LDAP; implement self-service password management features, for example, forgot my password, showing invalid password attempts, and account unlock (passing additional attributes in the Password view), among others.

Back to top

Browse Other Course Topic Areas