Saviynt SCAIP - Saviynt Certified Advanced IGA Professional (Level 200)

In Saviynt–ServiceNow integration using theSaviynt App for ServiceNow, therequest fulfillment location is flexible and depends on how the integration is configured. This is why Option C is correct.

Saviynt supports different integration patterns with ServiceNow. In one model,ServiceNow acts as the front-end request system, while Saviynt handles the fulfillment (provisioning, approvals, and access governance). In another model, ServiceNow can handle certain fulfillment steps depending on how workflows, APIs, and ticketing configurations are defined.

For example, if the integration is configured such that ServiceNow creates a request and passes it to Saviynt, thenSaviynt performs fulfillment. Alternatively, if certain fulfillment logic or orchestration is handled within ServiceNow workflows or ITSM processes, thenServiceNow may drive parts of the fulfillment process.

This flexibility allows organizations to align the integration with their operational model, whether centralized in Saviynt or distributed with ServiceNow. Therefore, fulfillment is not restricted to a single system and is determined byconfiguration and architectural design choices.

In Saviynt EIC REST connector configuration, account reconciliation (also known as account import or aggregation) requires specific mandatory JSON parameters that define how the system connects to the target application and retrieves account data. The two essential parameters areConnectionJSONandImportAccountEntJSON.

ConnectionJSON (Option A)is mandatory because it contains the core connection details such as base URL, authentication mechanism (OAuth, Basic, etc.), headers, and endpoint configurations. Without this, Saviynt cannot establish communication with the target REST application.

ImportAccountEntJSON (Option B)is also required because it defines the API call used to fetch account (entitlement/account) data from the target system. It includes endpoint URLs, response parsing logic, pagination handling, and mapping rules needed to bring account data into Saviynt.

OptionC (ImportUserJSON)is typically used for identity/user import, not for account reconciliation in REST connectors. OptionD (CreateAccountJSON)is used during provisioning (account creation), not during reconciliation.

Therefore, for account reconciliation using REST connector, the mandatory configurations are ConnectionJSON and ImportAccountEntJSON, as per Saviynt IGA Level 200 connector guidelines.

In Saviynt EIC, schema-based account import jobs rely heavily on theSAV file, which acts as the schema definition for interpreting incoming data. The error message“Schema definition file not found and No SAV file found”specifically indicates that Saviynt is unable to locate or process the required SAV file.

Option Ais correct because the SAV file must be placed in the designatedFile Directory → SAV files location. If the file is missing from this directory, the system cannot read the schema definition, resulting in job failure.

Option Dis also correct because even if the SAV file is present, anincorrectly formatted or corrupted SAV filewill prevent Saviynt from parsing it properly, leading to the same error.

OptionBis incorrect since SAV files are not expected in the Data files directory. OptionCis unrelated to this specific error, as missing CSV files would generate a different error related to missing data, not schema definition.

Thus, the issue is specifically tied to missing or invalid SAV schema files.

In Saviynt EIC, password management is highly configurable, allowing organizations to defineseparate password policies for different account types, including service accounts and regular user accounts. This requirement is achieved by creating a dedicated password policy specifically for service accounts and associating it appropriately within the system.

Option A is correct because Saviynt allows administrators to define aseparate Password Policy for Service Accountsand map it using thePolicy Rule Service Account field under the Security System configuration. This ensures that when service account operations such as password resets or provisioning occur, the system enforces the correct policy distinct from regular user accounts.

Option B is incorrect since Saviynt supports multiple password policies and does not restrict to a single policy. Option C is incorrect because simply selecting a checkbox in password policy configuration does not link it to service account usage. Option D is incorrect as Global Configurations do not directly assign password policies for service accounts at the execution level.

Thus, configuring and mapping the policy at theSecurity System levelensures correct enforcement for service accounts.

In Saviynt EIC, when an account is compromised and requiresimmediate containment, the most appropriate action is tolock the account(Option A). Locking an account ensures that the user is instantly prevented from logging into the target system without removing the account or affecting its underlying configuration. This action is reversible and allows administrators to quickly secure the account while further investigation or remediation steps (such as password reset or access review) are performed.

Option B (Suspend) is typically used for longer-term access revocation scenarios, such as employee leave or inactivity, and may depend on application-specific configurations. Option C (Expire) relates to setting an end date for account validity, which is not suitable for immediate threat mitigation. Option D (Delete) is a permanent and destructive action, generally avoided in incident response because it removes audit trails and complicates recovery.

Therefore, locking the account aligns with Saviynt best practices forincident response and rapid risk mitigation, ensuring security without losing account traceability.

In Saviynt EIC,SMTP configurationis used to enable email notifications for workflows such as access requests, certifications, alerts, and system communications. To securely connect with mail servers, Saviynt supports multiple authentication mechanisms. The valid authentication modes areNTLM, OAuth, and Basic, making OptionsA, B, and Dcorrect.

Basic Authentication (Option D)is the traditional method where a username and password are used to authenticate with the SMTP server. While widely supported, it is less secure compared to modern methods and is being phased out in many environments.

NTLM (Option A)is commonly used in Microsoft-based environments (e.g., Exchange servers) and provides integrated authentication using Windows credentials, offering better security than basic authentication.

OAuth (Option B)is a modern and more secure authentication mechanism that uses token-based authorization instead of storing credentials. It is commonly used with cloud-based email services such as Microsoft 365 or Google Workspace.

OptionCis incorrect because Saviynt explicitly supports multiple authentication modes.

Thus, NTLM, OAuth, and Basic are the supported SMTP authentication modes in Saviynt.

The correct answer is A. User Manager Campaign . In Saviynt, the User Manager campaign is specifically designed for manager-based certifications, where managers review and certify the access of their direct reportees. Saviynt documentation explicitly states that in a User Manager campaign, managers are responsible for reviewing and certifying the access of users who report to them. That makes this campaign type the best fit when the certification driver is the reporting hierarchy rather than entitlement ownership, role ownership, or service account ownership.

The other options represent different certification ownership models. Entitlement Owner Campaign is meant for entitlement owners, Role Owner Campaign is for role owners, and Service Account Campaign is focused on service account ownership verification and access review. Saviynt also describes campaigns as a way to automatically generate and distribute certifications to the appropriate certifiers based on the selected campaign type and ownership model. Therefore, when the requirement clearly says “managers must review direct reportees,” the User Manager campaign is the correct and most aligned selection within Saviynt Level 200 scope.

In Saviynt–ServiceNow integration, the synchronization ofRITM (Request Item) statusbetween Saviynt and ServiceNow is handled through bothmanual and automated mechanisms.

Option B is correct because users or administrators can manuallyclick the Refresh button on the RITM page in ServiceNowto immediately fetch the latest status from Saviynt. This is useful for real-time validation when monitoring request progress.

Option C is also correct as ServiceNow includes aRequest Item History Job, which runs periodically (commonly every minute) to automatically sync and update the RITM status based on the latest state in Saviynt. This ensures near real-time consistency between both systems without manual intervention.

Option A is incorrect because Postman API calls are not a standard or supported operational method for end users to refresh RITM status. Option D is unrelated, as regenerating catalog items does not impact ticket status synchronization.

Thus, the correct answers aremanual refresh and automated job-based synchronization.