If the data displayed in the Campaign Preview mode does not meet the requirement in Saviynt, the appropriate action is A. Re-configure Campaign. Here's why:

Saviynt's Campaign Preview Mode: This mode allows administrators to review the data that will be included in a campaign before activating it. It's a crucial step for ensuring that the campaign scope, data, and configuration are correct.

Purpose of Preview Mode: The primary purpose of the preview is to identify any issues or discrepancies in the campaign setup before it goes live.

Re-configure Campaign: If the preview reveals problems (e.g., incorrect users or entitlements are included, the wrong Certifiers are assigned, filters are not working as expected), the administrator needs to go back and re-configure the campaign settings. This might involve:

Adjusting the campaign scope.

Modifying filters or selection criteria.

Changing Certifier assignments.

Updating the campaign schedule or notifications.

Why Other Options Are Incorrect:

B . Check Summary: The summary provides a high-level overview of the campaign, but it doesn't allow for detailed data review like the preview mode.

C . Export Campaign: Exporting the campaign data won't fix the underlying configuration issues.

D . Activate Campaign: Activating a campaign with incorrect data would lead to inaccurate certification decisions and potential security risks.

The Saviynt feature that allows detection of access rights granted outside the Saviynt platform is the B. RevokeOutOfBandAccessJob. Here's a detailed explanation:

Out-of-Band Access: This refers to access that is provisioned directly in the target system, bypassing the normal access request and approval processes within Saviynt. This can create security risks and compliance issues.

Saviynt's Reconciliation Process: Saviynt uses a reconciliation process to compare the access rights defined within its system with the actual access rights present in connected applications.

RevokeOutOfBandAccessJob: This specific job is designed to identify and flag out-of-band access. It works by:

Importing Account and Entitlement Data: The job imports data from the target system, capturing the current state of user access.

Comparing with Saviynt Data: It compares this imported data with the access rights managed within Saviynt.

Identifying Discrepancies: Any discrepancies, where a user has access in the target system that wasn't granted through Saviynt, are identified as out-of-band access.

Taking Action (Optional): The job can be configured to automatically revoke this out-of-band access or to simply generate a report for review and manual remediation. Or it can be configured to create a task for an administrator to review.

Saviynt's Access Governance: This feature is a crucial part of Saviynt's overall access governance capabilities, helping organizations maintain control over user access and enforce the principle of least privilege.

Other Options:

A . REST API: While Saviynt's REST API can be used to interact with the system and potentially retrieve access data, it's not the specific feature designed for out-of-band access detection.

C . Bulk Upload: This is a method for importing data into Saviynt, but it doesn't inherently detect out-of-band access.

D . ARS > Request Access for Others: This is part of the access request process, not related to detecting access granted outside of Saviynt.

In conclusion: The RevokeOutOfBandAccessJob in Saviynt plays a vital role in identifying and remediating out-of-band access, ensuring that access rights are managed centrally and consistently through the Saviynt platform.

To decommission an AD Group and revoke access for all users, Jane should use D. Entitlement Owner Certification. Here is why:

AD Group as an Entitlement: In Saviynt, an AD Group is typically represented as an Entitlement.

Entitlement Owner Certification: This type of campaign allows the designated owner of an entitlement (in this case, Jane, as the manager of the AD Group) to review and certify who should have access to that entitlement.

Revoking Access: As the Entitlement Owner, Jane can use the certification campaign to:

Review the list of users: See all users who are currently members of the AD Group.

Revoke access for all users: Mark all users for removal from the group.

Decommissioning the Group: After revoking access for all users through the certification, Jane can then proceed with decommissioning the AD Group itself (either through Saviynt if it manages AD group lifecycle or directly in Active Directory).

Why Other Options Are Less Suitable:

A . Segregation of Duties: SoD is a principle, not a specific action for revoking access.

B . Entitlement Update Rule: While rules can automate some actions, a certification campaign provides a more controlled and auditable way to review and revoke access, especially for a sensitive action like decommissioning a group.

C . Mitigation Control: Mitigation controls are used to manage SoD conflicts, not for revoking access to entitlements.

In conclusion: An Entitlement Owner Certification campaign provides a structured and auditable way for Jane to review the membership of the AD Group, revoke access for all users, and prepare for the group's decommissioning, aligning with best practices for access management.

The image signifies B. Assigning of Enterprise Role based on users' location. Here's a breakdown, assuming the image depicts a portion of a Saviynt User Update Rule configuration:

Dynamic Variable 'City': The image highlights the use of a dynamic variable called 'city.' This strongly suggests that the rule is using the user's location (city) as a key factor in determining role assignment.

Saviynt's User Update Rules and Dynamic Variables: User Update Rules in Saviynt allow for the use of dynamic variables, which represent user attributes. These variables can be used in conditions and actions within the rule.

Enterprise Role Assignment: The context of the question implies that the rule is assigning an Enterprise Role based on the value of this 'city' variable.

Example: The rule might be configured to assign an Enterprise Role like 'Sydney-Users' to users whose 'city' attribute is 'Sydney.'

Why Other Options Are Less Likely:

A . Assigning of Enterprise Role based on users' department: There's no mention of 'department' in the provided information.

C . Assigning of Enterprise Role based on concatenation of dynamic variable city and Finance: While concatenation is possible in Saviynt, there's no indication that 'Finance' is involved here. The focus seems to be solely on the 'city' variable.

In conclusion: Based on the information given, the image most likely represents a Saviynt User Update Rule that assigns an Enterprise Role based on the user's location, as indicated by the dynamic variable 'city.

When access privileges for a specific Analytical Control are assigned using SAV Roles in Saviynt, users belonging to that role can, by default, perform the following tasks: B. View Control, Run Control, and View Analytic History of the Control. Here's a breakdown:

Saviynt's Role-Based Access Control (RBAC): Saviynt uses RBAC to manage access to various features and functionalities, including Analytical Controls.

Analytical Controls: These are pre-defined or custom-built analytics reports or dashboards.

Default Permissions: When a user is granted access to an Analytical Control via an SAV Role, they typically receive a set of default permissions:

View Control: Allows the user to view the configuration and definition of the Analytical Control (e.g., the query, parameters, visualization).

Run Control: Allows the user to execute the Analytical Control and generate results.

View Analytic History: Allows the user to see the history of previous executions of the Analytical Control, including the results and timestamps.

Why These Permissions Are Important:

Transparency: Users can understand how the analytics are defined and generated.

Usability: Users can run the analytics and obtain insights.

Auditing: Users can review past results for trend analysis or investigation.

Other Options:

A . Only view the configurations of the Control: This is too restrictive; users need to be able to run the control to get value from it.

C . Only view the Analytic History of the Control: This is also too limited; users should be able to run the control and view its configuration as well.

D . View Control and Run Control: While closer, it's missing the 'View Analytic History' permission, which is important for auditing and analysis.

MISCELLANEOUS