I B M C E R T I F I C A T I O N
C0010700 IBM Certified Administrator – Security Verify SaaS v1 Practice Exam
Exam Number: 4365 | Last updated April 17, 2026 | 336+ questions across 5 vendor-aligned objectives
Access administrators who operate IBM Security Verify SaaS v1 for workforce and consumer identity target the C0010700 credential. Unlike Verify Access on-premises, this SaaS offering emphasizes rapid federation, application catalog onboarding, and passwordless journeys. Candidates should be fluent with application onboarding, user and group management, adaptive access policies, and MFA configuration.
Buoying the blueprint at 26%, User and Access Administration covers users, groups, lifecycle sync from HR sources, and delegated administration. At 22%, Application Onboarding covers the application catalog, SAML and OIDC connections, provisioning connectors, and SCIM. A further 20% targets Adaptive Access, covering access policies, context rules, and risk-based authentication.
Trimming the remaining domains, Multi-Factor Authentication accounts for 18% and spans MFA method registration, enrollment policies, and passwordless flows. Reporting and Audit represents 14% and spans activity reports, user analytics, and audit export. SaaS questions tend to reward answers that embrace the service model — pick the option that leverages built-in features rather than rebuilding them with custom configuration.
Every answer links to the source. Each explanation below includes a hyperlink to the exact IBM documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
741
practice exam users
94%
satisfied users
91%
passed the exam
4.6/5
quality rating
Test your C0010700 security verify saas v1 knowledge
10 of 336+ questions
Question #1 - User and Access Administration
A Verify SaaS admin at Thornfell Retail must sync users from the corporate HR system.
Which Verify SaaS v1 user-lifecycle capability fits?
A) Sync from an unrelated spreadsheet maintained weekly
B) Manually type every new hire into the Verify SaaS console
C) Configure an HR-sourced user lifecycle sync (e.g., via SCIM or the supported HR connector) so joiners, movers, and leavers flow from HR into Verify SaaS automatically
D) Disable provisioning and trust each manager to request access
Show solution
Correct answers: C – Explanation:
HR-sourced SCIM/connector-driven provisioning is the Verify SaaS v1 lifecycle reference. Manual typing, spreadsheet sources, and manager-request-only workflows all fail lifecycle discipline. Source: Check Source
Question #2 - User and Access Administration
A Verify SaaS admin at Thornglade Health must allow team leads to manage their own team’s memberships without granting full global admin.
Which v1 admin capability fits?
A) Configure delegated administration by scoping an admin role to the relevant user groups so team leads manage only their team’s memberships
B) Grant every team lead the global admin role
C) Give one central admin sole control and queue all changes
D) Disable admin roles and trust users to add themselves
Show solution
Correct answers: A – Explanation:
Scoped delegated administration is the Verify SaaS v1 admin reference. Global admin grants, single-central admin bottlenecks, and self-grant all fail delegated admin. Source: Check Source
Question #3 - User and Access Administration
A Verify SaaS v1 group-management requirement at Brecmere Bank must align SSO access with HR-sourced group memberships.
Which v1 admin feature fits?
A) Assign users to applications one at a time manually
B) Use group-based access policies so access to applications is granted to HR-sourced groups, with memberships maintained by the HR sync and evaluated at login
C) Skip groups and grant everyone access to everything
D) Rely on users to self-select their application set
Show solution
Correct answers: B – Explanation:
Group-based policies with HR-sync-maintained groups is the Verify SaaS v1 access-admin reference. Manual assignments, universal access, and self-selection all fail access discipline. Source: Check Source
Question #4 - Application Onboarding
A Verify SaaS v1 admin at Pellinville Finance must onboard a SaaS app that supports SAML 2.0.
Which Verify SaaS v1 onboarding approach integrates the SAML 2.0 SaaS application?
A) Invent a custom SSO protocol unique to the partner
B) Select the SaaS app from the Verify SaaS application catalog (or create a custom SAML app), exchange metadata with the partner, map attributes, and test the SSO flow end-to-end
C) Skip SSO and share one account among users
D) Have users keep separate local accounts in every SaaS
Show solution
Correct answers: B – Explanation:
Catalog onboarding with metadata exchange and attribute mapping is the Verify SaaS v1 SAML reference. Custom protocols, shared accounts, and per-SaaS locals all fail SSO. Source: Check Source
Question #5 - Application Onboarding
A Verify SaaS v1 admin at Heathbury Retail needs a SaaS app connected via OpenID Connect.
Which Verify SaaS v1 onboarding approach integrates the OpenID Connect SaaS application?
A) Screen-scrape the SaaS login form
B) Use SAML even when the SaaS only supports OIDC
C) Skip SSO and distribute shared passwords
D) Configure an OIDC application in Verify SaaS, issuing client ID and secret, setting redirect URIs, and mapping scopes to required attributes
Show solution
Correct answers: D – Explanation:
OIDC configuration with client credentials and scope mapping is the Verify SaaS v1 reference. SAML coercion, shared passwords, and screen-scraping all fail standards. Source: Check Source
Question #6 - Application Onboarding
A Verify SaaS v1 admin at Langtondale Insurance must auto-provision user accounts into a target SaaS.
Which Verify SaaS v1 feature auto-provisions user accounts into the target SaaS?
A) Skip provisioning and let the target reject sign-ins until accounts exist
B) Manually create accounts in the target for every user
C) Use the SCIM provisioning connector configured on the application so users and groups flow from Verify SaaS into the target automatically as memberships change
D) Share one account among all users
Show solution
Correct answers: C – Explanation:
SCIM provisioning connectors are the Verify SaaS v1 reference for downstream account lifecycle. Manual, reject-and-retry, and shared accounts all fail provisioning. Source: Check Source
Question #7 - Adaptive Access
A Verify SaaS v1 admin at Cramblefield Bank must step up authentication when logins come from unfamiliar locations.
Which Verify SaaS v1 feature steps up authentication when logins come from unfamiliar locations?
A) Require MFA on every login regardless of context
B) Configure an adaptive access policy with context rules on location and user risk score, requiring step-up MFA when risk crosses the threshold
C) Skip location-aware policies entirely
D) Block every login from outside the country no matter the user
Show solution
Correct answers: B – Explanation:
Adaptive access with risk-based step-up is the Verify SaaS v1 reference. Uniform MFA, no context, and blanket country blocks all miss adaptive access. Source: Check Source
Question #8 - Adaptive Access
A Verify SaaS v1 admin at Weirmouth Financial wants to trust a device after initial MFA on that device.
Which Verify SaaS v1 capability trusts a device after initial MFA on that device?
A) Enable device registration in the adaptive-access policy so known devices receive reduced friction, while unknown devices continue to trigger step-up
B) Skip device awareness and always MFA
C) Register devices via a shared spreadsheet
D) Disable MFA entirely once a user is trusted
Show solution
Correct answers: A – Explanation:
Device registration in adaptive access is the Verify SaaS v1 reference. Always-MFA, spreadsheets, and disabled MFA all fail adaptive access. Source: Check Source
Question #9 - Multi-Factor Authentication
A Verify SaaS v1 admin at Nethercreek Credit Union wants to enable passwordless sign-in using FIDO2 keys.
Which Verify SaaS v1 capability enables FIDO2 passwordless sign-in?
A) Enable the FIDO2 method in Verify SaaS MFA settings, enroll users’ security keys via the supported enrollment flow, and include the method in the passwordless authentication policy
B) Skip FIDO2 and rely on passwords alone
C) Use SMS one-time passwords only
D) Email users their passwords in clear text
Show solution
Correct answers: A – Explanation:
FIDO2 enrollment plus passwordless policy is the Verify SaaS v1 MFA reference. Passwords-only, SMS-only, and emailed clear-text passwords all fail modern MFA. Source: Check Source
Question #10 - Reporting and Audit
A Verify SaaS v1 admin at Aldenbrook Bank must give compliance a weekly report of failed logins.
Which Verify SaaS v1 capability delivers the weekly failed-login report?
A) Disable audit logging to save storage
B) Manually tail console logs every morning
C) Trust compliance to log in and guess
D) Use the built-in activity reports (or export audit events) filtered by failed-login events, schedule the export, and deliver to the compliance distribution list
Show solution
Correct answers: D – Explanation:
Scheduled activity reports or audit export is the Verify SaaS v1 audit reference. Manual tailing, compliance-guessing, and disabled audit all fail audit delivery. Source: Check Source
Get 336+ more questions with source-linked explanations
Every answer traces to the exact IBM documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated April 17, 2026
Learn more...
What the C0010700 security verify saas v1 exam measures
- Manage and sync users, groups, lifecycle sync from HR sources, and delegated administration to keep identity data current without manual cleanup
- Onboard and connect application catalog, SAML/OIDC connections, provisioning, and SCIM to put applications behind SSO quickly with the governance they need
- Adapt and decide access policies, context rules, and risk-based authentication to adjust authentication strength to real user risk rather than blanket rules
- Register and enroll MFA methods, enrollment policies, and passwordless flows to raise authentication assurance without breaking day-to-day productivity
- Report and export activity reports, user analytics, and audit export to give security and compliance teams the visibility they need into access events
How to prepare for this exam
- Review the official exam guide to understand every objective and domain weight before you begin studying
- Work through the relevant IBM Training learning path — ibm certified administrator security verify saas v1 C0010700 — to cover vendor-authored material end-to-end
- Get hands-on inside IBM TechZone or a comparable sandbox so you can practice the console tasks, CLI commands, and APIs the exam expects
- Tackle a real-world project at your workplace, a volunteer role, or an open-source repository where the technology under test is actually in use
- Drill one exam objective at a time, starting with the highest-weighted domain and only moving on once you can teach it to someone else
- Study by objective in PowerKram learn mode, where every explanation links back to authoritative IBM documentation
- Switch to PowerKram exam mode to rehearse under timed conditions and confirm you consistently score above the pass mark
Career paths and salary outlook
SaaS IAM administrators are a growing role as enterprises consolidate identity platforms to cloud-native offerings:
- IAM Administrator — $95,000–$135,000 per year, operating IAM platforms across enterprise workforce and consumer apps (Glassdoor salary data)
- Identity Security Engineer — $110,000–$150,000 per year, hardening identity infrastructure against modern attacks (Indeed salary data)
- Cloud Identity Architect — $125,000–$170,000 per year, designing federated-identity solutions across SaaS estates (Glassdoor salary data)
Official resources
Work through the official IBM Training learning path for this certification, which bundles videos, labs, and skill tasks aligned to every objective. The official exam page lists the full objective breakdown, prerequisite knowledge, and scheduling details.