- Home
- Workday
- Workday-Pro-Integrations
- Workday.Workday-Pro-Integrations.v2026-03-30.q35 Practice Test (Page 5)
Workday-Pro-Integrations Exam Question 16
What task is needed to build a sequence generator for an EIB integration?
Correct Answer: B
In Workday, a sequence generator is used to create unique, sequential identifiers for integration processes, such as Enterprise Interface Builders (EIBs). These identifiers are often needed to ensure data uniqueness or to meet external system requirements for tracking records. The question asks specifically about building a sequence generator for an EIB integration, so we need to identify the correct task based on Workday's integration configuration framework.
Understanding Sequence Generators in Workday
A sequence generator in Workday generates sequential numbers or IDs based on predefined rules, such as starting number, increment, and format. These are commonly used in integrations to create unique identifiers for outbound or inbound data, ensuring consistency and compliance with external system requirements. For EIB integrations, sequence generators are typically configured as part of the integration setup to handle data sequencing or identifier generation.
Analyzing the Options
Let's evaluate each option to determine which task is used to build a sequence generator for an EIB integration:
A . Put Sequence Generator Rule Configuration
Description: This option suggests configuring rules for a sequence generator, but "Put Sequence Generator Rule Configuration" is not a standard Workday task name or functionality. Workday uses specific nomenclature like "Create ID Definition/Sequence Generator" for sequence generator setup. This option seems vague or incorrect, as it doesn't align with Workday's documented tasks for sequence generators.
Why Not Correct?: It's not a recognized Workday task, and sequence generator configuration is typically handled through a specific setup process, not a "put" or rule-based configuration in this context.
B . Create ID Definition/Sequence Generator
Description: This is a standard Workday task used to create and configure sequence generators. In Workday, you navigate to the "Create ID Definition/Sequence Generator" task under the Integrations or Setup domain to define a sequence generator. This task allows you to specify the starting number, increment, format (e.g., numeric, alphanumeric), and scope (e.g., tenant-wide or integration-specific). For EIB integrations, this task is used to generate unique IDs or sequences for data records.
Why Correct?: This task directly aligns with Workday's documentation for setting up sequence generators, as outlined in integration guides. It's the standard method for building a sequence generator for use in EIBs or other integrations.
C . Edit Tenant Setup - Integrations
Description: This task involves modifying broader tenant-level integration settings, such as enabling services, configuring security, or adjusting integration parameters. While sequence generators might be used within integrations, this task is too high-level and does not specifically address creating or configuring a sequence generator.
Why Not Correct?: It's not granular enough for sequence generator setup; it focuses on tenant-wide integration configurations rather than the specific creation of a sequence generator.
D . Configure Integration Sequence Generator Service
Description: This option suggests configuring a service specifically for sequence generation within an integration. However, Workday does not use a task named "Configure Integration Sequence Generator Service." Sequence generators are typically set up as ID definitions, not as standalone services. This option appears to be a misnomer or non-standard terminology.
Why Not Correct?: It's not a recognized Workday task, and sequence generators are configured via "Create ID Definition/Sequence Generator," not as a service configuration.
Conclusion
Based on Workday's integration framework and documentation, the correct task for building a sequence generator for an EIB integration is B. Create ID Definition/Sequence Generator. This task allows you to define and configure the sequence generator with the necessary parameters (e.g., starting value, increment, format) for use in EIBs. This is a standard practice for ensuring unique identifiers in integrations, as described in Workday's Pro Integrations training materials.
Surprising Insight
It's interesting to note that Workday's sequence generators are highly flexible, allowing customization for various use cases, such as generating employee IDs, transaction numbers, or integration-specific sequences. The simplicity of the "Create ID Definition/Sequence Generator" task makes it accessible even for non-technical users, which aligns with Workday's no-code integration philosophy.
Key Citations
Workday Pro Integrations Study Guide, Module 3: EIB Configuration
Workday Integration Cloud Connect: Sequence Generators
Workday EIB and Sequence Generator Overview
Configuring Workday Integrations: ID Definitions
Understanding Sequence Generators in Workday
A sequence generator in Workday generates sequential numbers or IDs based on predefined rules, such as starting number, increment, and format. These are commonly used in integrations to create unique identifiers for outbound or inbound data, ensuring consistency and compliance with external system requirements. For EIB integrations, sequence generators are typically configured as part of the integration setup to handle data sequencing or identifier generation.
Analyzing the Options
Let's evaluate each option to determine which task is used to build a sequence generator for an EIB integration:
A . Put Sequence Generator Rule Configuration
Description: This option suggests configuring rules for a sequence generator, but "Put Sequence Generator Rule Configuration" is not a standard Workday task name or functionality. Workday uses specific nomenclature like "Create ID Definition/Sequence Generator" for sequence generator setup. This option seems vague or incorrect, as it doesn't align with Workday's documented tasks for sequence generators.
Why Not Correct?: It's not a recognized Workday task, and sequence generator configuration is typically handled through a specific setup process, not a "put" or rule-based configuration in this context.
B . Create ID Definition/Sequence Generator
Description: This is a standard Workday task used to create and configure sequence generators. In Workday, you navigate to the "Create ID Definition/Sequence Generator" task under the Integrations or Setup domain to define a sequence generator. This task allows you to specify the starting number, increment, format (e.g., numeric, alphanumeric), and scope (e.g., tenant-wide or integration-specific). For EIB integrations, this task is used to generate unique IDs or sequences for data records.
Why Correct?: This task directly aligns with Workday's documentation for setting up sequence generators, as outlined in integration guides. It's the standard method for building a sequence generator for use in EIBs or other integrations.
C . Edit Tenant Setup - Integrations
Description: This task involves modifying broader tenant-level integration settings, such as enabling services, configuring security, or adjusting integration parameters. While sequence generators might be used within integrations, this task is too high-level and does not specifically address creating or configuring a sequence generator.
Why Not Correct?: It's not granular enough for sequence generator setup; it focuses on tenant-wide integration configurations rather than the specific creation of a sequence generator.
D . Configure Integration Sequence Generator Service
Description: This option suggests configuring a service specifically for sequence generation within an integration. However, Workday does not use a task named "Configure Integration Sequence Generator Service." Sequence generators are typically set up as ID definitions, not as standalone services. This option appears to be a misnomer or non-standard terminology.
Why Not Correct?: It's not a recognized Workday task, and sequence generators are configured via "Create ID Definition/Sequence Generator," not as a service configuration.
Conclusion
Based on Workday's integration framework and documentation, the correct task for building a sequence generator for an EIB integration is B. Create ID Definition/Sequence Generator. This task allows you to define and configure the sequence generator with the necessary parameters (e.g., starting value, increment, format) for use in EIBs. This is a standard practice for ensuring unique identifiers in integrations, as described in Workday's Pro Integrations training materials.
Surprising Insight
It's interesting to note that Workday's sequence generators are highly flexible, allowing customization for various use cases, such as generating employee IDs, transaction numbers, or integration-specific sequences. The simplicity of the "Create ID Definition/Sequence Generator" task makes it accessible even for non-technical users, which aligns with Workday's no-code integration philosophy.
Key Citations
Workday Pro Integrations Study Guide, Module 3: EIB Configuration
Workday Integration Cloud Connect: Sequence Generators
Workday EIB and Sequence Generator Overview
Configuring Workday Integrations: ID Definitions
Workday-Pro-Integrations Exam Question 17
What is the relationship between an ISU (Integration System User) and an ISSG (Integration System Security Group)?
Correct Answer: A
This question explores the relationship between an Integration System User (ISU) and an Integration System Security Group (ISSG) in Workday Pro Integrations, focusing on how security is structured for integrations. Let's analyze the relationship and evaluate each option to determine the correct answer.
Understanding ISU and ISSG in Workday
Integration System User (ISU): An ISU is a dedicated user account in Workday specifically designed for integrations. It acts as a "robot account" or service account, used by integration systems to interact with Workday via APIs, web services, or other integration mechanisms (e.g., EIBs, Core Connectors). ISUs are typically configured with a username, password, and specific security settings, such as disabling UI sessions and setting session timeouts to prevent expiration (commonly set to 0 minutes). ISUs are not human users but are instead programmatic accounts for automated processes.
Integration System Security Group (ISSG): An ISSG is a security container or group in Workday that defines the permissions and access rights for integration systems. ISSGs are used to manage what data and functionalities an integration (or its associated ISU) can access or modify within Workday. There are two types of ISSGs:
Unconstrained: Allows access to all data instances secured by the group.
Constrained: Limits access to a subset of data instances based on context (e.g., specific segments or data scopes).ISSGs are configured with domain security policies, granting permissions like "Get" (read), "Put" (write), "View," or "Modify" for specific domains (e.g., Worker Data, Integration Build).
Relationship Between ISU and ISSG: In Workday, security for integrations is managed through a hierarchical structure. An ISU is associated with or assigned to an ISSG to inherit its permissions. The ISSG acts as the security policy container, defining what the ISU can do, while the ISU is the account executing those actions. This relationship ensures that integrations have controlled, audited access to Workday data and functions, adhering to the principle of least privilege.
Evaluating Each Option
Let's assess each option based on Workday's security model for integrations:
Option A: The ISU is a member of the ISSG.
Analysis: This is correct. In Workday, an ISU is assigned to or associated with an ISSG to gain the necessary permissions. The ISSG serves as a security group that contains one or more ISUs, granting them access to specific domains and functionalities. For example, when creating an ISU, you use the "Create Integration System User" task, and then assign it to an ISSG via the "Assign Integration System Security Groups" or "Maintain Permissions for Security Group" tasks. Multiple ISUs can belong to the same ISSG, inheriting its permissions. This aligns with Workday's security framework, where security groups (like ISSGs) manage user (or ISU) access.
Why It Fits: The ISU is a "member" of the ISSG in the sense that it is linked to the group to receive its permissions, enabling secure integration operations. This is a standard practice for managing integration security in Workday.
Option B: The ISU owns the ISSG.
Analysis: This is incorrect. In Workday, ISUs do not "own" ISSGs. Ownership or control of security groups is not a concept applicable to ISUs, which are service accounts for integrations, not administrative entities with authority over security structures. ISSGs are created and managed by Workday administrators or security professionals using tasks like "Create Security Group" and "Maintain Permissions for Security Group." The ISU is simply a user account assigned to the ISSG, not its owner or controller.
Why It Doesn't Fit: Ownership implies administrative control, which ISUs lack; they are designed for execution, not management of security groups.
Option C: The ISU grants security policies to the ISSG.
Analysis: This is incorrect. ISUs do not have the authority to grant or modify security policies for ISSGs. Security policies are defined and assigned to ISSGs by Workday administrators or security roles with appropriate permissions (e.g., Security Configuration domain access). ISUs are passive accounts that execute integrations based on the permissions granted by the ISSG they are assigned to. Granting permissions is an administrative function, not an ISU capability.
Why It Doesn't Fit: ISUs are integration accounts, not security administrators, so they cannot modify or grant policies to ISSGs.
Option D: The ISU controls what accounts are in the ISSG.
Analysis: This is incorrect. ISUs do not control membership or configuration of ISSGs. Adding or removing accounts (including other ISUs) from an ISSG is an administrative task performed by users with security configuration permissions, using tasks like "Maintain Permissions for Security Group." ISUs are limited to executing integration tasks based on their assigned ISSG permissions, not managing group membership.
Why It Doesn't Fit: ISUs lack the authority to manage ISSG membership or structure, as they are not administrative accounts but integration-specific service accounts.
Final Verification
Based on Workday's security model, the correct relationship is that an ISU is a member of an ISSG, inheriting its permissions to perform integration tasks. This is consistent with the principle of least privilege, where ISSGs define access, and ISUs execute within those boundaries. The other options misattribute administrative or ownership roles to ISUs, which are not supported by Workday's design.
Supporting Information
The relationship is grounded in Workday's integration security practices, including:
Creating an ISU via the "Create Integration System User" task.
Creating an ISSG via the "Create Security Group" task, selecting "Integration System Security Group (Unconstrained)" or "Constrained." Assigning the ISU to the ISSG using tasks like "Assign Integration System Security Groups" or "Maintain Permissions for Security Group." Configuring domain security policies (e.g., Get, Put) for the ISSG to control ISU access to domains like Worker Data, Integration Build, etc.
Activating security changes via "Activate Pending Security Policy Changes." This structure ensures secure, controlled access for integrations, with ISSGs acting as the permission container and ISUs as the executing accounts.
Key Reference
The explanation aligns with Workday Pro Integrations documentation and best practices, including:
Integration security overviews and training on Workday Community.
Guides for creating ISUs and ISSGs in implementation documentation (e.g., NetIQ, Microsoft Learn, Reco.ai).
Tutorials on configuring domain permissions and security groups for integrations (e.g., ServiceNow, Apideck, Surety Systems).
Understanding ISU and ISSG in Workday
Integration System User (ISU): An ISU is a dedicated user account in Workday specifically designed for integrations. It acts as a "robot account" or service account, used by integration systems to interact with Workday via APIs, web services, or other integration mechanisms (e.g., EIBs, Core Connectors). ISUs are typically configured with a username, password, and specific security settings, such as disabling UI sessions and setting session timeouts to prevent expiration (commonly set to 0 minutes). ISUs are not human users but are instead programmatic accounts for automated processes.
Integration System Security Group (ISSG): An ISSG is a security container or group in Workday that defines the permissions and access rights for integration systems. ISSGs are used to manage what data and functionalities an integration (or its associated ISU) can access or modify within Workday. There are two types of ISSGs:
Unconstrained: Allows access to all data instances secured by the group.
Constrained: Limits access to a subset of data instances based on context (e.g., specific segments or data scopes).ISSGs are configured with domain security policies, granting permissions like "Get" (read), "Put" (write), "View," or "Modify" for specific domains (e.g., Worker Data, Integration Build).
Relationship Between ISU and ISSG: In Workday, security for integrations is managed through a hierarchical structure. An ISU is associated with or assigned to an ISSG to inherit its permissions. The ISSG acts as the security policy container, defining what the ISU can do, while the ISU is the account executing those actions. This relationship ensures that integrations have controlled, audited access to Workday data and functions, adhering to the principle of least privilege.
Evaluating Each Option
Let's assess each option based on Workday's security model for integrations:
Option A: The ISU is a member of the ISSG.
Analysis: This is correct. In Workday, an ISU is assigned to or associated with an ISSG to gain the necessary permissions. The ISSG serves as a security group that contains one or more ISUs, granting them access to specific domains and functionalities. For example, when creating an ISU, you use the "Create Integration System User" task, and then assign it to an ISSG via the "Assign Integration System Security Groups" or "Maintain Permissions for Security Group" tasks. Multiple ISUs can belong to the same ISSG, inheriting its permissions. This aligns with Workday's security framework, where security groups (like ISSGs) manage user (or ISU) access.
Why It Fits: The ISU is a "member" of the ISSG in the sense that it is linked to the group to receive its permissions, enabling secure integration operations. This is a standard practice for managing integration security in Workday.
Option B: The ISU owns the ISSG.
Analysis: This is incorrect. In Workday, ISUs do not "own" ISSGs. Ownership or control of security groups is not a concept applicable to ISUs, which are service accounts for integrations, not administrative entities with authority over security structures. ISSGs are created and managed by Workday administrators or security professionals using tasks like "Create Security Group" and "Maintain Permissions for Security Group." The ISU is simply a user account assigned to the ISSG, not its owner or controller.
Why It Doesn't Fit: Ownership implies administrative control, which ISUs lack; they are designed for execution, not management of security groups.
Option C: The ISU grants security policies to the ISSG.
Analysis: This is incorrect. ISUs do not have the authority to grant or modify security policies for ISSGs. Security policies are defined and assigned to ISSGs by Workday administrators or security roles with appropriate permissions (e.g., Security Configuration domain access). ISUs are passive accounts that execute integrations based on the permissions granted by the ISSG they are assigned to. Granting permissions is an administrative function, not an ISU capability.
Why It Doesn't Fit: ISUs are integration accounts, not security administrators, so they cannot modify or grant policies to ISSGs.
Option D: The ISU controls what accounts are in the ISSG.
Analysis: This is incorrect. ISUs do not control membership or configuration of ISSGs. Adding or removing accounts (including other ISUs) from an ISSG is an administrative task performed by users with security configuration permissions, using tasks like "Maintain Permissions for Security Group." ISUs are limited to executing integration tasks based on their assigned ISSG permissions, not managing group membership.
Why It Doesn't Fit: ISUs lack the authority to manage ISSG membership or structure, as they are not administrative accounts but integration-specific service accounts.
Final Verification
Based on Workday's security model, the correct relationship is that an ISU is a member of an ISSG, inheriting its permissions to perform integration tasks. This is consistent with the principle of least privilege, where ISSGs define access, and ISUs execute within those boundaries. The other options misattribute administrative or ownership roles to ISUs, which are not supported by Workday's design.
Supporting Information
The relationship is grounded in Workday's integration security practices, including:
Creating an ISU via the "Create Integration System User" task.
Creating an ISSG via the "Create Security Group" task, selecting "Integration System Security Group (Unconstrained)" or "Constrained." Assigning the ISU to the ISSG using tasks like "Assign Integration System Security Groups" or "Maintain Permissions for Security Group." Configuring domain security policies (e.g., Get, Put) for the ISSG to control ISU access to domains like Worker Data, Integration Build, etc.
Activating security changes via "Activate Pending Security Policy Changes." This structure ensures secure, controlled access for integrations, with ISSGs acting as the permission container and ISUs as the executing accounts.
Key Reference
The explanation aligns with Workday Pro Integrations documentation and best practices, including:
Integration security overviews and training on Workday Community.
Guides for creating ISUs and ISSGs in implementation documentation (e.g., NetIQ, Microsoft Learn, Reco.ai).
Tutorials on configuring domain permissions and security groups for integrations (e.g., ServiceNow, Apideck, Surety Systems).
Workday-Pro-Integrations Exam Question 18
A vendor needs an EIB that uses a custom report to output a list of new hires and the date they are eligible for benefits. You have been asked to create a calculated field that adds each worker's hire date + 85 days and displays the result in YYYY-MM-DD format.
Which calculated field functions do you need to accomplish this?
Which calculated field functions do you need to accomplish this?
Correct Answer: D
You are asked to create a calculated field that:
Takes the Hire Date
Adds 85 days
Formats it as YYYY-MM-DD
To accomplish this in Workday, you need the following calculated field functions:
Numeric Constant → define 85
Increment or Decrement Date → add 85 days to the Hire Date
Format Date → convert the resulting date to YYYY-MM-DD
Why other options are incorrect:
A . Date Constant would define a fixed date, not a dynamic calculation.
B . Date Difference is for subtraction between two dates.
C . Date Constant is still incorrect for offsetting a variable date.
Takes the Hire Date
Adds 85 days
Formats it as YYYY-MM-DD
To accomplish this in Workday, you need the following calculated field functions:
Numeric Constant → define 85
Increment or Decrement Date → add 85 days to the Hire Date
Format Date → convert the resulting date to YYYY-MM-DD
Why other options are incorrect:
A . Date Constant would define a fixed date, not a dynamic calculation.
B . Date Difference is for subtraction between two dates.
C . Date Constant is still incorrect for offsetting a variable date.
Workday-Pro-Integrations Exam Question 19
When creating an ISU, what should you do to ensure the user only authenticates via web services?
Correct Answer: B
When creating an Integration System User (ISU) in Workday, the goal is often to ensure that the user is restricted to performing tasks via web services (e.g., API calls or integrations) and cannot log into the Workday user interface (UI). This is a critical security measure to limit the ISU's access to only what is necessary for integration purposes, adhering to the principle of least privilege. Let's evaluate each option provided in the question to determine the correct approach based on Workday's functionality and best practices as outlined in official documentation and the Workday Pro Integrations program.
Option A: Choose a constrained security group.In Workday, security groups define the permissions and access levels for users, including ISUs. There are two types of Integration System Security Groups (ISSGs): constrained and unconstrained. A constrained ISSG limits access to specific organizations or data scopes, while an unconstrained ISSG provides broader access across the tenant. While choosing a constrained security group can enhance security by limiting the scope of data the ISU can access, it does not directly control whether the ISU authenticates via web services or the UI. The type of security group affects data access permissions, not the authentication method or UI access. Therefore, this option does not address the requirement of ensuring authentication only via web services.
Option B: Select the Do Not Allow UI Sessions checkbox.When creating an ISU in Workday, the "Create Integration System User" task presents an option labeled "Do Not Allow UI Sessions." Selecting this checkbox explicitly prevents the ISU from logging into the Workday UI using its credentials. This setting ensures that the ISU can only authenticate and operate through programmatic means, such as web service calls (e.g., SOAP or REST APIs), which is precisely the intent of the question. This is a standard security practice recommended by Workday to isolate integration activities from interactive user sessions, reducing the risk of misuse or unauthorized access through the UI. This option directly aligns with the requirement and is the correct answer.
Option C: Update the session timeout minutes.The "Session Timeout Minutes" field in the ISU creation task determines how long an ISU's session remains active before it expires. By default, this is set to 0, meaning the session does not expire, which is suitable for integrations that require continuous operation without interruption. Updating this value (e.g., setting it to a specific number of minutes) would cause the session to time out after that period, potentially disrupting long-running integrations. However, this setting pertains to session duration, not the method of authentication or whether UI access is allowed. It does not prevent the ISU from logging into the UI or ensure that authentication occurs only via web services, making this option irrelevant to the question.
Option D: Generate a random password.Generating a random password for the ISU is a good security practice to ensure the credentials are strong and not easily guessable. However, the password itself does not dictate how the ISU authenticates or whether it can access the UI. A random password enhances security but does not inherently restrict the ISU to web service authentication. Without selecting "Do Not Allow UI Sessions," the ISU could still log into the UI with that password, assuming no other restrictions are applied. Thus, this option does not fulfill the requirement of ensuring authentication only via web services.
Why Option B is Correct
The "Do Not Allow UI Sessions" checkbox is a specific configuration in the ISU setup process that directly enforces the restriction of authentication to web services. This setting is part of Workday's security framework for integrations, ensuring that ISUs-designed as non-human accounts for programmatic access-cannot be used interactively. This aligns with Workday's best practices for securing integrations, as outlined in the Workday Pro Integrations Study Guide and related documentation. For example, when an ISU is created with this checkbox selected, any attempt to log into the Workday UI with its credentials will fail, while web service requests (e.g., via SOAP or REST APIs) will succeed, assuming proper permissions are granted via an ISSG.
Practical Application
To implement this in Workday:
Log into your Workday tenant with administrative privileges.
Search for and select the "Create Integration System User" task.
Enter a username and password for the ISU.
Check the "Do Not Allow UI Sessions" checkbox.
Leave "Session Timeout Minutes" at 0 (default) to avoid session expiration during integrations.
Save the ISU and assign it to an appropriate ISSG (constrained or unconstrained, depending on the integration's needs).
This configuration ensures the ISU is locked to web service authentication, meeting the question's objective.
Verification with Workday Documentation
The Workday Pro Integrations Study Guide emphasizes securing ISUs by restricting them to integration-specific tasks. The "Do Not Allow UI Sessions" option is highlighted as a key control for preventing UI access, ensuring that ISUs operate solely through web services. This is also consistent with broader Workday security training materials, such as those available on Workday Community, which stress isolating integration accounts from human user activities.
Workday Pro Integrations Study Guide Reference
Section: Integration Security Fundamentals - Discusses the role of ISUs and the importance of restricting their access to programmatic interactions.
Section: Configuring Integration System Users - Details the "Create Integration System User" task, including the "Do Not Allow UI Sessions" checkbox as a security control.
Section: Best Practices for Integration Security - Recommends using this setting to enforce least privilege and protect the tenant from unauthorized UI access by integration accounts.
Option A: Choose a constrained security group.In Workday, security groups define the permissions and access levels for users, including ISUs. There are two types of Integration System Security Groups (ISSGs): constrained and unconstrained. A constrained ISSG limits access to specific organizations or data scopes, while an unconstrained ISSG provides broader access across the tenant. While choosing a constrained security group can enhance security by limiting the scope of data the ISU can access, it does not directly control whether the ISU authenticates via web services or the UI. The type of security group affects data access permissions, not the authentication method or UI access. Therefore, this option does not address the requirement of ensuring authentication only via web services.
Option B: Select the Do Not Allow UI Sessions checkbox.When creating an ISU in Workday, the "Create Integration System User" task presents an option labeled "Do Not Allow UI Sessions." Selecting this checkbox explicitly prevents the ISU from logging into the Workday UI using its credentials. This setting ensures that the ISU can only authenticate and operate through programmatic means, such as web service calls (e.g., SOAP or REST APIs), which is precisely the intent of the question. This is a standard security practice recommended by Workday to isolate integration activities from interactive user sessions, reducing the risk of misuse or unauthorized access through the UI. This option directly aligns with the requirement and is the correct answer.
Option C: Update the session timeout minutes.The "Session Timeout Minutes" field in the ISU creation task determines how long an ISU's session remains active before it expires. By default, this is set to 0, meaning the session does not expire, which is suitable for integrations that require continuous operation without interruption. Updating this value (e.g., setting it to a specific number of minutes) would cause the session to time out after that period, potentially disrupting long-running integrations. However, this setting pertains to session duration, not the method of authentication or whether UI access is allowed. It does not prevent the ISU from logging into the UI or ensure that authentication occurs only via web services, making this option irrelevant to the question.
Option D: Generate a random password.Generating a random password for the ISU is a good security practice to ensure the credentials are strong and not easily guessable. However, the password itself does not dictate how the ISU authenticates or whether it can access the UI. A random password enhances security but does not inherently restrict the ISU to web service authentication. Without selecting "Do Not Allow UI Sessions," the ISU could still log into the UI with that password, assuming no other restrictions are applied. Thus, this option does not fulfill the requirement of ensuring authentication only via web services.
Why Option B is Correct
The "Do Not Allow UI Sessions" checkbox is a specific configuration in the ISU setup process that directly enforces the restriction of authentication to web services. This setting is part of Workday's security framework for integrations, ensuring that ISUs-designed as non-human accounts for programmatic access-cannot be used interactively. This aligns with Workday's best practices for securing integrations, as outlined in the Workday Pro Integrations Study Guide and related documentation. For example, when an ISU is created with this checkbox selected, any attempt to log into the Workday UI with its credentials will fail, while web service requests (e.g., via SOAP or REST APIs) will succeed, assuming proper permissions are granted via an ISSG.
Practical Application
To implement this in Workday:
Log into your Workday tenant with administrative privileges.
Search for and select the "Create Integration System User" task.
Enter a username and password for the ISU.
Check the "Do Not Allow UI Sessions" checkbox.
Leave "Session Timeout Minutes" at 0 (default) to avoid session expiration during integrations.
Save the ISU and assign it to an appropriate ISSG (constrained or unconstrained, depending on the integration's needs).
This configuration ensures the ISU is locked to web service authentication, meeting the question's objective.
Verification with Workday Documentation
The Workday Pro Integrations Study Guide emphasizes securing ISUs by restricting them to integration-specific tasks. The "Do Not Allow UI Sessions" option is highlighted as a key control for preventing UI access, ensuring that ISUs operate solely through web services. This is also consistent with broader Workday security training materials, such as those available on Workday Community, which stress isolating integration accounts from human user activities.
Workday Pro Integrations Study Guide Reference
Section: Integration Security Fundamentals - Discusses the role of ISUs and the importance of restricting their access to programmatic interactions.
Section: Configuring Integration System Users - Details the "Create Integration System User" task, including the "Do Not Allow UI Sessions" checkbox as a security control.
Section: Best Practices for Integration Security - Recommends using this setting to enforce least privilege and protect the tenant from unauthorized UI access by integration accounts.
Workday-Pro-Integrations Exam Question 20
The following XML code was generated through a RaaS that will be used in an EIB.


Within a template that matches on wd:Report_Entry, what XPath expression do you use to select the value of the Relationship_ID element?


Within a template that matches on wd:Report_Entry, what XPath expression do you use to select the value of the Relationship_ID element?
Correct Answer: D
The XML fragment shown follows the Report-as-a-Service (RaaS) structure typical for Workday custom report output:
<wd:Report_Entry>
<wd:Dependents_Group>
<wd:Name>Megan McNeil</wd:Name>
<wd:Age>25</wd:Age>
<wd:Relationship wd:Descriptor="Child">
<wd:ID wd:type="WID">7507df6a99664ce7bc0cb902cf370543</wd:ID>
<wd:ID wd:type="Relationship_ID">Child</wd:ID>
</wd:Relationship>
</wd:Dependents_Group>
</wd:Report_Entry>
Inside each <wd:Report_Entry>, the target value Relationship_ID resides under:
wd:Dependents_Group
→ wd:Relationship
→ wd:ID (wd:type="Relationship_ID")
When writing the template:
<xsl:template match="wd:Report_Entry">
XSLT uses a relative XPath (starting with ./) to navigate from the matched node.
Therefore, the correct XPath should be:
/wd:Dependents_Group/wd:Relationship/wd:ID
That expression selects the wd:ID element so you can then test/extract where wd:type="Relationship_ID".
Why the other options are incorrect:
Option
Why Incorrect
A & B
These use an equality test incorrectly inside the XPath expression - they would not return the node value and are syntactically invalid for value extraction.
C
Missing ./ - would still work in many cases, but Workday XSLT best practice is to use relative paths when inside a match.
Workday Pro Integration guidance for RaaS/XSLT stresses:
Always scope node selection relative to the current context tree using prefix-qualified XPath expressions.
<wd:Report_Entry>
<wd:Dependents_Group>
<wd:Name>Megan McNeil</wd:Name>
<wd:Age>25</wd:Age>
<wd:Relationship wd:Descriptor="Child">
<wd:ID wd:type="WID">7507df6a99664ce7bc0cb902cf370543</wd:ID>
<wd:ID wd:type="Relationship_ID">Child</wd:ID>
</wd:Relationship>
</wd:Dependents_Group>
</wd:Report_Entry>
Inside each <wd:Report_Entry>, the target value Relationship_ID resides under:
wd:Dependents_Group
→ wd:Relationship
→ wd:ID (wd:type="Relationship_ID")
When writing the template:
<xsl:template match="wd:Report_Entry">
XSLT uses a relative XPath (starting with ./) to navigate from the matched node.
Therefore, the correct XPath should be:
/wd:Dependents_Group/wd:Relationship/wd:ID
That expression selects the wd:ID element so you can then test/extract where wd:type="Relationship_ID".
Why the other options are incorrect:
Option
Why Incorrect
A & B
These use an equality test incorrectly inside the XPath expression - they would not return the node value and are syntactically invalid for value extraction.
C
Missing ./ - would still work in many cases, but Workday XSLT best practice is to use relative paths when inside a match.
Workday Pro Integration guidance for RaaS/XSLT stresses:
Always scope node selection relative to the current context tree using prefix-qualified XPath expressions.
- Latest Upload
- 145Pegasystems.PEGACPDC25V1.v2026-07-17.q45
- 231CompTIA.N10-009.v2026-07-17.q230
- 162EMC.D-PDM-DY-23.v2026-07-17.q66
- 162Salesforce.ADM-201.v2026-07-17.q63
- 399PMI.CAPM.v2026-07-17.q643
- 165Cisco.300-215.v2026-07-17.q60
- 432CollegeAdmission.PMHNP.v2026-07-17.q640
- 216Microsoft.MB-240.v2026-07-17.q174
- 139SAP.C_CE325_2601.v2026-07-17.q37
- 290Microsoft.AZ-900.v2026-07-16.q224
[×]
Download PDF File
Enter your email address to download Workday.Workday-Pro-Integrations.v2026-03-30.q35 Practice Test
