The correct answers are A, B, and C . Saviynt documentation for Active Directory group management states that the connector can be used to create, update, and delete AD or ADSI groups. It also supports related group-management functions such as updating group attributes and maintaining group membership and owners. This confirms that Saviynt group management is not limited to visibility or request tracking; it supports the full operational lifecycle for AD groups when configured correctly.

Saviynt’s administrative documentation further explains that group management must be configured to enable users to create and manage groups in Saviynt Identity Cloud. That broader wording aligns with the specific lifecycle operations of create, update, and delete. Option D is incorrect because campaign launching is part of certification governance, not the core capability set of AD group management itself. A campaign may later review group-related access, but group management is fundamentally about administering the group object and its membership lifecycle. For Level 200 preparation, this distinction matters: group management handles the lifecycle of the group object, while campaigns handle review and attestation of access associated with identities, roles, or entitlements.