ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 3

List of questions

Question 21

Report
Export
Collapse

Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location. Which two options should an architect recommend? Choose 2 answers

Relax the ip restriction in the connect app settings for the salesforce1 mobile app
Relax the ip restriction in the connect app settings for the salesforce1 mobile app
Use login flow to bypass ip range restriction for the mobile app.
Use login flow to bypass ip range restriction for the mobile app.
Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
Remove existing restrictions on ip ranges for all types of user access.
Remove existing restrictions on ip ranges for all types of user access.
Suggested answer: A, B
asked 23/09/2024
Péter Szittya
43 questions

Question 22

Report
Export
Collapse

Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

Use the updateuser() method on the registration handler class.
Use the updateuser() method on the registration handler class.
Use SAML just-in-time provisioning between Facebook and Salesforce
Use SAML just-in-time provisioning between Facebook and Salesforce
Use information in the signed request that is received from Facebook.
Use information in the signed request that is received from Facebook.
Develop a schedule job that calls out to Facebook on a nightly basis.
Develop a schedule job that calls out to Facebook on a nightly basis.
Suggested answer: A
asked 23/09/2024
Gaurav Nayak
43 questions

Question 23

Report
Export
Collapse

Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce.

The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

Oauth refresh token flow
Oauth refresh token flow
Oauth SAML bearer assertion flow
Oauth SAML bearer assertion flow
Oauthjwt bearer token flow
Oauthjwt bearer token flow
Oauth Username-password flow
Oauth Username-password flow
Suggested answer: B, C
asked 23/09/2024
Bhavya AGGARWAL
41 questions

Question 24

Report
Export
Collapse

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

As part of the body of a Salesforce Knowledge article.
As part of the body of a Salesforce Knowledge article.
In the mobile navigation menu on Salesforce for Android.
In the mobile navigation menu on Salesforce for Android.
The sidebar of a Salesforce Console as a console component.
The sidebar of a Salesforce Console as a console component.
Included in the Call Control Tool that's part of Open CTI.
Included in the Call Control Tool that's part of Open CTI.
Suggested answer: A, C
asked 23/09/2024
Alvaro Peralta
24 questions

Question 25

Report
Export
Collapse

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

Use the same SAML Identity location as the first org.
Use the same SAML Identity location as the first org.
Use a different Entity ID than the first org.
Use a different Entity ID than the first org.
Use the same request bindings as the first org.
Use the same request bindings as the first org.
Use the Salesforce Username as the SAML Identity Type.
Use the Salesforce Username as the SAML Identity Type.
Suggested answer: B
asked 23/09/2024
Georgios Kavvalakis
31 questions

Question 26

Report
Export
Collapse

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

Add each connected App to the App Launcher with a Start URL.
Add each connected App to the App Launcher with a Start URL.
Set up an Auth Provider for each External Application.
Set up an Auth Provider for each External Application.
Set up Salesforce as a SAML Idp with My Domain.
Set up Salesforce as a SAML Idp with My Domain.
Set up Identity Connect to Synchronize user data.
Set up Identity Connect to Synchronize user data.
Create a Connected App for each external application.
Create a Connected App for each external application.
Suggested answer: A, C, E
asked 23/09/2024
Colin Ng
46 questions

Question 27

Report
Export
Collapse

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

Ensure the Callback URL is correctly set in the Connected Apps settings.
Ensure the Callback URL is correctly set in the Connected Apps settings.
Use a browser that has an add-on/extension that can inspect SAML.
Use a browser that has an add-on/extension that can inspect SAML.
Paste the SAML Assertion Validator in Salesforce.
Paste the SAML Assertion Validator in Salesforce.
Use the browser's Development tools to view the Salesforce page's markup.
Use the browser's Development tools to view the Salesforce page's markup.
Suggested answer: B, C
asked 23/09/2024
Michael Craig
42 questions

Question 28

Report
Export
Collapse

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

Identity Connect will not support user provisioning in UC's current environment.
Identity Connect will not support user provisioning in UC's current environment.
Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
Identity Connect will only support SP-initiated SAML flows in UC's current environment.
Identity Connect will only support SP-initiated SAML flows in UC's current environment.
Identity connect is not compatible with UC's current identity environment.
Identity connect is not compatible with UC's current identity environment.
Suggested answer: A
asked 23/09/2024
Stian Godoe
42 questions

Question 29

Report
Export
Collapse

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

Authentication Token
Authentication Token
Session ID
Session ID
Refresh Token
Refresh Token
Access Token
Access Token
Suggested answer: C, D
asked 23/09/2024
Avinash Kumar
32 questions

Question 30

Report
Export
Collapse

Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

Financial System
Financial System
Pingfederate
Pingfederate
Salesforce Org 2
Salesforce Org 2
Salesforce Org 1
Salesforce Org 1
Suggested answer: B, D
asked 23/09/2024
Shameez Mohammed
37 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?