ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 4

List of questions

Question 31

Report
Export
Collapse

Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

Redirect_uri
Redirect_uri
State
State
Scope
Scope
Callback_uri
Callback_uri
Suggested answer: A
asked 23/09/2024
federico monaco
35 questions

Question 32

Report
Export
Collapse

Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community.

UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

User-Agent
User-Agent
IDP-initiated
IDP-initiated
Sp-Initiated
Sp-Initiated
Web server
Web server
Suggested answer: B
asked 23/09/2024
Andrey Scherbakov
39 questions

Question 33

Report
Export
Collapse

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
Suggested answer: A, C
asked 23/09/2024
Brian Foy
40 questions

Question 34

Report
Export
Collapse

Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

Web Server flow with a Refresh Token.
Web Server flow with a Refresh Token.
Mobile Agent flow with a Bearer Token.
Mobile Agent flow with a Bearer Token.
User Agent flow with a Refresh Token.
User Agent flow with a Refresh Token.
SAML Assertion flow with a Bearer Token.
SAML Assertion flow with a Bearer Token.
Suggested answer: C
asked 23/09/2024
Epitacio Neto
30 questions

Question 35

Report
Export
Collapse

What item should an Architect consider when designing a Delegated Authentication implementation?

The Web service should be secured with TLS using Salesforce trusted certificates.
The Web service should be secured with TLS using Salesforce trusted certificates.
The Web service should be able to accept one to four input method parameters.
The Web service should be able to accept one to four input method parameters.
The web service should use the Salesforce Federation ID to identify the user.
The web service should use the Salesforce Federation ID to identify the user.
The Web service should implement a custom password decryption method.
The Web service should implement a custom password decryption method.
Suggested answer: A
asked 23/09/2024
Niall Dempsey
35 questions

Question 36

Report
Export
Collapse

A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

The Connected App settings "All users may self-authorize" is enabled.
The Connected App settings "All users may self-authorize" is enabled.
The Salesforce Administrators have revoked the OAuth authorization.
The Salesforce Administrators have revoked the OAuth authorization.
The Users do not have the correct permission set assigned to them.
The Users do not have the correct permission set assigned to them.
The User of High Assurance sessions are required for the Connected App.
The User of High Assurance sessions are required for the Connected App.
Suggested answer: C
asked 23/09/2024
Rehan Malik
51 questions

Question 37

Report
Export
Collapse

Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp.

In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
Provisioning API for both Provisioning and Deprovisioning.
Provisioning API for both Provisioning and Deprovisioning.
Just-in-Time (JIT) for both Provisioning and Deprovisioning.
Just-in-Time (JIT) for both Provisioning and Deprovisioning.
Suggested answer: D
asked 23/09/2024
Ntombifuthi Shabangu
28 questions

Question 38

Report
Export
Collapse

Under which scenario Web Server flow will be used?

Used for web applications when server-side code needs to interact with APIS.
Used for web applications when server-side code needs to interact with APIS.
Used for server-side components when page needs to be rendered.
Used for server-side components when page needs to be rendered.
Used for mobile applications and testing legacy Integrations.
Used for mobile applications and testing legacy Integrations.
Used for verifying Access protected resources.
Used for verifying Access protected resources.
Suggested answer: A
asked 23/09/2024
Peter Avino
26 questions

Question 39

Report
Export
Collapse

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

The Identity Provider is also used to SSO into five other applications.
The Identity Provider is also used to SSO into five other applications.
The clock on the Identity Provider server is twenty minutes behind Salesforce.
The clock on the Identity Provider server is twenty minutes behind Salesforce.
The Issuer Certificate from the Identity Provider expired two weeks ago.
The Issuer Certificate from the Identity Provider expired two weeks ago.
The default language for the Identity Provider and Salesforce are Different.
The default language for the Identity Provider and Salesforce are Different.
Suggested answer: B, C
asked 23/09/2024
Henock Asmerom
40 questions

Question 40

Report
Export
Collapse

Universal Containers (UC) has a Desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and salesforce should be seamless. What Authorization flow should the Architect recommend?

JWT Bearer Token flow
JWT Bearer Token flow
Web Server Authentication Flow
Web Server Authentication Flow
User Agent Flow
User Agent Flow
Username and Password Flow
Username and Password Flow
Suggested answer: C
asked 23/09/2024
Alajauan Adams
35 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?