ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 9

List of questions

Question 81

Report
Export
Collapse

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

Configure the main salesforce org as an Authentication provider.
Configure the main salesforce org as an Authentication provider.
Configure the main salesforce org as the Identity provider.
Configure the main salesforce org as the Identity provider.
Configure the regional salesforce orgs as Identity Providers.
Configure the regional salesforce orgs as Identity Providers.
Configure the main Salesforce org as a service provider.
Configure the main Salesforce org as a service provider.
Suggested answer: B
asked 23/09/2024
Louis Flink
43 questions

Question 82

Report
Export
Collapse

Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
Suggested answer: B, D
asked 23/09/2024
Musa Aldarawsheh
35 questions

Question 83

Report
Export
Collapse

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

Trust relationships between Identity Provider and Service Provider are required.
Trust relationships between Identity Provider and Service Provider are required.
SAML tokens can be in XML or JSON format and can be used interchangeably.
SAML tokens can be in XML or JSON format and can be used interchangeably.
Web applications with no passwords are more secure and stronger against attacks.
Web applications with no passwords are more secure and stronger against attacks.
Access tokens are used to access resources on the server once the user is authenticated.
Access tokens are used to access resources on the server once the user is authenticated.
Centralized federation provides single point of access, control and auditing.
Centralized federation provides single point of access, control and auditing.
Suggested answer: A, D, E
asked 23/09/2024
gregory koontz
42 questions

Question 84

Report
Export
Collapse

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

Customer Community license
Customer Community license
Identity license
Identity license
Customer Community Plus license
Customer Community Plus license
External Identity license
External Identity license
Suggested answer: B
asked 23/09/2024
Reginald Curtis Jr
35 questions

Question 85

Report
Export
Collapse

Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

Service Provider, because Salesforce is the application for managing ideas.
Service Provider, because Salesforce is the application for managing ideas.
Connected App, because Salesforce is connected with Employee portal via API.
Connected App, because Salesforce is connected with Employee portal via API.
Identity Provider, because the API calls are authenticated by Salesforce.
Identity Provider, because the API calls are authenticated by Salesforce.
An independent system, because Salesforce is not part of the SSO setup.
An independent system, because Salesforce is not part of the SSO setup.
Suggested answer: D
asked 23/09/2024
Yun-Ting Lo
38 questions

Question 86

Report
Export
Collapse

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC’s middleware authenticate to Salesforce while adhering to this requirement?

Create a Connected App that supports the JWT Bearer Token OAuth Flow.
Create a Connected App that supports the JWT Bearer Token OAuth Flow.
Create a Connected App that supports the Refresh Token OAuth Flow
Create a Connected App that supports the Refresh Token OAuth Flow
Create a Connected App that supports the Web Server OAuth Flow.
Create a Connected App that supports the Web Server OAuth Flow.
Create a Connected App that supports the User-Agent OAuth Flow.
Create a Connected App that supports the User-Agent OAuth Flow.
Suggested answer: A
asked 23/09/2024
David Hartnett
45 questions

Question 87

Report
Export
Collapse

In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained.
Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained.
Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
Suggested answer: C
asked 23/09/2024
Carlos Augusto Quintal
29 questions

Question 88

Report
Export
Collapse

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

Require users to provide their RSA token along with their credentials.
Require users to provide their RSA token along with their credentials.
Require users to supply their email and phone number, which gets validated.
Require users to supply their email and phone number, which gets validated.
Require users to enter a second password after the first Authentication
Require users to enter a second password after the first Authentication
Require users to use a biometric reader as well as their password
Require users to use a biometric reader as well as their password
Suggested answer: A, D
asked 23/09/2024
Malik Spamu
40 questions

Question 89

Report
Export
Collapse

Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

Use on-the-fly provisioning
Use on-the-fly provisioning
Use just-in-time provisioning
Use just-in-time provisioning
Use salesforce APIs to create users on the fly
Use salesforce APIs to create users on the fly
Use Identity connect to sync users
Use Identity connect to sync users
Suggested answer: B
asked 23/09/2024
Lonely Sayi
30 questions

Question 90

Report
Export
Collapse

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again.

UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

Configure SAML SSO settings.
Configure SAML SSO settings.
Configure Delegated Authentication
Configure Delegated Authentication
Create a connected App
Create a connected App
Set up my domain
Set up my domain
Suggested answer: A, D
asked 23/09/2024
Oleksii Derevianchenko
33 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?