ExamGecko

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

JWT Bearer Token flow
JWT Bearer Token flow
Refresh Token flow
Refresh Token flow
SAML Bearer Assertion flow
SAML Bearer Assertion flow
Web Service flow
Web Service flow
Suggested answer: A, C
asked 23/09/2024
Pablo Hilario
38 questions

Question 112

Report
Export
Collapse

Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

Use Delegated Authentication to call the Twitter login API to authenticate users.
Use Delegated Authentication to call the Twitter login API to authenticate users.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
Create a Custom Apex Registration Handler to handle new and existing users.
Create a Custom Apex Registration Handler to handle new and existing users.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
Suggested answer: B, C
asked 23/09/2024
rayan rayanalbanna
44 questions

Question 113

Report
Export
Collapse

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Suggested answer: A
asked 23/09/2024
Timo Fahlenbck
34 questions

Question 114

Report
Export
Collapse

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

Validate token
Validate token
Create token
Create token
Consume token
Consume token
Revoke token
Revoke token
Suggested answer: B
asked 23/09/2024
Carlos Cabezas
49 questions

Question 115

Report
Export
Collapse

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?

Choose 2 answers

Users leaving laptops unattended and not logging out of Salesforce.
Users leaving laptops unattended and not logging out of Salesforce.
Users accessing Salesforce from a public Wi-Fi access point.
Users accessing Salesforce from a public Wi-Fi access point.
Users choosing passwords that are the same as their Facebook password.
Users choosing passwords that are the same as their Facebook password.
Users creating simple-to-guess password reset questions.
Users creating simple-to-guess password reset questions.
Suggested answer: B, C
asked 23/09/2024
Mihail Galabov
32 questions

Question 116

Report
Export
Collapse

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system.

What is the most likely reason for this behaviour?

User Provisioning for Connected Apps does not support role sync.
User Provisioning for Connected Apps does not support role sync.
Required operation(s) was not mapped in User Provisioning Settings.
Required operation(s) was not mapped in User Provisioning Settings.
The Approval queue for User Provisioning Requests is unmonitored.
The Approval queue for User Provisioning Requests is unmonitored.
Salesforce roles have more than three levels in the role hierarchy.
Salesforce roles have more than three levels in the role hierarchy.
Suggested answer: A
asked 23/09/2024
john ignacio echavarria lopez
33 questions

Question 117

Report
Export
Collapse

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

Web server
Web server
Jwt bearer token
Jwt bearer token
User-Agent
User-Agent
Username-password
Username-password
Suggested answer: A, C
asked 23/09/2024
Todd Hekkema
42 questions

Question 118

Report
Export
Collapse

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

My domain is configured and active within salesforce.
My domain is configured and active within salesforce.
The salesforce SSO settings are using http post
The salesforce SSO settings are using http post
The identity provider is correctly preserving the Relay state
The identity provider is correctly preserving the Relay state
The users have the correct Federation ID within salesforce.
The users have the correct Federation ID within salesforce.
Suggested answer: C
asked 23/09/2024
Andrew Li
33 questions

Question 119

Report
Export
Collapse

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users.

The service supporting Delegated Authentication is written in Jav a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.

Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

Delegated Authentication will not work with a.net service.
Delegated Authentication will not work with a.net service.
Delegated Authentication will continue to work with rest services.
Delegated Authentication will continue to work with rest services.
Delegated Authentication will continue to work with a.net service.
Delegated Authentication will continue to work with a.net service.
Delegated Authentication will not work with rest services.
Delegated Authentication will not work with rest services.
Suggested answer: C, D
asked 23/09/2024
Muhammad Imran
41 questions

Question 120

Report
Export
Collapse

Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app.

Which two recommendations should the architect make? Choose 2 answers

Use the existing SAML SSO flow along with user agent flow.
Use the existing SAML SSO flow along with user agent flow.
Configure the embedded Web browser to use my domain URL.
Configure the embedded Web browser to use my domain URL.
Use the existing SAML SSO flow along with Web server flow
Use the existing SAML SSO flow along with Web server flow
Configure the salesforce1 app to use the my domain URL
Configure the salesforce1 app to use the my domain URL
Suggested answer: A, D
asked 23/09/2024
Pawel Szalek
36 questions
Total 248 questions
Go to page: of 25
Search

Related questions