ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

JWT Bearer Token flow
JWT Bearer Token flow
Refresh Token flow
Refresh Token flow
SAML Bearer Assertion flow
SAML Bearer Assertion flow
Web Service flow
Web Service flow
Suggested answer: A, C
asked 23/09/2024
Pablo Hilario
38 questions

Question 112

Report
Export
Collapse

Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

Use Delegated Authentication to call the Twitter login API to authenticate users.
Use Delegated Authentication to call the Twitter login API to authenticate users.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
Create a Custom Apex Registration Handler to handle new and existing users.
Create a Custom Apex Registration Handler to handle new and existing users.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
Suggested answer: B, C
asked 23/09/2024
rayan rayanalbanna
44 questions

Question 113

Report
Export
Collapse

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Suggested answer: A
asked 23/09/2024
Timo Fahlenbck
34 questions

Question 114

Report
Export
Collapse

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

Validate token
Validate token
Create token
Create token
Consume token
Consume token
Revoke token
Revoke token
Suggested answer: B
asked 23/09/2024
Carlos Cabezas
49 questions

Question 115

Report
Export
Collapse

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?

Choose 2 answers

Users leaving laptops unattended and not logging out of Salesforce.
Users leaving laptops unattended and not logging out of Salesforce.
Users accessing Salesforce from a public Wi-Fi access point.
Users accessing Salesforce from a public Wi-Fi access point.
Users choosing passwords that are the same as their Facebook password.
Users choosing passwords that are the same as their Facebook password.
Users creating simple-to-guess password reset questions.
Users creating simple-to-guess password reset questions.
Suggested answer: B, C
asked 23/09/2024
Mihail Galabov
32 questions

Question 116

Report
Export
Collapse

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system.

What is the most likely reason for this behaviour?

User Provisioning for Connected Apps does not support role sync.
User Provisioning for Connected Apps does not support role sync.
Required operation(s) was not mapped in User Provisioning Settings.
Required operation(s) was not mapped in User Provisioning Settings.
The Approval queue for User Provisioning Requests is unmonitored.
The Approval queue for User Provisioning Requests is unmonitored.
Salesforce roles have more than three levels in the role hierarchy.
Salesforce roles have more than three levels in the role hierarchy.
Suggested answer: A
asked 23/09/2024
john ignacio echavarria lopez
33 questions

Question 117

Report
Export
Collapse

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

Web server
Web server
Jwt bearer token
Jwt bearer token
User-Agent
User-Agent
Username-password
Username-password
Suggested answer: A, C
asked 23/09/2024
Todd Hekkema
42 questions

Question 118

Report
Export
Collapse

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

My domain is configured and active within salesforce.
My domain is configured and active within salesforce.
The salesforce SSO settings are using http post
The salesforce SSO settings are using http post
The identity provider is correctly preserving the Relay state
The identity provider is correctly preserving the Relay state
The users have the correct Federation ID within salesforce.
The users have the correct Federation ID within salesforce.
Suggested answer: C
asked 23/09/2024
Andrew Li
33 questions

Question 119

Report
Export
Collapse

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users.

The service supporting Delegated Authentication is written in Jav a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.

Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

Delegated Authentication will not work with a.net service.
Delegated Authentication will not work with a.net service.
Delegated Authentication will continue to work with rest services.
Delegated Authentication will continue to work with rest services.
Delegated Authentication will continue to work with a.net service.
Delegated Authentication will continue to work with a.net service.
Delegated Authentication will not work with rest services.
Delegated Authentication will not work with rest services.
Suggested answer: C, D
asked 23/09/2024
Muhammad Imran
41 questions

Question 120

Report
Export
Collapse

Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app.

Which two recommendations should the architect make? Choose 2 answers

Use the existing SAML SSO flow along with user agent flow.
Use the existing SAML SSO flow along with user agent flow.
Configure the embedded Web browser to use my domain URL.
Configure the embedded Web browser to use my domain URL.
Use the existing SAML SSO flow along with Web server flow
Use the existing SAML SSO flow along with Web server flow
Configure the salesforce1 app to use the my domain URL
Configure the salesforce1 app to use the my domain URL
Suggested answer: A, D
asked 23/09/2024
Pawel Szalek
36 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?