ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 15

List of questions

Question 141

Report
Export
Collapse

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

What should be enabled in Salesforce as a prerequisite?

My Domain
My Domain
External Identity
External Identity
Identity Provider
Identity Provider
Multi-Factor Authentication
Multi-Factor Authentication
Suggested answer: A
asked 23/09/2024
Nelson G Porras
42 questions

Question 142

Report
Export
Collapse

Refer to the exhibit.

Salesforce Certified Identity and Access Management Architect image Question 142 63242 09232024002508000000

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization. what should an identity architect do to fulfill the above requirements?

For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
Suggested answer: D
asked 23/09/2024
Pierre Smit
41 questions

Question 143

Report
Export
Collapse

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.

What should be done to fulfill the requirement?

Choose 2 answers

Setup Salesforce as an identity provider (IdP) for order Tracking.
Setup Salesforce as an identity provider (IdP) for order Tracking.
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Suggested answer: A, B
asked 23/09/2024
Tony Minjarez
41 questions

Question 144

Report
Export
Collapse

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.

What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing IdP.
Setup Salesforce as a Service Provider to the existing IdP.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
Setup Salesforce as an Authentication Provider to the existing IdP.
Setup Salesforce as an Authentication Provider to the existing IdP.
Suggested answer: A
asked 23/09/2024
Fabio Morais Melo
37 questions

Question 145

Report
Export
Collapse

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

Query using OpenID Connect discovery endpoint.
Query using OpenID Connect discovery endpoint.
A Leverage OpenID Connect Token Introspection.
A Leverage OpenID Connect Token Introspection.
Create a custom OAuth scope.
Create a custom OAuth scope.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Suggested answer: B
asked 23/09/2024
vladimir tolkunov
34 questions

Question 146

Report
Export
Collapse

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.

What should the IAM do to fulfill this requirement?

Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
Suggested answer: D
asked 23/09/2024
Srikrushna Patro
34 questions

Question 147

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.

What is the potential impact to the architecture if NTO decides to implement this feature?

Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Suggested answer: C
asked 23/09/2024
patricia rosales
34 questions

Question 148

Report
Export
Collapse

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

Client ID
Client ID
Refresh Token
Refresh Token
Authorization Code
Authorization Code
Verification Code
Verification Code
Scopes
Scopes
Suggested answer: A, B, E
asked 23/09/2024
selvaram vijayaragavan
40 questions

Question 149

Report
Export
Collapse

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.

The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.

Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

Just-in-Time (JIT) provisioning
Just-in-Time (JIT) provisioning
Custom middleware and web services
Custom middleware and web services
Custom login flow and Apex handler
Custom login flow and Apex handler
Third-party AppExchange solution
Third-party AppExchange solution
Suggested answer: A
asked 23/09/2024
Jesserey Joseph
44 questions

Question 150

Report
Export
Collapse

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:

User Authenticates and Authorizes Access
User Authenticates and Authorizes Access
Request an Access Token
Request an Access Token
Salesforce Grants an Access Token
Salesforce Grants an Access Token
Request an Authorization Code
Request an Authorization Code
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
1, 4, 5, 2, 3
1, 4, 5, 2, 3
4, 1, 5, 2, 3
4, 1, 5, 2, 3
2, 1, 3, 4, 5
2, 1, 3, 4, 5
4,5,2, 3, 1
4,5,2, 3, 1
Suggested answer: D
asked 23/09/2024
Aparecido da Silva Lemos
25 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?