ExamGecko

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 15

List of questions

Question 141

Report
Export
Collapse

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

What should be enabled in Salesforce as a prerequisite?

My Domain
My Domain
External Identity
External Identity
Identity Provider
Identity Provider
Multi-Factor Authentication
Multi-Factor Authentication
Suggested answer: A
asked 23/09/2024
Nelson G Porras
42 questions

Question 142

Report
Export
Collapse

Refer to the exhibit.

Salesforce Certified Identity and Access Management Architect image Question 142 63242 09232024002508000000

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization. what should an identity architect do to fulfill the above requirements?

For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
Suggested answer: D
asked 23/09/2024
Pierre Smit
41 questions

Question 143

Report
Export
Collapse

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.

What should be done to fulfill the requirement?

Choose 2 answers

Setup Salesforce as an identity provider (IdP) for order Tracking.
Setup Salesforce as an identity provider (IdP) for order Tracking.
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Suggested answer: A, B
asked 23/09/2024
Tony Minjarez
41 questions

Question 144

Report
Export
Collapse

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.

What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing IdP.
Setup Salesforce as a Service Provider to the existing IdP.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
Setup Salesforce as an Authentication Provider to the existing IdP.
Setup Salesforce as an Authentication Provider to the existing IdP.
Suggested answer: A
asked 23/09/2024
Fabio Morais Melo
37 questions

Question 145

Report
Export
Collapse

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

Query using OpenID Connect discovery endpoint.
Query using OpenID Connect discovery endpoint.
A Leverage OpenID Connect Token Introspection.
A Leverage OpenID Connect Token Introspection.
Create a custom OAuth scope.
Create a custom OAuth scope.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Suggested answer: B
asked 23/09/2024
vladimir tolkunov
34 questions

Question 146

Report
Export
Collapse

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.

What should the IAM do to fulfill this requirement?

Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
Suggested answer: D
asked 23/09/2024
Srikrushna Patro
34 questions

Question 147

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.

What is the potential impact to the architecture if NTO decides to implement this feature?

Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Suggested answer: C
asked 23/09/2024
patricia rosales
34 questions

Question 148

Report
Export
Collapse

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

Client ID
Client ID
Refresh Token
Refresh Token
Authorization Code
Authorization Code
Verification Code
Verification Code
Scopes
Scopes
Suggested answer: A, B, E
asked 23/09/2024
selvaram vijayaragavan
40 questions

Question 149

Report
Export
Collapse

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.

The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.

Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

Just-in-Time (JIT) provisioning
Just-in-Time (JIT) provisioning
Custom middleware and web services
Custom middleware and web services
Custom login flow and Apex handler
Custom login flow and Apex handler
Third-party AppExchange solution
Third-party AppExchange solution
Suggested answer: A
asked 23/09/2024
Jesserey Joseph
44 questions

Question 150

Report
Export
Collapse

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:

User Authenticates and Authorizes Access
User Authenticates and Authorizes Access
Request an Access Token
Request an Access Token
Salesforce Grants an Access Token
Salesforce Grants an Access Token
Request an Authorization Code
Request an Authorization Code
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
1, 4, 5, 2, 3
1, 4, 5, 2, 3
4, 1, 5, 2, 3
4, 1, 5, 2, 3
2, 1, 3, 4, 5
2, 1, 3, 4, 5
4,5,2, 3, 1
4,5,2, 3, 1
Suggested answer: D
asked 23/09/2024
Aparecido da Silva Lemos
25 questions
Total 248 questions
Go to page: of 25
Search

Related questions