ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 16

List of questions

Question 151

Report
Export
Collapse

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.

What should an identity architect recommend to meet these requirements?

Configure a predefined authentication provider for Amazon.
Configure a predefined authentication provider for Amazon.
Create a custom external authentication provider for Amazon.
Create a custom external authentication provider for Amazon.
Configure an OpenID Connect Authentication Provider for Amazon.
Configure an OpenID Connect Authentication Provider for Amazon.
Configure Amazon as a connected app.
Configure Amazon as a connected app.
Suggested answer: C
asked 23/09/2024
Vaibhav Somani
34 questions

Question 152

Report
Export
Collapse

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

Which two issues would cause these errors?

Choose 2 answers

The subject element is missing from the assertion sent to salesforce.
The subject element is missing from the assertion sent to salesforce.
The certificate loaded into SSO configuration does not match the certificate used by the IdP.
The certificate loaded into SSO configuration does not match the certificate used by the IdP.
The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
The assertion sent to 5alesforce contains an assertion ID previously used.
The assertion sent to 5alesforce contains an assertion ID previously used.
Suggested answer: A, D
asked 23/09/2024
MARCIA SHEILA PELAEZ GONZALEZ
38 questions

Question 153

Report
Export
Collapse

A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.

Which action will accomplish this?

Use a HTTP POST to request the refresh token for the current user.
Use a HTTP POST to request the refresh token for the current user.
Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, includingthe current OAuth token.
Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, includingthe current OAuth token.
Use a HTTP POST to make a call to the revoke token endpoint.
Use a HTTP POST to make a call to the revoke token endpoint.
Enable Single Logout with a secure logout URL.
Enable Single Logout with a secure logout URL.
Suggested answer: C
asked 23/09/2024
Sander Verheijen
36 questions

Question 154

Report
Export
Collapse

The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.

What should be used and considered before recommending it as a solution on the Salesforce Platform?

OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
Suggested answer: D
asked 23/09/2024
miquel martin leiva
42 questions

Question 155

Report
Export
Collapse

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.

Which two licenses are needed to meet this requirement?

Choose 2 answers

External Identity Licenses
External Identity Licenses
Identity Connect Licenses
Identity Connect Licenses
Email Verification Credits
Email Verification Credits
SMS verification Credits
SMS verification Credits
Suggested answer: A, D
asked 23/09/2024
Arjen Vleugel
44 questions

Question 156

Report
Export
Collapse

Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.

NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.

What role does identity Connect play in the outlined requirements?

Service Provider
Service Provider
Single Sign-On
Single Sign-On
Identity Provider
Identity Provider
User Management
User Management
Suggested answer: D
asked 23/09/2024
Mario Peralta
36 questions

Question 157

Report
Export
Collapse

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.

Which two options should be utilized in creating an authentication provider?

Choose 2 answers

A custom registration handier can be set.
A custom registration handier can be set.
A custom error URL can be set.
A custom error URL can be set.
The default login user can be set.
The default login user can be set.
The default authentication provider certificate can be set.
The default authentication provider certificate can be set.
Suggested answer: A, B
asked 23/09/2024
Kshitij Vyas
39 questions

Question 158

Report
Export
Collapse

Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application.

Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.

Which two Salesforce tools should an identity architect recommend to satisfy the requirements?

Choose 2 answers

salesforce Canvas
salesforce Canvas
Identity Connect
Identity Connect
Connected Apps
Connected Apps
App Launcher
App Launcher
Suggested answer: A, D
asked 23/09/2024
J.L.M. van Loo
48 questions

Question 159

Report
Export
Collapse

Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.

What should an identity architect use to show which part of the login assertion is fading?

SAML Metadata file importer
SAML Metadata file importer
Identity Provider Metadata download
Identity Provider Metadata download
Connected App Manager
Connected App Manager
Security Assertion Markup Language Validator
Security Assertion Markup Language Validator
Suggested answer: D
asked 23/09/2024
PANAGIOTIS SYKAS
39 questions

Question 160

Report
Export
Collapse

A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile.

Customers should be able to obtain exercise details and fitness recommendation in the community.

Which should be used to satisfy this requirement?

Named Credentials
Named Credentials
Login Flows
Login Flows
OAuth Device Flow
OAuth Device Flow
Single Sign-On Settings
Single Sign-On Settings
Suggested answer: C
asked 23/09/2024
YASSIR EL GHAZY
54 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?