ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 17

List of questions

Question 161

Report
Export
Collapse

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.

Which two options should the identity architect recommend to support dynamic branding for the site?

Choose 2 answers

To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
To use dynamic branding, the community must be built with the Customer Account Portal template.
To use dynamic branding, the community must be built with the Customer Account Portal template.
An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
Suggested answer: B, C
asked 23/09/2024
Amidou Florian TOURE
33 questions

Question 162

Report
Export
Collapse

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.

What should an identity architect do to fulfill this requirement?

Contact Salesforce Support and enable delegate single sign-on.
Contact Salesforce Support and enable delegate single sign-on.
Create a custom external authentication provider.
Create a custom external authentication provider.
Use certificate-based authentication.
Use certificate-based authentication.
Configure OpenID Connect authentication provider.
Configure OpenID Connect authentication provider.
Suggested answer: B
asked 23/09/2024
Sarah Pachowsky
33 questions

Question 163

Report
Export
Collapse

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:

The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .Which two options allow the Identity Architect to fulfill the requirements?Choose 2 answers
If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .Which two options allow the Identity Architect to fulfill the requirements?Choose 2 answers
Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
Redirect the user to a custom page that allows the user to select an existing social identity for login.
Redirect the user to a custom page that allows the user to select an existing social identity for login.
Use the custom registration handler to link social identities to Salesforce identities.
Use the custom registration handler to link social identities to Salesforce identities.
Suggested answer: B, D
asked 23/09/2024
Mark Espena
25 questions

Question 164

Report
Export
Collapse

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

The Use Digital Signature option in the connected app.
The Use Digital Signature option in the connected app.
The "web" OAuth scope in the connected app,
The "web" OAuth scope in the connected app,
The "api" OAuth scope in the connected app.
The "api" OAuth scope in the connected app.
The "edair_api" OAuth scope m the connected app.
The "edair_api" OAuth scope m the connected app.
Suggested answer: A, C
asked 23/09/2024
Ronald Zegwaard
30 questions

Question 165

Report
Export
Collapse

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.

What should be done to improve security?

Select "Admin approved users are pre-authonzed" and assign specific profiles.
Select "Admin approved users are pre-authonzed" and assign specific profiles.
Create custom scopes and assign to the connected app.
Create custom scopes and assign to the connected app.
Define a permission set that grants access to the app and assign to authorized users.
Define a permission set that grants access to the app and assign to authorized users.
Leverage external objects and data classification policies.
Leverage external objects and data classification policies.
Suggested answer: B
asked 23/09/2024
Duane Joyce
33 questions

Question 166

Report
Export
Collapse

An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.

Which Salesforce OAuth authorization flow should be used?

OAuth 2-0 SAML Bearer Assertion Flow
OAuth 2-0 SAML Bearer Assertion Flow
OAuth 2.0 JWT Bearer Flow
OAuth 2.0 JWT Bearer Flow
SAML Assertion Flow
SAML Assertion Flow
OAuth 2.0 User-Agent Flow
OAuth 2.0 User-Agent Flow
Suggested answer: C
asked 23/09/2024
xun wang
41 questions

Question 167

Report
Export
Collapse

Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.

Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.

Which two steps should be done on the platform to satisfy the requirement?

Choose 2 answers

Manage which connected apps a user has access to by assigning authentication providers to the users profile.
Manage which connected apps a user has access to by assigning authentication providers to the users profile.
Assign the connected app to the customer community, and enable the users profile in the Community settings.
Assign the connected app to the customer community, and enable the users profile in the Community settings.
Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
Set each of the Connected App access settings to Admin Pre-Approved.
Set each of the Connected App access settings to Admin Pre-Approved.
Suggested answer: C, D
asked 23/09/2024
Victor Cantu
36 questions

Question 168

Report
Export
Collapse

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth.

NTO wants to use Salesforce Identity to register and authenticate new customers on the website.

Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?

Choose 2 answers

Identity Connect
Identity Connect
Delegated Authentication
Delegated Authentication
Connected Apps
Connected Apps
Embedded Login
Embedded Login
Suggested answer: B, D
asked 23/09/2024
Rickey Dickens
38 questions

Question 169

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
Build an integration that queries LDAP periodically and creates new active users in Salesforce.
Build an integration that queries LDAP periodically and creates new active users in Salesforce.
Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
Suggested answer: C
asked 23/09/2024
Lambert Shel Pablo
43 questions

Question 170

Report
Export
Collapse

An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.

What is recommended to fulfill this requirement with the least amount of customization?

Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
Use Login Flows to add a screen that shows personalized alerts.
Use Login Flows to add a screen that shows personalized alerts.
Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
Create custom metadata that stores user alerts and use a LWC to display alerts.
Create custom metadata that stores user alerts and use a LWC to display alerts.
Suggested answer: B
asked 23/09/2024
Randy Kana
33 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?