ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 1

Report
Export
Collapse

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

A.
Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
A.
Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
Answers
B.
Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
B.
Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
Answers
C.
Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
C.
Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
Answers
D.
Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.
D.
Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.
Answers
Suggested answer: D

Question 2

Report
Export
Collapse

How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

A.
Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
A.
Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
Answers
B.
Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
B.
Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
Answers
C.
Remove the Login page from the list of Authentication Services on the My Domain configuration.
C.
Remove the Login page from the list of Authentication Services on the My Domain configuration.
Answers
D.
Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
D.
Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
Answers
Suggested answer: C

Question 3

Report
Export
Collapse

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again.

UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SPinitiated SSO work? Choose 2 answers

A.
Configure SAML SSO settings.
A.
Configure SAML SSO settings.
Answers
B.
Create a Connected App.
B.
Create a Connected App.
Answers
C.
Configure Delegated Authentication.
C.
Configure Delegated Authentication.
Answers
D.
Set up My Domain.
D.
Set up My Domain.
Answers
Suggested answer: A, D

Question 4

Report
Export
Collapse

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A.
Disallow the use of Single Sign-on for any users of the mobile app.
A.
Disallow the use of Single Sign-on for any users of the mobile app.
Answers
B.
Require High Assurance sessions in order to use the Connected App.
B.
Require High Assurance sessions in order to use the Connected App.
Answers
C.
Set Login IP Ranges to the internal network for all of the app users Profiles.
C.
Set Login IP Ranges to the internal network for all of the app users Profiles.
Answers
D.
Use Google Authenticator as an additional part of the login process
D.
Use Google Authenticator as an additional part of the login process
Answers
Suggested answer: B, D

Question 5

Report
Export
Collapse

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

A.
Reference to a URL redirect parameter at the identity provider.
A.
Reference to a URL redirect parameter at the identity provider.
Answers
B.
Reference to a URL redirect parameter at the service provider.
B.
Reference to a URL redirect parameter at the service provider.
Answers
C.
Reference to the login address URL of the service provider.
C.
Reference to the login address URL of the service provider.
Answers
D.
Reference to the login address URL of the identity Provider.
D.
Reference to the login address URL of the identity Provider.
Answers
Suggested answer: B

Question 6

Report
Export
Collapse

Which three types of attacks would a 2-Factor Authentication solution help garden against?

A.
Key logging attacks
A.
Key logging attacks
Answers
B.
Network perimeter attacks
B.
Network perimeter attacks
Answers
C.
Phishing attacks
C.
Phishing attacks
Answers
D.
Dictionary attacks
D.
Dictionary attacks
Answers
E.
Man-in-the-middle attacks
E.
Man-in-the-middle attacks
Answers
Suggested answer: A, B, D

Question 7

Report
Export
Collapse

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

A.
Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
A.
Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
Answers
B.
Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
B.
Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
Answers
C.
Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
C.
Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
Answers
D.
Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
D.
Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
Answers
Suggested answer: D

Question 8

Report
Export
Collapse

Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

A.
Web Server flow
A.
Web Server flow
Answers
B.
JWT Bearer Token flow
B.
JWT Bearer Token flow
Answers
C.
Username-Password flow
C.
Username-Password flow
Answers
D.
User Agent flow
D.
User Agent flow
Answers
Suggested answer: B

Question 9

Report
Export
Collapse

Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

A.
Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
A.
Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
Answers
B.
Use information in the Signed Request that is received from Facebook.
B.
Use information in the Signed Request that is received from Facebook.
Answers
C.
Develop a scheduled job that calls out to Facebook on a nightly basis.
C.
Develop a scheduled job that calls out to Facebook on a nightly basis.
Answers
D.
Use the updateUser() method on the Registration Handler class.
D.
Use the updateUser() method on the Registration Handler class.
Answers
Suggested answer: D

Question 10

Report
Export
Collapse

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

A.
Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
A.
Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
Answers
B.
Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
B.
Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
Answers
C.
Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
C.
Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
Answers
D.
Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
D.
Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
Answers
Suggested answer: B
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms