ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?

Question 111

Report
Export
Collapse

Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

A.
JWT Bearer Token flow
A.
JWT Bearer Token flow
Answers
B.
Refresh Token flow
B.
Refresh Token flow
Answers
C.
SAML Bearer Assertion flow
C.
SAML Bearer Assertion flow
Answers
D.
Web Service flow
D.
Web Service flow
Answers
Suggested answer: A, C

Question 112

Report
Export
Collapse

Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

A.
Use Delegated Authentication to call the Twitter login API to authenticate users.
A.
Use Delegated Authentication to call the Twitter login API to authenticate users.
Answers
B.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
B.
Configure an Authentication Provider for LinkedIn Social Media Accounts.
Answers
C.
Create a Custom Apex Registration Handler to handle new and existing users.
C.
Create a Custom Apex Registration Handler to handle new and existing users.
Answers
D.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
D.
Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
Answers
Suggested answer: B, C

Question 113

Report
Export
Collapse

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

A.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
A.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Answers
B.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
B.
Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
Answers
C.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
C.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Answers
D.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
D.
Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Answers
Suggested answer: A

Question 114

Report
Export
Collapse

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

A.
Validate token
A.
Validate token
Answers
B.
Create token
B.
Create token
Answers
C.
Consume token
C.
Consume token
Answers
D.
Revoke token
D.
Revoke token
Answers
Suggested answer: B

Question 115

Report
Export
Collapse

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?

Choose 2 answers

A.
Users leaving laptops unattended and not logging out of Salesforce.
A.
Users leaving laptops unattended and not logging out of Salesforce.
Answers
B.
Users accessing Salesforce from a public Wi-Fi access point.
B.
Users accessing Salesforce from a public Wi-Fi access point.
Answers
C.
Users choosing passwords that are the same as their Facebook password.
C.
Users choosing passwords that are the same as their Facebook password.
Answers
D.
Users creating simple-to-guess password reset questions.
D.
Users creating simple-to-guess password reset questions.
Answers
Suggested answer: B, C

Question 116

Report
Export
Collapse

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system.

What is the most likely reason for this behaviour?

A.
User Provisioning for Connected Apps does not support role sync.
A.
User Provisioning for Connected Apps does not support role sync.
Answers
B.
Required operation(s) was not mapped in User Provisioning Settings.
B.
Required operation(s) was not mapped in User Provisioning Settings.
Answers
C.
The Approval queue for User Provisioning Requests is unmonitored.
C.
The Approval queue for User Provisioning Requests is unmonitored.
Answers
D.
Salesforce roles have more than three levels in the role hierarchy.
D.
Salesforce roles have more than three levels in the role hierarchy.
Answers
Suggested answer: A

Question 117

Report
Export
Collapse

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

A.
Web server
A.
Web server
Answers
B.
Jwt bearer token
B.
Jwt bearer token
Answers
C.
User-Agent
C.
User-Agent
Answers
D.
Username-password
D.
Username-password
Answers
Suggested answer: A, C

Question 118

Report
Export
Collapse

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

A.
My domain is configured and active within salesforce.
A.
My domain is configured and active within salesforce.
Answers
B.
The salesforce SSO settings are using http post
B.
The salesforce SSO settings are using http post
Answers
C.
The identity provider is correctly preserving the Relay state
C.
The identity provider is correctly preserving the Relay state
Answers
D.
The users have the correct Federation ID within salesforce.
D.
The users have the correct Federation ID within salesforce.
Answers
Suggested answer: C

Question 119

Report
Export
Collapse

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users.

The service supporting Delegated Authentication is written in Jav a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.

Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

A.
Delegated Authentication will not work with a.net service.
A.
Delegated Authentication will not work with a.net service.
Answers
B.
Delegated Authentication will continue to work with rest services.
B.
Delegated Authentication will continue to work with rest services.
Answers
C.
Delegated Authentication will continue to work with a.net service.
C.
Delegated Authentication will continue to work with a.net service.
Answers
D.
Delegated Authentication will not work with rest services.
D.
Delegated Authentication will not work with rest services.
Answers
Suggested answer: C, D

Question 120

Report
Export
Collapse

Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app.

Which two recommendations should the architect make? Choose 2 answers

A.
Use the existing SAML SSO flow along with user agent flow.
A.
Use the existing SAML SSO flow along with user agent flow.
Answers
B.
Configure the embedded Web browser to use my domain URL.
B.
Configure the embedded Web browser to use my domain URL.
Answers
C.
Use the existing SAML SSO flow along with Web server flow
C.
Use the existing SAML SSO flow along with Web server flow
Answers
D.
Configure the salesforce1 app to use the my domain URL
D.
Configure the salesforce1 app to use the my domain URL
Answers
Suggested answer: A, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms