ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?

Question 121

Report
Export
Collapse

Universal containers (UC) does my domain enable in the context of a SAML SSO configuration?

Choose 2 answers

A.
Resource deep linking
A.
Resource deep linking
Answers
B.
App launcher
B.
App launcher
Answers
C.
SSO from salesforce1 mobile app.
C.
SSO from salesforce1 mobile app.
Answers
D.
Login forensics
D.
Login forensics
Answers
Suggested answer: A, C

Question 122

Report
Export
Collapse

Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

A.
Modify the communitiesselfregcontroller to assign the profile and account.
A.
Modify the communitiesselfregcontroller to assign the profile and account.
Answers
B.
Modify the selfregistration trigger to assign profile and account.
B.
Modify the selfregistration trigger to assign profile and account.
Answers
C.
Configure registration for communities to use a custom visualforce page.
C.
Configure registration for communities to use a custom visualforce page.
Answers
D.
Configure registration for communities to use a custom apex controller.
D.
Configure registration for communities to use a custom apex controller.
Answers
Suggested answer: A, C

Question 123

Report
Export
Collapse

Universal containers (UC) has implemented SAML -based single Sign-on for their salesforce application. UC is using pingfederate as the Identity provider. To access salesforce, Users usually navigate to a bookmarked link to my domain URL. What type of single Sign-on is this?

A.
Sp-Initiated
A.
Sp-Initiated
Answers
B.
IDP-initiated with deep linking
B.
IDP-initiated with deep linking
Answers
C.
IDP-initiated
C.
IDP-initiated
Answers
D.
Web server flow.
D.
Web server flow.
Answers
Suggested answer: A

Question 124

Report
Export
Collapse

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

A.
Google is the service provider and Facebook is the identity provider
A.
Google is the service provider and Facebook is the identity provider
Answers
B.
Salesforce is the service provider and Google is the identity provider
B.
Salesforce is the service provider and Google is the identity provider
Answers
C.
Facebook is the service provider and salesforce is the identity provider
C.
Facebook is the service provider and salesforce is the identity provider
Answers
D.
Salesforce is the service provider and Facebook is the identity provider
D.
Salesforce is the service provider and Facebook is the identity provider
Answers
Suggested answer: B, D

Question 125

Report
Export
Collapse

Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

A.
The "Redirect to Identity Provider" option has been selected in the my domain configuration.
A.
The "Redirect to Identity Provider" option has been selected in the my domain configuration.
Answers
B.
The user has not configured the salesforce1 mobile app to use my domain for login
B.
The user has not configured the salesforce1 mobile app to use my domain for login
Answers
C.
The "Redirect to identity provider" option has not been selected the SAML configuration.
C.
The "Redirect to identity provider" option has not been selected the SAML configuration.
Answers
D.
The user has not been granted the "Enable single Sign-on" permission
D.
The user has not been granted the "Enable single Sign-on" permission
Answers
Suggested answer: B

Question 126

Report
Export
Collapse

Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

A.
Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
A.
Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
Answers
B.
Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
B.
Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
Answers
C.
Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
C.
Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
Answers
D.
Use custom login flows with callouts to a third-party fingerprint scanning application.
D.
Use custom login flows with callouts to a third-party fingerprint scanning application.
Answers
Suggested answer: D

Question 127

Report
Export
Collapse

An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

A.
Consumer key and consumer secret
A.
Consumer key and consumer secret
Answers
B.
Federation ID
B.
Federation ID
Answers
C.
User info endpoint URL
C.
User info endpoint URL
Answers
D.
Apex registration handler
D.
Apex registration handler
Answers
Suggested answer: D

Question 128

Report
Export
Collapse

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

A.
Federation ID
A.
Federation ID
Answers
B.
Salesforce User ID
B.
Salesforce User ID
Answers
C.
User Full Name
C.
User Full Name
Answers
D.
User Email Address
D.
User Email Address
Answers
E.
Salesforce Username
E.
Salesforce Username
Answers
Suggested answer: A, C, D

Question 129

Report
Export
Collapse

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.

How can the Architect meet these requirements?

A.
Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
A.
Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
Answers
B.
Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
B.
Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
Answers
C.
Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
C.
Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
Answers
D.
Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
D.
Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
Answers
Suggested answer: C

Question 130

Report
Export
Collapse

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HAN A. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.

Which two Salesforce license types does UC need for its employees'

Choose 2 answers

A.
Company Community and Identity licenses
A.
Company Community and Identity licenses
Answers
B.
Identity and Identity Connect licenses
B.
Identity and Identity Connect licenses
Answers
C.
Chatter Only and Identity licenses
C.
Chatter Only and Identity licenses
Answers
D.
Salesforce and Identity Connect licenses
D.
Salesforce and Identity Connect licenses
Answers
Suggested answer: B, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms