ExamGecko
Login
Ask Question

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 14

List of questions

Question 131

Report
Export
Collapse

Universal Containers built a custom mobile app for their field reps to create orders in Salesforce.

OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.

What should the logout function perform in this scenario, where user sessions are refreshed automatically?

Invoke the revocation URL and pass the refresh token.
Invoke the revocation URL and pass the refresh token.
Clear out the client Id to stop auto session refresh.
Clear out the client Id to stop auto session refresh.
Invoke the revocation URL and pass the access token.
Invoke the revocation URL and pass the access token.
Clear out all the tokens to stop auto session refresh.
Clear out all the tokens to stop auto session refresh.
Suggested answer: A
asked 23/09/2024
gokulakrishna S B
37 questions

Question 132

Report
Export
Collapse

Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.

Which two actions should the Architect recommend to UC1

Choose 2 answers

Configure Registration for Communities to use a custom Visualforce Page.
Configure Registration for Communities to use a custom Visualforce Page.
Modify the SelfRegistration trigger to assign Profile and Account.
Modify the SelfRegistration trigger to assign Profile and Account.
Modify the CommunitiesSelfRegController to assign the Profile and Account.
Modify the CommunitiesSelfRegController to assign the Profile and Account.
Configure Registration for Communities to use a custom Apex Controller.
Configure Registration for Communities to use a custom Apex Controller.
Suggested answer: A, C
asked 23/09/2024
Kefash White
38 questions

Question 133

Report
Export
Collapse

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

Salesforce Certified Identity and Access Management Architect image Question 133 63233 09232024002508000000

What role combination is represented by the systems in this scenario''

Financial System and CPQ System are the only Service Providers.
Financial System and CPQ System are the only Service Providers.
Salesforce Org1 and Salesforce Org2 are the only Service Providers.
Salesforce Org1 and Salesforce Org2 are the only Service Providers.
Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
Salesforce Org1 and PingFederate are acting as Identity Providers.
Salesforce Org1 and PingFederate are acting as Identity Providers.
Suggested answer: D
asked 23/09/2024
Jeff Benson
44 questions

Question 134

Report
Export
Collapse

Which two considerations should be made when implementing Delegated Authentication?

Choose 2 answers

The authentication web service can include custom attributes.
The authentication web service can include custom attributes.
It can be used to authenticate API clients and mobile apps.
It can be used to authenticate API clients and mobile apps.
It requires trusted IP ranges at the User Profile level.
It requires trusted IP ranges at the User Profile level.
Salesforce servers receive but do not validate a user’s credentials.
Salesforce servers receive but do not validate a user’s credentials.
Just-in-time Provisioning can be configured for new users.
Just-in-time Provisioning can be configured for new users.
Suggested answer: B, E
asked 23/09/2024
Robert Pila
39 questions

Question 135

Report
Export
Collapse

Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking'

Web Server OAuth SSO flow
Web Server OAuth SSO flow
Service-Provider-Initiated SSO
Service-Provider-Initiated SSO
Identity-Provider-initiated SSO
Identity-Provider-initiated SSO
StartURL on Identity Provider
StartURL on Identity Provider
Suggested answer: B
asked 23/09/2024
Padraig Walsh
34 questions

Question 136

Report
Export
Collapse

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

Require the use of Salesforce security tokens on passwords.
Require the use of Salesforce security tokens on passwords.
Enforce mutual authentication between systems using SSL.
Enforce mutual authentication between systems using SSL.
Include Client Id and Client Secret in the login header callout.
Include Client Id and Client Secret in the login header callout.
Set up a proxy service for the login service in the DMZ.
Set up a proxy service for the login service in the DMZ.
Suggested answer: A
asked 23/09/2024
JED MEDIA
37 questions

Question 137

Report
Export
Collapse

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.

Which Salesforce OAuth authorization flow should be used?

OAuth 2.0 JWT Bearer How
OAuth 2.0 JWT Bearer How
OAuth 2.0 Device Flow
OAuth 2.0 Device Flow
OAuth 2.0 User-Agent Flow
OAuth 2.0 User-Agent Flow
OAuth 2.0 Asset Token Flow
OAuth 2.0 Asset Token Flow
Suggested answer: B
asked 23/09/2024
Hariett Mambo
44 questions

Question 138

Report
Export
Collapse

Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.

What are two are key benefits of Customer 360 Identity as it relates to Customer 360?

Choose 2 answers

Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
Suggested answer: B, C
asked 23/09/2024
Kyle Norton
37 questions

Question 139

Report
Export
Collapse

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

Which three functions meet the Salesforce criteria for secure mfa?

Choose 3 answers

username and password + SMS passcode
username and password + SMS passcode
Username and password + secunty key
Username and password + secunty key
Third-party single sign-on with Mobile Authenticator app
Third-party single sign-on with Mobile Authenticator app
Certificate-based Authentication
Certificate-based Authentication
Lightning Login
Lightning Login
Suggested answer: B, C, E
asked 23/09/2024
Joseph Daly
43 questions

Question 140

Report
Export
Collapse

Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.

Which three steps should the identity architect use to implement this requirement?

Choose 3 answers

Create an approval process for a custom object associated with the provisioning flow.
Create an approval process for a custom object associated with the provisioning flow.
Create a connected app for Concur in Salesforce.
Create a connected app for Concur in Salesforce.
Enable User Provisioning for the connected app.
Enable User Provisioning for the connected app.
Create an approval process for user object associated with the provisioning flow.
Create an approval process for user object associated with the provisioning flow.
Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
Suggested answer: B, C, E
asked 23/09/2024
Arslan Ibragimov
40 questions
Total 248 questions
Go to page: of 25
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?