ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 14

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?

Question 131

Report
Export
Collapse

Universal Containers built a custom mobile app for their field reps to create orders in Salesforce.

OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.

What should the logout function perform in this scenario, where user sessions are refreshed automatically?

A.
Invoke the revocation URL and pass the refresh token.
A.
Invoke the revocation URL and pass the refresh token.
Answers
B.
Clear out the client Id to stop auto session refresh.
B.
Clear out the client Id to stop auto session refresh.
Answers
C.
Invoke the revocation URL and pass the access token.
C.
Invoke the revocation URL and pass the access token.
Answers
D.
Clear out all the tokens to stop auto session refresh.
D.
Clear out all the tokens to stop auto session refresh.
Answers
Suggested answer: A

Question 132

Report
Export
Collapse

Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.

Which two actions should the Architect recommend to UC1

Choose 2 answers

A.
Configure Registration for Communities to use a custom Visualforce Page.
A.
Configure Registration for Communities to use a custom Visualforce Page.
Answers
B.
Modify the SelfRegistration trigger to assign Profile and Account.
B.
Modify the SelfRegistration trigger to assign Profile and Account.
Answers
C.
Modify the CommunitiesSelfRegController to assign the Profile and Account.
C.
Modify the CommunitiesSelfRegController to assign the Profile and Account.
Answers
D.
Configure Registration for Communities to use a custom Apex Controller.
D.
Configure Registration for Communities to use a custom Apex Controller.
Answers
Suggested answer: A, C

Question 133

Report
Export
Collapse

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

A.
Financial System and CPQ System are the only Service Providers.
A.
Financial System and CPQ System are the only Service Providers.
Answers
B.
Salesforce Org1 and Salesforce Org2 are the only Service Providers.
B.
Salesforce Org1 and Salesforce Org2 are the only Service Providers.
Answers
C.
Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
C.
Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
Answers
D.
Salesforce Org1 and PingFederate are acting as Identity Providers.
D.
Salesforce Org1 and PingFederate are acting as Identity Providers.
Answers
Suggested answer: D

Question 134

Report
Export
Collapse

Which two considerations should be made when implementing Delegated Authentication?

Choose 2 answers

A.
The authentication web service can include custom attributes.
A.
The authentication web service can include custom attributes.
Answers
B.
It can be used to authenticate API clients and mobile apps.
B.
It can be used to authenticate API clients and mobile apps.
Answers
C.
It requires trusted IP ranges at the User Profile level.
C.
It requires trusted IP ranges at the User Profile level.
Answers
D.
Salesforce servers receive but do not validate a user’s credentials.
D.
Salesforce servers receive but do not validate a user’s credentials.
Answers
E.
Just-in-time Provisioning can be configured for new users.
E.
Just-in-time Provisioning can be configured for new users.
Answers
Suggested answer: B, E

Question 135

Report
Export
Collapse

Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking'

A.
Web Server OAuth SSO flow
A.
Web Server OAuth SSO flow
Answers
B.
Service-Provider-Initiated SSO
B.
Service-Provider-Initiated SSO
Answers
C.
Identity-Provider-initiated SSO
C.
Identity-Provider-initiated SSO
Answers
D.
StartURL on Identity Provider
D.
StartURL on Identity Provider
Answers
Suggested answer: B

Question 136

Report
Export
Collapse

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

A.
Require the use of Salesforce security tokens on passwords.
A.
Require the use of Salesforce security tokens on passwords.
Answers
B.
Enforce mutual authentication between systems using SSL.
B.
Enforce mutual authentication between systems using SSL.
Answers
C.
Include Client Id and Client Secret in the login header callout.
C.
Include Client Id and Client Secret in the login header callout.
Answers
D.
Set up a proxy service for the login service in the DMZ.
D.
Set up a proxy service for the login service in the DMZ.
Answers
Suggested answer: A

Question 137

Report
Export
Collapse

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.

Which Salesforce OAuth authorization flow should be used?

A.
OAuth 2.0 JWT Bearer How
A.
OAuth 2.0 JWT Bearer How
Answers
B.
OAuth 2.0 Device Flow
B.
OAuth 2.0 Device Flow
Answers
C.
OAuth 2.0 User-Agent Flow
C.
OAuth 2.0 User-Agent Flow
Answers
D.
OAuth 2.0 Asset Token Flow
D.
OAuth 2.0 Asset Token Flow
Answers
Suggested answer: B

Question 138

Report
Export
Collapse

Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.

What are two are key benefits of Customer 360 Identity as it relates to Customer 360?

Choose 2 answers

A.
Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
A.
Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
Answers
B.
Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
B.
Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
Answers
C.
Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
C.
Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
Answers
D.
Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
D.
Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
Answers
Suggested answer: B, C

Question 139

Report
Export
Collapse

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

Which three functions meet the Salesforce criteria for secure mfa?

Choose 3 answers

A.
username and password + SMS passcode
A.
username and password + SMS passcode
Answers
B.
Username and password + secunty key
B.
Username and password + secunty key
Answers
C.
Third-party single sign-on with Mobile Authenticator app
C.
Third-party single sign-on with Mobile Authenticator app
Answers
D.
Certificate-based Authentication
D.
Certificate-based Authentication
Answers
E.
Lightning Login
E.
Lightning Login
Answers
Suggested answer: B, C, E

Question 140

Report
Export
Collapse

Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.

Which three steps should the identity architect use to implement this requirement?

Choose 3 answers

A.
Create an approval process for a custom object associated with the provisioning flow.
A.
Create an approval process for a custom object associated with the provisioning flow.
Answers
B.
Create a connected app for Concur in Salesforce.
B.
Create a connected app for Concur in Salesforce.
Answers
C.
Enable User Provisioning for the connected app.
C.
Enable User Provisioning for the connected app.
Answers
D.
Create an approval process for user object associated with the provisioning flow.
D.
Create an approval process for user object associated with the provisioning flow.
Answers
E.
Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
E.
Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
Answers
Suggested answer: B, C, E
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms