ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 15

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?

Question 141

Report
Export
Collapse

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

What should be enabled in Salesforce as a prerequisite?

A.
My Domain
A.
My Domain
Answers
B.
External Identity
B.
External Identity
Answers
C.
Identity Provider
C.
Identity Provider
Answers
D.
Multi-Factor Authentication
D.
Multi-Factor Authentication
Answers
Suggested answer: A

Question 142

Report
Export
Collapse

Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization. what should an identity architect do to fulfill the above requirements?

A.
For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
A.
For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
Answers
B.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
B.
Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
Answers
C.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
C.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authorize/cookie_value.
Answers
D.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
D.
Authorize third-party service by sending authorization requests to the communityurl/ services/oauth2/authonze/expid_value.
Answers
Suggested answer: D

Question 143

Report
Export
Collapse

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.

What should be done to fulfill the requirement?

Choose 2 answers

A.
Setup Salesforce as an identity provider (IdP) for order Tracking.
A.
Setup Salesforce as an identity provider (IdP) for order Tracking.
Answers
B.
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
B.
Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
Answers
C.
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
C.
Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
Answers
D.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
D.
Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
Answers
Suggested answer: A, B

Question 144

Report
Export
Collapse

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.

What should an identity architect recommend?

A.
Setup Salesforce as a Service Provider to the existing IdP.
A.
Setup Salesforce as a Service Provider to the existing IdP.
Answers
B.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
B.
Setup Salesforce as an IdP to authenticate against the LDAP directory.
Answers
C.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
C.
Use Salesforce connect to synchronize LDAP passwords to Salesforce.
Answers
D.
Setup Salesforce as an Authentication Provider to the existing IdP.
D.
Setup Salesforce as an Authentication Provider to the existing IdP.
Answers
Suggested answer: A

Question 145

Report
Export
Collapse

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

A.
Query using OpenID Connect discovery endpoint.
A.
Query using OpenID Connect discovery endpoint.
Answers
B.
A Leverage OpenID Connect Token Introspection.
B.
A Leverage OpenID Connect Token Introspection.
Answers
C.
Create a custom OAuth scope.
C.
Create a custom OAuth scope.
Answers
D.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
D.
Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Answers
Suggested answer: B

Question 146

Report
Export
Collapse

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.

What should the IAM do to fulfill this requirement?

A.
Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
A.
Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
Answers
B.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
B.
Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
Answers
C.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
C.
Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
Answers
D.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
D.
Confirm performance considerations with Salesforce Customer Support due to high peaks.
Answers
Suggested answer: D

Question 147

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.

What is the potential impact to the architecture if NTO decides to implement this feature?

A.
Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
A.
Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
Answers
B.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
B.
If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
Answers
C.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
C.
Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
Answers
D.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
D.
Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Answers
Suggested answer: C

Question 148

Report
Export
Collapse

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

A.
Client ID
A.
Client ID
Answers
B.
Refresh Token
B.
Refresh Token
Answers
C.
Authorization Code
C.
Authorization Code
Answers
D.
Verification Code
D.
Verification Code
Answers
E.
Scopes
E.
Scopes
Answers
Suggested answer: A, B, E

Question 149

Report
Export
Collapse

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.

The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.

Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

A.
Just-in-Time (JIT) provisioning
A.
Just-in-Time (JIT) provisioning
Answers
B.
Custom middleware and web services
B.
Custom middleware and web services
Answers
C.
Custom login flow and Apex handler
C.
Custom login flow and Apex handler
Answers
D.
Third-party AppExchange solution
D.
Third-party AppExchange solution
Answers
Suggested answer: A

Question 150

Report
Export
Collapse

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:

A.
User Authenticates and Authorizes Access
A.
User Authenticates and Authorizes Access
Answers
B.
Request an Access Token
B.
Request an Access Token
Answers
C.
Salesforce Grants an Access Token
C.
Salesforce Grants an Access Token
Answers
D.
Request an Authorization Code
D.
Request an Authorization Code
Answers
E.
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
E.
Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?
Answers
F.
1, 4, 5, 2, 3
F.
1, 4, 5, 2, 3
Answers
G.
4, 1, 5, 2, 3
G.
4, 1, 5, 2, 3
Answers
H.
2, 1, 3, 4, 5
H.
2, 1, 3, 4, 5
Answers
I.
4,5,2, 3, 1
I.
4,5,2, 3, 1
Answers
Suggested answer: D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms