ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 16

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty dat a. Which two actions should UC take to prevent unauthorised form submissions during the selfregistration process? Choose 2 answers
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its ecommerce users with the customer community?
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

Question 151

Report
Export
Collapse

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.

What should an identity architect recommend to meet these requirements?

A.
Configure a predefined authentication provider for Amazon.
A.
Configure a predefined authentication provider for Amazon.
Answers
B.
Create a custom external authentication provider for Amazon.
B.
Create a custom external authentication provider for Amazon.
Answers
C.
Configure an OpenID Connect Authentication Provider for Amazon.
C.
Configure an OpenID Connect Authentication Provider for Amazon.
Answers
D.
Configure Amazon as a connected app.
D.
Configure Amazon as a connected app.
Answers
Suggested answer: C

Question 152

Report
Export
Collapse

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

Which two issues would cause these errors?

Choose 2 answers

A.
The subject element is missing from the assertion sent to salesforce.
A.
The subject element is missing from the assertion sent to salesforce.
Answers
B.
The certificate loaded into SSO configuration does not match the certificate used by the IdP.
B.
The certificate loaded into SSO configuration does not match the certificate used by the IdP.
Answers
C.
The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
C.
The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
Answers
D.
The assertion sent to 5alesforce contains an assertion ID previously used.
D.
The assertion sent to 5alesforce contains an assertion ID previously used.
Answers
Suggested answer: A, D

Question 153

Report
Export
Collapse

A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.

Which action will accomplish this?

A.
Use a HTTP POST to request the refresh token for the current user.
A.
Use a HTTP POST to request the refresh token for the current user.
Answers
B.
Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, includingthe current OAuth token.
B.
Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, includingthe current OAuth token.
Answers
C.
Use a HTTP POST to make a call to the revoke token endpoint.
C.
Use a HTTP POST to make a call to the revoke token endpoint.
Answers
D.
Enable Single Logout with a secure logout URL.
D.
Enable Single Logout with a secure logout URL.
Answers
Suggested answer: C

Question 154

Report
Export
Collapse

The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.

What should be used and considered before recommending it as a solution on the Salesforce Platform?

A.
OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
A.
OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
Answers
B.
Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
B.
Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
Answers
C.
Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
C.
Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
Answers
D.
Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
D.
Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
Answers
Suggested answer: D

Question 155

Report
Export
Collapse

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.

Which two licenses are needed to meet this requirement?

Choose 2 answers

A.
External Identity Licenses
A.
External Identity Licenses
Answers
B.
Identity Connect Licenses
B.
Identity Connect Licenses
Answers
C.
Email Verification Credits
C.
Email Verification Credits
Answers
D.
SMS verification Credits
D.
SMS verification Credits
Answers
Suggested answer: A, D

Question 156

Report
Export
Collapse

Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.

NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.

What role does identity Connect play in the outlined requirements?

A.
Service Provider
A.
Service Provider
Answers
B.
Single Sign-On
B.
Single Sign-On
Answers
C.
Identity Provider
C.
Identity Provider
Answers
D.
User Management
D.
User Management
Answers
Suggested answer: D

Question 157

Report
Export
Collapse

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.

Which two options should be utilized in creating an authentication provider?

Choose 2 answers

A.
A custom registration handier can be set.
A.
A custom registration handier can be set.
Answers
B.
A custom error URL can be set.
B.
A custom error URL can be set.
Answers
C.
The default login user can be set.
C.
The default login user can be set.
Answers
D.
The default authentication provider certificate can be set.
D.
The default authentication provider certificate can be set.
Answers
Suggested answer: A, B

Question 158

Report
Export
Collapse

Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application.

Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.

Which two Salesforce tools should an identity architect recommend to satisfy the requirements?

Choose 2 answers

A.
salesforce Canvas
A.
salesforce Canvas
Answers
B.
Identity Connect
B.
Identity Connect
Answers
C.
Connected Apps
C.
Connected Apps
Answers
D.
App Launcher
D.
App Launcher
Answers
Suggested answer: A, D

Question 159

Report
Export
Collapse

Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.

What should an identity architect use to show which part of the login assertion is fading?

A.
SAML Metadata file importer
A.
SAML Metadata file importer
Answers
B.
Identity Provider Metadata download
B.
Identity Provider Metadata download
Answers
C.
Connected App Manager
C.
Connected App Manager
Answers
D.
Security Assertion Markup Language Validator
D.
Security Assertion Markup Language Validator
Answers
Suggested answer: D

Question 160

Report
Export
Collapse

A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile.

Customers should be able to obtain exercise details and fitness recommendation in the community.

Which should be used to satisfy this requirement?

A.
Named Credentials
A.
Named Credentials
Answers
B.
Login Flows
B.
Login Flows
Answers
C.
OAuth Device Flow
C.
OAuth Device Flow
Answers
D.
Single Sign-On Settings
D.
Single Sign-On Settings
Answers
Suggested answer: C
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms