ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 17

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 161

Report
Export
Collapse

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.

Which two options should the identity architect recommend to support dynamic branding for the site?

Choose 2 answers

A.
To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
A.
To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
Answers
B.
To use dynamic branding, the community must be built with the Customer Account Portal template.
B.
To use dynamic branding, the community must be built with the Customer Account Portal template.
Answers
C.
An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
C.
An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
Answers
D.
An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
D.
An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
Answers
Suggested answer: B, C

Question 162

Report
Export
Collapse

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.

What should an identity architect do to fulfill this requirement?

A.
Contact Salesforce Support and enable delegate single sign-on.
A.
Contact Salesforce Support and enable delegate single sign-on.
Answers
B.
Create a custom external authentication provider.
B.
Create a custom external authentication provider.
Answers
C.
Use certificate-based authentication.
C.
Use certificate-based authentication.
Answers
D.
Configure OpenID Connect authentication provider.
D.
Configure OpenID Connect authentication provider.
Answers
Suggested answer: B

Question 163

Report
Export
Collapse

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:

A.
The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
A.
The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
Answers
B.
Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
B.
Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
Answers
C.
The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
C.
The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
Answers
D.
If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .Which two options allow the Identity Architect to fulfill the requirements?Choose 2 answers
D.
If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .Which two options allow the Identity Architect to fulfill the requirements?Choose 2 answers
Answers
E.
Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
E.
Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
Answers
F.
Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
F.
Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
Answers
G.
Redirect the user to a custom page that allows the user to select an existing social identity for login.
G.
Redirect the user to a custom page that allows the user to select an existing social identity for login.
Answers
H.
Use the custom registration handler to link social identities to Salesforce identities.
H.
Use the custom registration handler to link social identities to Salesforce identities.
Answers
Suggested answer: B, D

Question 164

Report
Export
Collapse

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

A.
The Use Digital Signature option in the connected app.
A.
The Use Digital Signature option in the connected app.
Answers
B.
The "web" OAuth scope in the connected app,
B.
The "web" OAuth scope in the connected app,
Answers
C.
The "api" OAuth scope in the connected app.
C.
The "api" OAuth scope in the connected app.
Answers
D.
The "edair_api" OAuth scope m the connected app.
D.
The "edair_api" OAuth scope m the connected app.
Answers
Suggested answer: A, C

Question 165

Report
Export
Collapse

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.

What should be done to improve security?

A.
Select "Admin approved users are pre-authonzed" and assign specific profiles.
A.
Select "Admin approved users are pre-authonzed" and assign specific profiles.
Answers
B.
Create custom scopes and assign to the connected app.
B.
Create custom scopes and assign to the connected app.
Answers
C.
Define a permission set that grants access to the app and assign to authorized users.
C.
Define a permission set that grants access to the app and assign to authorized users.
Answers
D.
Leverage external objects and data classification policies.
D.
Leverage external objects and data classification policies.
Answers
Suggested answer: B

Question 166

Report
Export
Collapse

An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.

Which Salesforce OAuth authorization flow should be used?

A.
OAuth 2-0 SAML Bearer Assertion Flow
A.
OAuth 2-0 SAML Bearer Assertion Flow
Answers
B.
OAuth 2.0 JWT Bearer Flow
B.
OAuth 2.0 JWT Bearer Flow
Answers
C.
SAML Assertion Flow
C.
SAML Assertion Flow
Answers
D.
OAuth 2.0 User-Agent Flow
D.
OAuth 2.0 User-Agent Flow
Answers
Suggested answer: C

Question 167

Report
Export
Collapse

Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.

Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.

Which two steps should be done on the platform to satisfy the requirement?

Choose 2 answers

A.
Manage which connected apps a user has access to by assigning authentication providers to the users profile.
A.
Manage which connected apps a user has access to by assigning authentication providers to the users profile.
Answers
B.
Assign the connected app to the customer community, and enable the users profile in the Community settings.
B.
Assign the connected app to the customer community, and enable the users profile in the Community settings.
Answers
C.
Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
C.
Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
Answers
D.
Set each of the Connected App access settings to Admin Pre-Approved.
D.
Set each of the Connected App access settings to Admin Pre-Approved.
Answers
Suggested answer: C, D

Question 168

Report
Export
Collapse

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth.

NTO wants to use Salesforce Identity to register and authenticate new customers on the website.

Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?

Choose 2 answers

A.
Identity Connect
A.
Identity Connect
Answers
B.
Delegated Authentication
B.
Delegated Authentication
Answers
C.
Connected Apps
C.
Connected Apps
Answers
D.
Embedded Login
D.
Embedded Login
Answers
Suggested answer: B, D

Question 169

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

A.
Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
A.
Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
Answers
B.
Build an integration that queries LDAP periodically and creates new active users in Salesforce.
B.
Build an integration that queries LDAP periodically and creates new active users in Salesforce.
Answers
C.
Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
C.
Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
Answers
D.
Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
D.
Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
Answers
Suggested answer: C

Question 170

Report
Export
Collapse

An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.

What is recommended to fulfill this requirement with the least amount of customization?

A.
Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
A.
Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
Answers
B.
Use Login Flows to add a screen that shows personalized alerts.
B.
Use Login Flows to add a screen that shows personalized alerts.
Answers
C.
Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
C.
Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
Answers
D.
Create custom metadata that stores user alerts and use a LWC to display alerts.
D.
Create custom metadata that stores user alerts and use a LWC to display alerts.
Answers
Suggested answer: B
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms