ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 18

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 171

Report
Export
Collapse

Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?

Choose 2 answers

A.
Enable My Domain and select "Prevent login from https://login.salesforce.com".
A.
Enable My Domain and select "Prevent login from https://login.salesforce.com".
Answers
B.
Request Salesforce Support to enable delegated authentication.
B.
Request Salesforce Support to enable delegated authentication.
Answers
C.
Once SSO is enabled, users are only able to login using Salesforce credentials.
C.
Once SSO is enabled, users are only able to login using Salesforce credentials.
Answers
D.
Assign user "is Single Sign-on Enabled" permission via profile or permission set.
D.
Assign user "is Single Sign-on Enabled" permission via profile or permission set.
Answers
Suggested answer: A, D

Question 172

Report
Export
Collapse

A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.

What should an identity architect use to fulfill this requirement?

A.
Canvas App Integration
A.
Canvas App Integration
Answers
B.
OAuth Tokens
B.
OAuth Tokens
Answers
C.
Authentication Providers
C.
Authentication Providers
Answers
D.
Connected App and OAuth scopes
D.
Connected App and OAuth scopes
Answers
Suggested answer: D

Question 173

Report
Export
Collapse

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.

How should the quantity of required Identity Verification Credits be estimated?

A.
Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
A.
Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
Answers
B.
Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
B.
Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
Answers
C.
Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
C.
Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
Answers
D.
Identity Verification Credits are a direct add-on license based on the number of existing memberbased or login-based Community licenses.
D.
Identity Verification Credits are a direct add-on license based on the number of existing memberbased or login-based Community licenses.
Answers
Suggested answer: B

Question 174

Report
Export
Collapse

Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

Which license should the identity architect recommend to fulfill this requirement?

A.
Identity Only License
A.
Identity Only License
Answers
B.
External Identity License
B.
External Identity License
Answers
C.
Identity Verification Credits Add-on License
C.
Identity Verification Credits Add-on License
Answers
D.
Identity Connect License
D.
Identity Connect License
Answers
Suggested answer: A

Question 175

Report
Export
Collapse

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.

How should a partner identity be provisioned in Salesforce for this solution?

A.
Create only a contact.
A.
Create only a contact.
Answers
B.
Create a contactless user.
B.
Create a contactless user.
Answers
C.
Create a user and a related contact.
C.
Create a user and a related contact.
Answers
D.
Create a person account.
D.
Create a person account.
Answers
Suggested answer: C

Question 176

Report
Export
Collapse

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?

A.
Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
A.
Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
Answers
B.
Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
B.
Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
Answers
C.
Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time(JIT) provisioning.
C.
Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time(JIT) provisioning.
Answers
D.
Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
D.
Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
Answers
Suggested answer: B

Question 177

Report
Export
Collapse

A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A.
Login Forensics
A.
Login Forensics
Answers
B.
Login Report
B.
Login Report
Answers
C.
Login Inspector
C.
Login Inspector
Answers
D.
Login History
D.
Login History
Answers
Suggested answer: A

Question 178

Report
Export
Collapse

A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.

Which two steps should an identity architect recommend?

Choose 2 answers

A.
Implement Auth.SamlJitHandler Interface.
A.
Implement Auth.SamlJitHandler Interface.
Answers
B.
Create and update methods.
B.
Create and update methods.
Answers
C.
Implement RegistrationHandler Interface.
C.
Implement RegistrationHandler Interface.
Answers
D.
Implement SesslonManagement Class.
D.
Implement SesslonManagement Class.
Answers
Suggested answer: A, B

Question 179

Report
Export
Collapse

A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors.

They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.

Which OAuth flow should the architect recommend?

A.
OAuth 2.0 Asset Token Flow
A.
OAuth 2.0 Asset Token Flow
Answers
B.
OAuth 2.0 Device Authentication Row
B.
OAuth 2.0 Device Authentication Row
Answers
C.
OAuth 2.0 JWT Bearer Token Flow
C.
OAuth 2.0 JWT Bearer Token Flow
Answers
D.
OAuth 2.0 SAML Bearer Assertion Flow
D.
OAuth 2.0 SAML Bearer Assertion Flow
Answers
Suggested answer: A

Question 180

Report
Export
Collapse

An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.

Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

A.
Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
A.
Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
Answers
B.
Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
B.
Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
Answers
C.
Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
C.
Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
Answers
D.
Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
D.
Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
Answers
Suggested answer: A
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms