ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 19

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 181

Report
Export
Collapse

Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services

(AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.

How should an identity architect configure AWS to authenticate and authorize Salesforce users?

A.
Configure the custom employee app as a connected app.
A.
Configure the custom employee app as a connected app.
Answers
B.
Configure AWS as an OpenID Connect Provider.
B.
Configure AWS as an OpenID Connect Provider.
Answers
C.
Create a custom external authentication provider.
C.
Create a custom external authentication provider.
Answers
D.
Develop a custom Auth server in AWS.
D.
Develop a custom Auth server in AWS.
Answers
Suggested answer: B

Question 182

Report
Export
Collapse

Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.

What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

A.
Identity Provider (IdP)
A.
Identity Provider (IdP)
Answers
B.
Resource Server
B.
Resource Server
Answers
C.
Service Provider (SP)
C.
Service Provider (SP)
Answers
D.
Client Application
D.
Client Application
Answers
Suggested answer: C

Question 183

Report
Export
Collapse

Refer to the exhibit.

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

A.
Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
A.
Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
Answers
B.
Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
B.
Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
Answers
C.
Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
C.
Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
Answers
D.
Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
D.
Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
Answers
Suggested answer: B

Question 184

Report
Export
Collapse

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:

A.
Enter a phone number and/or email address
A.
Enter a phone number and/or email address
Answers
B.
Enter a verification code that is to be sent via email or text.What is the recommended approach to fulfill this requirement?
B.
Enter a verification code that is to be sent via email or text.What is the recommended approach to fulfill this requirement?
Answers
C.
Create a Login Discovery page and provide a Login Discovery Handler Apex class.
C.
Create a Login Discovery page and provide a Login Discovery Handler Apex class.
Answers
D.
Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.
D.
Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.
Answers
E.
Create an Authentication provider and implement a self-registration handler class.
E.
Create an Authentication provider and implement a self-registration handler class.
Answers
F.
Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
F.
Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
Answers
Suggested answer: A

Question 185

Report
Export
Collapse

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

What should be used to fulfill this requirement?

A.
Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
A.
Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
Answers
B.
Use the Activations feature to meet the compliance requirement to track device information.
B.
Use the Activations feature to meet the compliance requirement to track device information.
Answers
C.
Use the Login History object to track information about devices from which users log in.
C.
Use the Login History object to track information about devices from which users log in.
Answers
D.
Use Login Flows to capture device from which users log in and store device and user information in a custom object.
D.
Use Login Flows to capture device from which users log in and store device and user information in a custom object.
Answers
Suggested answer: B

Question 186

Report
Export
Collapse

Users logging into Salesforce are frequently prompted to verify their identity.

The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.

What should the identity architect recommend to meet the requirement?

A.
Implement 2FA authentication for the Salesforce org.
A.
Implement 2FA authentication for the Salesforce org.
Answers
B.
Set trusted IP ranges for the organization.
B.
Set trusted IP ranges for the organization.
Answers
C.
Implement an single sign-on for Salesforce using an external identity provider.
C.
Implement an single sign-on for Salesforce using an external identity provider.
Answers
D.
Implement multi-factor authentication for the Salesforce org.
D.
Implement multi-factor authentication for the Salesforce org.
Answers
Suggested answer: B

Question 187

Report
Export
Collapse

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single signon (SSO).

Which feature of Identity Connect is applicable for this scenano?

A.
When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
A.
When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
Answers
B.
If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
B.
If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
Answers
C.
Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
C.
Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
Answers
D.
When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
D.
When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
Answers
Suggested answer: A

Question 188

Report
Export
Collapse

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.

What should a identity architect recommend to create partners?

A.
On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
A.
On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
Answers
B.
Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
B.
Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
Answers
C.
Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
C.
Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
Answers
D.
Allow partners to register through the IdP and create partner users in Salesforce through an API.
D.
Allow partners to register through the IdP and create partner users in Salesforce through an API.
Answers
Suggested answer: B

Question 189

Report
Export
Collapse

A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.

What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

A.
Use a connected app with user provisioning flow.
A.
Use a connected app with user provisioning flow.
Answers
B.
Create Canvas app in Salesforce for third-party app to provision users.
B.
Create Canvas app in Salesforce for third-party app to provision users.
Answers
C.
Redirect users to the third-party app for registration.
C.
Redirect users to the third-party app for registration.
Answers
D.
Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
D.
Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
Answers
Suggested answer: A

Question 190

Report
Export
Collapse

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.

Which two actions should an identity architect recommend to meet these requirements?

Choose 2 answers

A.
Create a custom external authentication provider for Facebook.
A.
Create a custom external authentication provider for Facebook.
Answers
B.
Configure a predefined authentication provider for Facebook.
B.
Configure a predefined authentication provider for Facebook.
Answers
C.
Create a custom external authentication provider for Twitter.
C.
Create a custom external authentication provider for Twitter.
Answers
D.
Configure a predefined authentication provider for Twitter.
D.
Configure a predefined authentication provider for Twitter.
Answers
Suggested answer: B, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms