ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 11

Report
Export
Collapse

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

A.
IdP-initiated SSO will NOT work.
A.
IdP-initiated SSO will NOT work.
Answers
B.
Neither SP- nor IdP-initiated SSO will work.
B.
Neither SP- nor IdP-initiated SSO will work.
Answers
C.
Either SP- or IdP-initiated SSO will work.
C.
Either SP- or IdP-initiated SSO will work.
Answers
D.
SP-initiated SSO will NOT work
D.
SP-initiated SSO will NOT work
Answers
Suggested answer: B

Question 12

Report
Export
Collapse

Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

A.
App Launcher
A.
App Launcher
Answers
B.
Resource deep linking
B.
Resource deep linking
Answers
C.
SSO from Salesforce Mobile App
C.
SSO from Salesforce Mobile App
Answers
D.
Login Forensics
D.
Login Forensics
Answers
Suggested answer: B, C

Question 13

Report
Export
Collapse

Universal Containers wants to implement SAML SSO for their internal Salesforce users using a thirdparty IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

A.
SP-initiated SSO will not work.
A.
SP-initiated SSO will not work.
Answers
B.
Neither SP- nor IdP-initiated SSO will work.
B.
Neither SP- nor IdP-initiated SSO will work.
Answers
C.
Either SP- or IdP-initiated SSO will work.
C.
Either SP- or IdP-initiated SSO will work.
Answers
D.
IdP-initiated SSO will not work.
D.
IdP-initiated SSO will not work.
Answers
Suggested answer: B

Question 14

Report
Export
Collapse

Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

A.
JWT Bearer Token Flow
A.
JWT Bearer Token Flow
Answers
B.
Web Server Authentication Flow
B.
Web Server Authentication Flow
Answers
C.
User Agent Flow
C.
User Agent Flow
Answers
D.
Username and Password Flow
D.
Username and Password Flow
Answers
Suggested answer: C

Question 15

Report
Export
Collapse

which three are features of federated Single Sign-on solutions? Choose 3 answers

A.
It federates credentials control to authorized applications.
A.
It federates credentials control to authorized applications.
Answers
B.
It establishes trust between Identity store and service provider.
B.
It establishes trust between Identity store and service provider.
Answers
C.
It solves all identity and access management problems.
C.
It solves all identity and access management problems.
Answers
D.
It improves affiliated applications adoption rates.
D.
It improves affiliated applications adoption rates.
Answers
E.
It enables quick and easy provisioning and deactivating of users.
E.
It enables quick and easy provisioning and deactivating of users.
Answers
Suggested answer: B, C, E

Question 16

Report
Export
Collapse

Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

A.
Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
A.
Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
Answers
B.
Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
B.
Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
Answers
C.
Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
C.
Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
Answers
D.
Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
D.
Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
Answers
Suggested answer: D

Question 17

Report
Export
Collapse

Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A.
Disallow the use of single Sign-on for any users of the mobile app.
A.
Disallow the use of single Sign-on for any users of the mobile app.
Answers
B.
Require high assurance sessions in order to use the connected App
B.
Require high assurance sessions in order to use the connected App
Answers
C.
Use Google Authenticator as an additional part of the logical processes.
C.
Use Google Authenticator as an additional part of the logical processes.
Answers
D.
Set login IP ranges to the internal network for all of the app users profiles.
D.
Set login IP ranges to the internal network for all of the app users profiles.
Answers
Suggested answer: B, C

Question 18

Report
Export
Collapse

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

A.
The Self-signed Certificates from the Certificate & Key Management menu.
A.
The Self-signed Certificates from the Certificate & Key Management menu.
Answers
B.
The default client Certificate from the Develop--> API menu.
B.
The default client Certificate from the Develop--> API menu.
Answers
C.
The default client Certificate or the Certificate and Key Management menu.
C.
The default client Certificate or the Certificate and Key Management menu.
Answers
D.
The CA-signed Certificate from the Certificate and Key Management Menu.
D.
The CA-signed Certificate from the Certificate and Key Management Menu.
Answers
Suggested answer: B

Question 19

Report
Export
Collapse

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

A.
Entity id
A.
Entity id
Answers
B.
Issuer
B.
Issuer
Answers
C.
Identity provider login URL
C.
Identity provider login URL
Answers
D.
SAML identity location
D.
SAML identity location
Answers
Suggested answer: A

Question 20

Report
Export
Collapse

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

A.
Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
A.
Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
Answers
B.
Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
B.
Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
Answers
C.
Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
C.
Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
Answers
D.
Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
D.
Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
Answers
Suggested answer: C
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms