ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 20

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 191

Report
Export
Collapse

How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

A.
Call SOAP API upsertQ on user object.
A.
Call SOAP API upsertQ on user object.
Answers
B.
Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
B.
Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
Answers
C.
Run registration handler on incoming OAuth responses.
C.
Run registration handler on incoming OAuth responses.
Answers
D.
Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
D.
Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
Answers
Suggested answer: C

Question 192

Report
Export
Collapse

Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.

Which Salesforce license is required to fulfill this requirement?

A.
External Identity
A.
External Identity
Answers
B.
Identity Verification
B.
Identity Verification
Answers
C.
Identity Connect
C.
Identity Connect
Answers
D.
Identity Only
D.
Identity Only
Answers
Suggested answer: D

Question 193

Report
Export
Collapse

Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.

How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

A.
Configure an authentication provider and a registration handler for each social sign-on provider.
A.
Configure an authentication provider and a registration handler for each social sign-on provider.
Answers
B.
Configure a single sign-on setting and a registration handler for each social sign-on provider.
B.
Configure a single sign-on setting and a registration handler for each social sign-on provider.
Answers
C.
Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
C.
Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
Answers
D.
Configure a single sign-on setting and a JIT handler for each social sign-on provider.
D.
Configure a single sign-on setting and a JIT handler for each social sign-on provider.
Answers
Suggested answer: A

Question 194

Report
Export
Collapse

Refer to the exhibit.

A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.

What should an Identity architect do to meet this requirement?

A.
Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
A.
Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
Answers
B.
Configure the company firewall to allow traffic from Salesforce IP ranges.
B.
Configure the company firewall to allow traffic from Salesforce IP ranges.
Answers
C.
Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
C.
Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
Answers
D.
Upload a third-party certificate from Salesforce into the on-premise server.
D.
Upload a third-party certificate from Salesforce into the on-premise server.
Answers
Suggested answer: B

Question 195

Report
Export
Collapse

A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:

A.
The development team has decided to use a Canvas app to expose the pricing application to agents.
A.
The development team has decided to use a Canvas app to expose the pricing application to agents.
Answers
B.
Agents should be able to access the Canvas app without needing to log in to the pricing application.Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?Choose 2 answers
B.
Agents should be able to access the Canvas app without needing to log in to the pricing application.Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?Choose 2 answers
Answers
C.
Select "Enable as a Canvas Personal App" in the connected app settings.
C.
Select "Enable as a Canvas Personal App" in the connected app settings.
Answers
D.
Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
D.
Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
Answers
E.
Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
E.
Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
Answers
F.
Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
F.
Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
Answers
Suggested answer: C, D

Question 196

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.

NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.

What should an Identity architect do to fulfill the requirement?

A.
Configure an authentication provider for Social Login using Google and a custom registration handler.
A.
Configure an authentication provider for Social Login using Google and a custom registration handler.
Answers
B.
Implement a Just-in-Time handler class that has logic to create cases upon first login.
B.
Implement a Just-in-Time handler class that has logic to create cases upon first login.
Answers
C.
Create an authentication provider for Social Login using Google and leverage standard registration handler.
C.
Create an authentication provider for Social Login using Google and leverage standard registration handler.
Answers
D.
Implement a login flow with a record create component for Case.
D.
Implement a login flow with a record create component for Case.
Answers
Suggested answer: D

Question 197

Report
Export
Collapse

Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

Which three steps should an identity architect take to implement social sign-on?

Choose 3 answers

A.
Register both Facebook and Linkedln as connected apps.
A.
Register both Facebook and Linkedln as connected apps.
Answers
B.
Create authentication providers for both Facebook and Linkedln.
B.
Create authentication providers for both Facebook and Linkedln.
Answers
C.
Check "Facebook" and "Linkedln" under Login Page Setup.
C.
Check "Facebook" and "Linkedln" under Login Page Setup.
Answers
D.
Enable "Federated Single Sign-On Using SAML".
D.
Enable "Federated Single Sign-On Using SAML".
Answers
E.
Update the default registration handlers to create and update users.
E.
Update the default registration handlers to create and update users.
Answers
Suggested answer: B, C, E

Question 198

Report
Export
Collapse

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

A.
Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.
A.
Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.
Answers
B.
Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.
B.
Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.
Answers
C.
Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.
C.
Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.
Answers
D.
Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.
D.
Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.
Answers
Suggested answer: C

Question 199

Report
Export
Collapse

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.

How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

A.
Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
A.
Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
Answers
B.
Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
B.
Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
Answers
C.
Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
C.
Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
Answers
D.
Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
D.
Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
Answers
Suggested answer: D

Question 200

Report
Export
Collapse

A consumer products company uses Salesforce to maintain consumer information, including orders.

The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.

Once enabled, what role will Salesforce play?

A.
Facebook and Linkedln will be the SPs.
A.
Facebook and Linkedln will be the SPs.
Answers
B.
Salesforce will be the service provider (SP).
B.
Salesforce will be the service provider (SP).
Answers
C.
Salesforce will be the identity provider (IdP).
C.
Salesforce will be the identity provider (IdP).
Answers
D.
Facebook and Linkedln will act as the IdPs and SPs.
D.
Facebook and Linkedln will act as the IdPs and SPs.
Answers
Suggested answer: B
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms