ExamGecko
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 21

Question list
Search
Search

List of questions

Search

Related questions











A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?

A.
OIDC is more secure than SAML and therefore is the obvious choice.
A.
OIDC is more secure than SAML and therefore is the obvious choice.
Answers
B.
The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
B.
The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
Answers
C.
If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.
C.
If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.
Answers
D.
They are equivalent protocols and there is no real reason to choose one over the other.
D.
They are equivalent protocols and there is no real reason to choose one over the other.
Answers
Suggested answer: B

Northern Trail Outfitters (NTO) is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page.

The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.

Which approach should the identity architect recommend?

A.
Create a full sandbox to replicate the portal site and update the branding accordingly.
A.
Create a full sandbox to replicate the portal site and update the branding accordingly.
Answers
B.
Implement Experience ID in the code and extend the URLs and endpomts, as required.
B.
Implement Experience ID in the code and extend the URLs and endpomts, as required.
Answers
C.
Use Heroku to build the new brand site and embedded login to reuse identities.
C.
Use Heroku to build the new brand site and embedded login to reuse identities.
Answers
D.
Configure an additional community site on the same org that is dedicated for the new brand.
D.
Configure an additional community site on the same org that is dedicated for the new brand.
Answers
Suggested answer: B

Refer to the exhibit.

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

A.
A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
A.
A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
Answers
B.
Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
B.
Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
Answers
C.
Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
C.
Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
Answers
D.
Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
D.
Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
Answers
Suggested answer: A

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A.
Login Inspector
A.
Login Inspector
Answers
B.
Login History
B.
Login History
Answers
C.
Login Report
C.
Login Report
Answers
D.
Login Forensics
D.
Login Forensics
Answers
Suggested answer: D

Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.

Which three steps need to be configured to enable self-registration using person accounts?

Choose 3 answers

A.
Enable access to person and business account record types under Public Access Settings.
A.
Enable access to person and business account record types under Public Access Settings.
Answers
B.
Contact Salesforce Support to enable business accounts.
B.
Contact Salesforce Support to enable business accounts.
Answers
C.
Under Login and Registration settings, ensure that the default account field is empty.
C.
Under Login and Registration settings, ensure that the default account field is empty.
Answers
D.
Contact Salesforce Support to enable person accounts.
D.
Contact Salesforce Support to enable person accounts.
Answers
E.
Set organization-wide default sharing for Contact to Public Read Only.
E.
Set organization-wide default sharing for Contact to Public Read Only.
Answers
Suggested answer: A, C, D

Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.

Which two mechanisms are used to provision agents with the appropriate permissions?

Choose 2 answers

A.
Use Login Flow in User Context to update role and permission sets.
A.
Use Login Flow in User Context to update role and permission sets.
Answers
B.
Use Login Flow in System Context to update role and permission sets.
B.
Use Login Flow in System Context to update role and permission sets.
Answers
C.
Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.
C.
Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.
Answers
D.
Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
D.
Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
Answers
Suggested answer: B, D

Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.

Which approach will meet this requirement?

A.
Create tasks for users who need to update their data or accept the new community rules.
A.
Create tasks for users who need to update their data or accept the new community rules.
Answers
B.
Create a custom landing page and email campaign asking all community members to login and verify their data.
B.
Create a custom landing page and email campaign asking all community members to login and verify their data.
Answers
C.
Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
C.
Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
Answers
D.
Add a banner to the community Home page asking users to update their profile and accept the new community rules.
D.
Add a banner to the community Home page asking users to update their profile and accept the new community rules.
Answers
Suggested answer: C

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

A.
Identity Verification
A.
Identity Verification
Answers
B.
Identity Connect
B.
Identity Connect
Answers
C.
Identity Only
C.
Identity Only
Answers
D.
External Identity
D.
External Identity
Answers
Suggested answer: C

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password.

They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

A.
Set Permitted Users to "Admin approved users are pre-authorized".
A.
Set Permitted Users to "Admin approved users are pre-authorized".
Answers
B.
Set Permitted Users to "All users may self-authorize".
B.
Set Permitted Users to "All users may self-authorize".
Answers
C.
Set the Session Timeout value to 3 months.
C.
Set the Session Timeout value to 3 months.
Answers
D.
Set the Refresh Token Policy to expire refresh token after 3 months.
D.
Set the Refresh Token Policy to expire refresh token after 3 months.
Answers
Suggested answer: B, D

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.

Which Salesforce license should UC utilize to implement this use case?

A.
Identity Only
A.
Identity Only
Answers
B.
Salesforce Platform
B.
Salesforce Platform
Answers
C.
External Identity
C.
External Identity
Answers
D.
Partner Community
D.
Partner Community
Answers
Suggested answer: C
Total 248 questions
Go to page: of 25