ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 22

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 211

Report
Export
Collapse

The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.

The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.

Which two solutions should the IAM specialist recommend?

Choose 2 answers

A.
Use Experience Builder to build branded Reset and Forgot Password pages.
A.
Use Experience Builder to build branded Reset and Forgot Password pages.
Answers
B.
Build custom pages for branding requirements in Experience Cloud.
B.
Build custom pages for branding requirements in Experience Cloud.
Answers
C.
Build custom site pages for reset and forgot password features.
C.
Build custom site pages for reset and forgot password features.
Answers
D.
Login & Registration pages can be branded in the Community Administration settings.
D.
Login & Registration pages can be branded in the Community Administration settings.
Answers
Suggested answer: A, D

Question 212

Report
Export
Collapse

A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:

1) Customer purchases the device.

2) Customer registers the device using their mobile app.

3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.

Which OAuth flow should be used to meet these requirements?

A.
OAuth 2.0 Asset Token Flow
A.
OAuth 2.0 Asset Token Flow
Answers
B.
OAuth 2.0 Username-Password Flow
B.
OAuth 2.0 Username-Password Flow
Answers
C.
OAuth 2.0 User-Agent Flow
C.
OAuth 2.0 User-Agent Flow
Answers
D.
OAuth 2.0 SAML Bearer Assertion Flow
D.
OAuth 2.0 SAML Bearer Assertion Flow
Answers
Suggested answer: A

Question 213

Report
Export
Collapse

A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

Which two considerations should the architect keep in mind?

Choose 2 answers

A.
AMR field shows the authentication methods used at IdP.
A.
AMR field shows the authentication methods used at IdP.
Answers
B.
Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.
B.
Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.
Answers
C.
High-assurance sessions must be configured under Session Security Level Policies.
C.
High-assurance sessions must be configured under Session Security Level Policies.
Answers
D.
Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
D.
Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
Answers
Suggested answer: A, B

Question 214

Report
Export
Collapse

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A.
OpenID Connect
A.
OpenID Connect
Answers
B.
User Agent Flow
B.
User Agent Flow
Answers
C.
JWT Bearer Token Flow
C.
JWT Bearer Token Flow
Answers
D.
Web Server Flow
D.
Web Server Flow
Answers
Suggested answer: D

Question 215

Report
Export
Collapse

Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.

UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.

Which of the following license types should be used to meet the requirement?

A.
External Apps License
A.
External Apps License
Answers
B.
Partner Community License
B.
Partner Community License
Answers
C.
Partner Community Login License
C.
Partner Community Login License
Answers
D.
Customer Community plus Login License
D.
Customer Community plus Login License
Answers
Suggested answer: D

Question 216

Report
Export
Collapse

Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.

NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.

What should an Identity Architect do to provision, deprovision and authenticate users?

A.
Salesforce Identity is not needed since NTO uses Microsoft AD.
A.
Salesforce Identity is not needed since NTO uses Microsoft AD.
Answers
B.
Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
B.
Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
Answers
C.
Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
C.
Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
Answers
D.
A Salesforce Identity can be included but NTO will require Identity Connect.
D.
A Salesforce Identity can be included but NTO will require Identity Connect.
Answers
Suggested answer: D

Question 217

Report
Export
Collapse

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:

A.
Users should not have to login every time they use the app.
A.
Users should not have to login every time they use the app.
Answers
B.
The app should be able to make calls to the Salesforce REST API.
B.
The app should be able to make calls to the Salesforce REST API.
Answers
C.
End users should NOT see the OAuth approval page.How should the identity architect configure the Salesforce connected app to meet the requirements?
C.
End users should NOT see the OAuth approval page.How should the identity architect configure the Salesforce connected app to meet the requirements?
Answers
D.
Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".
D.
Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".
Answers
E.
Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
E.
Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
Answers
F.
Enable the Full Access Scope and then set the connected app access settings to "Admin Pre- Approved".
F.
Enable the Full Access Scope and then set the connected app access settings to "Admin Pre- Approved".
Answers
G.
Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
G.
Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
Answers
Suggested answer: A

Question 218

Report
Export
Collapse

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multifactor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

Which configuration will meet this requirement?

A.
Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
A.
Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
Answers
B.
Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.
B.
Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.
Answers
C.
Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
C.
Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
Answers
D.
For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
D.
For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
Answers
Suggested answer: C

Question 219

Report
Export
Collapse

Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.

Which OAuth flow should the identity architect recommend to meet the requirement?

A.
OAuth 2.0 Asset Token Flow for Securing Connected Devices
A.
OAuth 2.0 Asset Token Flow for Securing Connected Devices
Answers
B.
OAuth 2.0 Username-Password Flow for Special Scenarios
B.
OAuth 2.0 Username-Password Flow for Special Scenarios
Answers
C.
OAuth 2.0 Web Server Flow for Web App Integration
C.
OAuth 2.0 Web Server Flow for Web App Integration
Answers
D.
OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
D.
OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
Answers
Suggested answer: A

Question 220

Report
Export
Collapse

An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).

Mow can end users change their password?

A.
Users once logged In, can go to the Change Password screen in Salesforce.
A.
Users once logged In, can go to the Change Password screen in Salesforce.
Answers
B.
Users can click on the "Forgot your Password" link on the Salesforce.com login page.
B.
Users can click on the "Forgot your Password" link on the Salesforce.com login page.
Answers
C.
Users can request the Salesforce Admin to reset their password.
C.
Users can request the Salesforce Admin to reset their password.
Answers
D.
Users can change it on the enterprise LDAP authentication portal.
D.
Users can change it on the enterprise LDAP authentication portal.
Answers
Suggested answer: C
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms