ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 23

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 221

Report
Export
Collapse

Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.

Which two recommendations should an identity architect make to fulfill this requirement?

Choose 2 answers

A.
Add customers as contacts and add them to Experience Cloud site.
A.
Add customers as contacts and add them to Experience Cloud site.
Answers
B.
Enable Welcome emails while configuring the Experience Cloud site.
B.
Enable Welcome emails while configuring the Experience Cloud site.
Answers
C.
Allow Password reset using the API to update Experience Cloud site membership.
C.
Allow Password reset using the API to update Experience Cloud site membership.
Answers
D.
Use Login Flows to allow users to reset password in Experience Cloud site.
D.
Use Login Flows to allow users to reset password in Experience Cloud site.
Answers
Suggested answer: C, D

Question 222

Report
Export
Collapse

Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third-party employee portal only supports OAuth.

What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

A.
Configure SSO to use the third party portal as an identity provider.
A.
Configure SSO to use the third party portal as an identity provider.
Answers
B.
Create a custom external authentication provider.
B.
Create a custom external authentication provider.
Answers
C.
Add the third-party portal as a connected app.
C.
Add the third-party portal as a connected app.
Answers
D.
Configure Salesforce for Delegated Authentication.
D.
Configure Salesforce for Delegated Authentication.
Answers
Suggested answer: A

Question 223

Report
Export
Collapse

Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.

Which two page types are valid login page types for the site?

Choose 2 answers

A.
Experience Builder Page
A.
Experience Builder Page
Answers
B.
lightning Experience Page
B.
lightning Experience Page
Answers
C.
Login Discovery Page
C.
Login Discovery Page
Answers
D.
Embedded Login Page
D.
Embedded Login Page
Answers
Suggested answer: C, D

Question 224

Report
Export
Collapse

A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.

The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).

Which two recommendations should the Salesforce IAM architect make to the IT Lead?

Choose 2 answers

A.
Use declarative registration handler process builder/flow to create, update users and contacts.
A.
Use declarative registration handler process builder/flow to create, update users and contacts.
Answers
B.
Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
B.
Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
Answers
C.
For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
C.
For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
Answers
D.
Apex coding skills are needed for registration handler to create and update users.
D.
Apex coding skills are needed for registration handler to create and update users.
Answers
Suggested answer: B, D

Question 225

Report
Export
Collapse

A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A.
OAuth Web-Server Flow
A.
OAuth Web-Server Flow
Answers
B.
Identity Connect
B.
Identity Connect
Answers
C.
Delegated Authentication
C.
Delegated Authentication
Answers
D.
Just-in-Time Provisioning
D.
Just-in-Time Provisioning
Answers
Suggested answer: C

Question 226

Report
Export
Collapse

Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.

Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

A.
Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.
A.
Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.
Answers
B.
Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.
B.
Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.
Answers
C.
Use a login flow to query custom SAML attributes and set permission sets.
C.
Use a login flow to query custom SAML attributes and set permission sets.
Answers
D.
Use a login flow to query standard SAML attributes and set permission sets.
D.
Use a login flow to query standard SAML attributes and set permission sets.
Answers
Suggested answer: B

Question 227

Report
Export
Collapse

A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.

Which two features should be utilized to provide users with login and identity services for the thirdparty application?

Choose 2 answers

A.
Use the App Launcher with single sign-on (SSO).
A.
Use the App Launcher with single sign-on (SSO).
Answers
B.
External a Data source with Named Principal identity type.
B.
External a Data source with Named Principal identity type.
Answers
C.
Use a connected app.
C.
Use a connected app.
Answers
D.
Use Delegated Authentication.
D.
Use Delegated Authentication.
Answers
Suggested answer: A, C

Question 228

Report
Export
Collapse

A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.

How should an identity architect meet the above requirements with the privately distributed mobile app?

A.
Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
A.
Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
Answers
B.
Configure Mobile App settings in connected app and Salesforce as identity provider for non- Salesforce internal apps.
B.
Configure Mobile App settings in connected app and Salesforce as identity provider for non- Salesforce internal apps.
Answers
C.
Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
C.
Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
Answers
D.
Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
D.
Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
Answers
Suggested answer: B

Question 229

Report
Export
Collapse

Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

The chief security officer is rolling out an org wide compliance policy to enforce re-venfication of devices if an employee has not logged in from that device in the last week.

Which connected app setting should be leveraged to comply with this policy change?

A.
Scope - Deny refresh_token scope for this connected app.
A.
Scope - Deny refresh_token scope for this connected app.
Answers
B.
Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
B.
Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
Answers
C.
Session Policy - Set timeout value of the connected app to 7 days.
C.
Session Policy - Set timeout value of the connected app to 7 days.
Answers
D.
Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.
D.
Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.
Answers
Suggested answer: B

Question 230

Report
Export
Collapse

Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users.

How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?

A.
Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.
A.
Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.
Answers
B.
Use a login flow to query the helpdesk to validate user status.
B.
Use a login flow to query the helpdesk to validate user status.
Answers
C.
Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.
C.
Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.
Answers
D.
Use Salesforce Connect to integrate with the helpdesk application.
D.
Use Salesforce Connect to integrate with the helpdesk application.
Answers
Suggested answer: B
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms