ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 231

Report
Export
Collapse

Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.

Mow can a guest register using data previously collected during order placement?

A.
Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.
A.
Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.
Answers
B.
Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.
B.
Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.
Answers
C.
Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.
C.
Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.
Answers
D.
Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
D.
Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
Answers
Suggested answer: D

Question 232

Report
Export
Collapse

Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.

Which two options should an identity architect recommend to meet the requirement?

Choose 2 answers

A.
Active Directory Password Sync Plugin
A.
Active Directory Password Sync Plugin
Answers
B.
Configure Cloud Provider Load Balancer
B.
Configure Cloud Provider Load Balancer
Answers
C.
Salesforce Trigger & Field on Contact Object
C.
Salesforce Trigger & Field on Contact Object
Answers
D.
Salesforce Identity Connect
D.
Salesforce Identity Connect
Answers
Suggested answer: A, D

Question 233

Report
Export
Collapse

A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:

A.
They plan to implement Partner communities to provide access to their partner network .
A.
They plan to implement Partner communities to provide access to their partner network .
Answers
B.
They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
B.
They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
Answers
C.
Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
C.
Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
Answers
D.
They would like to provide a single login for their partners.How should an Identity Architect solution this requirement with limited custom development?
D.
They would like to provide a single login for their partners.How should an Identity Architect solution this requirement with limited custom development?
Answers
E.
Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
E.
Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
Answers
F.
Consolidate Partner related information in a single org and provide access through Salesforce community.
F.
Consolidate Partner related information in a single org and provide access through Salesforce community.
Answers
G.
Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
G.
Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
Answers
H.
Register partners in one org and access information from other orgs using APIs.
H.
Register partners in one org and access information from other orgs using APIs.
Answers
Suggested answer: A

Question 234

Report
Export
Collapse

Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications.

Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.

Which two roles are being performed by Salesforce?

Choose 2 answers

A.
SAML Identity Provider
A.
SAML Identity Provider
Answers
B.
OAuth Client
B.
OAuth Client
Answers
C.
OAuth Resource Server
C.
OAuth Resource Server
Answers
D.
SAML Service Provider
D.
SAML Service Provider
Answers
Suggested answer: B, D

Question 235

Report
Export
Collapse

An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.

One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.

Which OAuth flow should be used to fulfill the requirement?

A.
JWT Bearer Flow
A.
JWT Bearer Flow
Answers
B.
Web Server Flow
B.
Web Server Flow
Answers
C.
User Agent Flow
C.
User Agent Flow
Answers
D.
Username-Password Flow
D.
Username-Password Flow
Answers
Suggested answer: A

Question 236

Report
Export
Collapse

Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.

NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.

Which three Salesforce permissions are available to map to AD permissions?

Choose 3 answers

A.
Public Groups
A.
Public Groups
Answers
B.
Field-Level Security
B.
Field-Level Security
Answers
C.
Roles
C.
Roles
Answers
D.
Sharing Rules
D.
Sharing Rules
Answers
E.
Profiles and Permission Sets
E.
Profiles and Permission Sets
Answers
Suggested answer: A, C, E

Question 237

Report
Export
Collapse

An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.

Which two reasons are the source of the issue?

Choose 2 answers

A.
StartURL for the connected app is not set in Connected App settings.
A.
StartURL for the connected app is not set in Connected App settings.
Answers
B.
OAuth scope does not include "openid*.
B.
OAuth scope does not include "openid*.
Answers
C.
Session Policy is set as 'High Assurance Session required' for this connected app.
C.
Session Policy is set as 'High Assurance Session required' for this connected app.
Answers
D.
The connected app is not set in the App menu as 'Visible in App Launcher".
D.
The connected app is not set in the App menu as 'Visible in App Launcher".
Answers
Suggested answer: A, C

Question 238

Report
Export
Collapse

Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

A.
Verification URL
A.
Verification URL
Answers
B.
Client Secret
B.
Client Secret
Answers
C.
Access Token
C.
Access Token
Answers
D.
Scopes
D.
Scopes
Answers
Suggested answer: B, C, D

Question 239

Report
Export
Collapse

An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite).

An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce.

Which solution is recommended to meet this requirement?

A.
Configure user Provisioning for Connected Apps.
A.
Configure user Provisioning for Connected Apps.
Answers
B.
Update the Security Assertion Markup Language Just-in-Time (SAML JIt; handler in Salesforce for user provisioning and de-provisioning.
B.
Update the Security Assertion Markup Language Just-in-Time (SAML JIt; handler in Salesforce for user provisioning and de-provisioning.
Answers
C.
Build a custom REST endpoint in Salesforce that Google Workspace can poll against.
C.
Build a custom REST endpoint in Salesforce that Google Workspace can poll against.
Answers
D.
Build an Apex trigger on the useriogin object to make asynchronous callouts to Google APIs.
D.
Build an Apex trigger on the useriogin object to make asynchronous callouts to Google APIs.
Answers
Suggested answer: A

Question 240

Report
Export
Collapse

A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.

Which Salesforce feature should be used to debug the issue?

A.
Apex Exception Email
A.
Apex Exception Email
Answers
B.
View Setup Audit Trail
B.
View Setup Audit Trail
Answers
C.
Debug Logs
C.
Debug Logs
Answers
D.
Login History
D.
Login History
Answers
Suggested answer: D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms