ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 241

Report
Export
Collapse

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

A.
Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
A.
Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
Answers
B.
Configure an authentication provider to delegate authentication to the LDAP directory.
B.
Configure an authentication provider to delegate authentication to the LDAP directory.
Answers
C.
use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
C.
use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
Answers
D.
Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.
D.
Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.
Answers
Suggested answer: B

Question 242

Report
Export
Collapse

When designing a multi-branded Customer Identity and Access Management solution on the Salesforce Platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?

A.
The Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.
A.
The Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.
Answers
B.
Provide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.
B.
Provide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.
Answers
C.
Add a custom parameter to the service provider's OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.
C.
Add a custom parameter to the service provider's OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.
Answers
D.
The Audience ID, which can be set in a shared cookie.
D.
The Audience ID, which can be set in a shared cookie.
Answers
Suggested answer: A

Question 243

Report
Export
Collapse

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

A.
Review the User record and evaluate the login and transaction history.
A.
Review the User record and evaluate the login and transaction history.
Answers
B.
Download the Setup Audit Trail and review all recent activities performed by the user.
B.
Download the Setup Audit Trail and review all recent activities performed by the user.
Answers
C.
Download the Identity Provider Event Log and evaluate the details of activities performed by the user.
C.
Download the Identity Provider Event Log and evaluate the details of activities performed by the user.
Answers
D.
Download the Login History and evaluate the details of logins performed by the user.
D.
Download the Login History and evaluate the details of logins performed by the user.
Answers
Suggested answer: D

Question 244

Report
Export
Collapse

Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.

After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.

Which three steps should an identity architect follow to implement the outlined requirements?

Choose 3 answers

A.
Enable "Allow customers and partners to self-register".
A.
Enable "Allow customers and partners to self-register".
Answers
B.
Select the "Configurable Self-Reg Page" option under Login & Registration.
B.
Select the "Configurable Self-Reg Page" option under Login & Registration.
Answers
C.
Set jp an external login page and call Salesforce APIs for user creation.
C.
Set jp an external login page and call Salesforce APIs for user creation.
Answers
D.
Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
D.
Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
Answers
E.
Customize me self-registration Apex handler to create only the user record.
E.
Customize me self-registration Apex handler to create only the user record.
Answers
Suggested answer: A, B, E

Question 245

Report
Export
Collapse

A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.

Which feature should an identity architect recommend to meet the requirements?

A.
Integrate with social websites (Facebook, Linkedin. Twitter)
A.
Integrate with social websites (Facebook, Linkedin. Twitter)
Answers
B.
Use an external Identity Provider
B.
Use an external Identity Provider
Answers
C.
Create a custom Lightning Web Component
C.
Create a custom Lightning Web Component
Answers
D.
Use Login Discovery
D.
Use Login Discovery
Answers
Suggested answer: D

Question 246

Report
Export
Collapse

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.

What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

A.
Ensure that there is an HTTPS connection between IDP and SP.
A.
Ensure that there is an HTTPS connection between IDP and SP.
Answers
B.
Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.
B.
Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.
Answers
C.
Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
C.
Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
Answers
D.
Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.
D.
Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.
Answers
Suggested answer: D

Question 247

Report
Export
Collapse

Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

A.
OAuth 2.0 SAML Bearer Assertion Flow
A.
OAuth 2.0 SAML Bearer Assertion Flow
Answers
B.
A SAML Assertion Row
B.
A SAML Assertion Row
Answers
C.
OAuth 2.0 User-Agent Flow
C.
OAuth 2.0 User-Agent Flow
Answers
D.
OAuth 2.0 JWT Bearer Flow
D.
OAuth 2.0 JWT Bearer Flow
Answers
Suggested answer: B

Explanation:


Question 248

Report
Export
Collapse

Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?

A.
Use a Login Flow to query SAML attributes and set permission sets.
A.
Use a Login Flow to query SAML attributes and set permission sets.
Answers
B.
Use a Login Flow with invocable Apex to callout to the security application and set permission sets.
B.
Use a Login Flow with invocable Apex to callout to the security application and set permission sets.
Answers
C.
Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.
C.
Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.
Answers
D.
Use the Apex JIT handler to callout to the security application and set permission sets
D.
Use the Apex JIT handler to callout to the security application and set permission sets
Answers
Suggested answer: B
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms