ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?

Question 21

Report
Export
Collapse

Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location. Which two options should an architect recommend? Choose 2 answers

A.
Relax the ip restriction in the connect app settings for the salesforce1 mobile app
A.
Relax the ip restriction in the connect app settings for the salesforce1 mobile app
Answers
B.
Use login flow to bypass ip range restriction for the mobile app.
B.
Use login flow to bypass ip range restriction for the mobile app.
Answers
C.
Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
C.
Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
Answers
D.
Remove existing restrictions on ip ranges for all types of user access.
D.
Remove existing restrictions on ip ranges for all types of user access.
Answers
Suggested answer: A, B

Question 22

Report
Export
Collapse

Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

A.
Use the updateuser() method on the registration handler class.
A.
Use the updateuser() method on the registration handler class.
Answers
B.
Use SAML just-in-time provisioning between Facebook and Salesforce
B.
Use SAML just-in-time provisioning between Facebook and Salesforce
Answers
C.
Use information in the signed request that is received from Facebook.
C.
Use information in the signed request that is received from Facebook.
Answers
D.
Develop a schedule job that calls out to Facebook on a nightly basis.
D.
Develop a schedule job that calls out to Facebook on a nightly basis.
Answers
Suggested answer: A

Question 23

Report
Export
Collapse

Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce.

The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

A.
Oauth refresh token flow
A.
Oauth refresh token flow
Answers
B.
Oauth SAML bearer assertion flow
B.
Oauth SAML bearer assertion flow
Answers
C.
Oauthjwt bearer token flow
C.
Oauthjwt bearer token flow
Answers
D.
Oauth Username-password flow
D.
Oauth Username-password flow
Answers
Suggested answer: B, C

Question 24

Report
Export
Collapse

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

A.
As part of the body of a Salesforce Knowledge article.
A.
As part of the body of a Salesforce Knowledge article.
Answers
B.
In the mobile navigation menu on Salesforce for Android.
B.
In the mobile navigation menu on Salesforce for Android.
Answers
C.
The sidebar of a Salesforce Console as a console component.
C.
The sidebar of a Salesforce Console as a console component.
Answers
D.
Included in the Call Control Tool that's part of Open CTI.
D.
Included in the Call Control Tool that's part of Open CTI.
Answers
Suggested answer: A, C

Question 25

Report
Export
Collapse

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

A.
Use the same SAML Identity location as the first org.
A.
Use the same SAML Identity location as the first org.
Answers
B.
Use a different Entity ID than the first org.
B.
Use a different Entity ID than the first org.
Answers
C.
Use the same request bindings as the first org.
C.
Use the same request bindings as the first org.
Answers
D.
Use the Salesforce Username as the SAML Identity Type.
D.
Use the Salesforce Username as the SAML Identity Type.
Answers
Suggested answer: B

Question 26

Report
Export
Collapse

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

A.
Add each connected App to the App Launcher with a Start URL.
A.
Add each connected App to the App Launcher with a Start URL.
Answers
B.
Set up an Auth Provider for each External Application.
B.
Set up an Auth Provider for each External Application.
Answers
C.
Set up Salesforce as a SAML Idp with My Domain.
C.
Set up Salesforce as a SAML Idp with My Domain.
Answers
D.
Set up Identity Connect to Synchronize user data.
D.
Set up Identity Connect to Synchronize user data.
Answers
E.
Create a Connected App for each external application.
E.
Create a Connected App for each external application.
Answers
Suggested answer: A, C, E

Question 27

Report
Export
Collapse

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

A.
Ensure the Callback URL is correctly set in the Connected Apps settings.
A.
Ensure the Callback URL is correctly set in the Connected Apps settings.
Answers
B.
Use a browser that has an add-on/extension that can inspect SAML.
B.
Use a browser that has an add-on/extension that can inspect SAML.
Answers
C.
Paste the SAML Assertion Validator in Salesforce.
C.
Paste the SAML Assertion Validator in Salesforce.
Answers
D.
Use the browser's Development tools to view the Salesforce page's markup.
D.
Use the browser's Development tools to view the Salesforce page's markup.
Answers
Suggested answer: B, C

Question 28

Report
Export
Collapse

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

A.
Identity Connect will not support user provisioning in UC's current environment.
A.
Identity Connect will not support user provisioning in UC's current environment.
Answers
B.
Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
B.
Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
Answers
C.
Identity Connect will only support SP-initiated SAML flows in UC's current environment.
C.
Identity Connect will only support SP-initiated SAML flows in UC's current environment.
Answers
D.
Identity connect is not compatible with UC's current identity environment.
D.
Identity connect is not compatible with UC's current identity environment.
Answers
Suggested answer: A

Question 29

Report
Export
Collapse

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

A.
Authentication Token
A.
Authentication Token
Answers
B.
Session ID
B.
Session ID
Answers
C.
Refresh Token
C.
Refresh Token
Answers
D.
Access Token
D.
Access Token
Answers
Suggested answer: C, D

Question 30

Report
Export
Collapse

Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

A.
Financial System
A.
Financial System
Answers
B.
Pingfederate
B.
Pingfederate
Answers
C.
Salesforce Org 2
C.
Salesforce Org 2
Answers
D.
Salesforce Org 1
D.
Salesforce Org 1
Answers
Suggested answer: B, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms