ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 51

Report
Export
Collapse

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality?

Choose 2 answers

A.
Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
A.
Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
Answers
B.
Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
B.
Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
Answers
C.
Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
C.
Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
Answers
D.
Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
D.
Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
Answers
Suggested answer: A, B

Question 52

Report
Export
Collapse

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A.
Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
A.
Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
Answers
B.
Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
B.
Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
Answers
C.
Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
C.
Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
Answers
D.
Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
D.
Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
Answers
Suggested answer: D

Question 53

Report
Export
Collapse

Which two statements are capable of Identity Connect? Choose 2 answers

A.
Synchronization of Salesforce Permission Set Licence Assignments.
A.
Synchronization of Salesforce Permission Set Licence Assignments.
Answers
B.
Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
B.
Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
Answers
C.
Support multiple orgs connecting to multiple Active Directory servers.
C.
Support multiple orgs connecting to multiple Active Directory servers.
Answers
D.
Automated user synchronization and de-activation.
D.
Automated user synchronization and de-activation.
Answers
Suggested answer: B, D

Question 54

Report
Export
Collapse

Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

A.
Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
A.
Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
Answers
B.
Remove existing restrictions on IP ranges for all types of user access.
B.
Remove existing restrictions on IP ranges for all types of user access.
Answers
C.
Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
C.
Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
Answers
D.
Use Login Flow to bypass IP range restriction for the mobile app.
D.
Use Login Flow to bypass IP range restriction for the mobile app.
Answers
Suggested answer: A, C

Question 55

Report
Export
Collapse

Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

A.
Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
A.
Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
Answers
B.
Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
B.
Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
Answers
C.
Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
C.
Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
Answers
D.
Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
D.
Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
Answers
Suggested answer: B, D

Question 56

Report
Export
Collapse

Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

A.
Delegated Authentication is enabled or disabled for the entire Salesforce org.
A.
Delegated Authentication is enabled or disabled for the entire Salesforce org.
Answers
B.
UC will be required to develop and support a custom SOAP web service.
B.
UC will be required to develop and support a custom SOAP web service.
Answers
C.
Salesforce users will be locked out of Salesforce if the web service goes down.
C.
Salesforce users will be locked out of Salesforce if the web service goes down.
Answers
D.
The web service must reside on a public cloud service, such as Heroku.
D.
The web service must reside on a public cloud service, such as Heroku.
Answers
Suggested answer: B, C

Question 57

Report
Export
Collapse

Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

A.
Configure the Embedded Web Browser to use My Domain URL.
A.
Configure the Embedded Web Browser to use My Domain URL.
Answers
B.
Configure the Salesforce1 App to use the MY Domain URL.
B.
Configure the Salesforce1 App to use the MY Domain URL.
Answers
C.
Use the existing SAML-SSO flow along with User Agent Flow.
C.
Use the existing SAML-SSO flow along with User Agent Flow.
Answers
D.
Use the existing SAML SSO flow along with Web Server Flow.
D.
Use the existing SAML SSO flow along with Web Server Flow.
Answers
Suggested answer: B, C

Question 58

Report
Export
Collapse

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

A.
The Federation ID must be a valid Salesforce Username
A.
The Federation ID must be a valid Salesforce Username
Answers
B.
The Federation ID must is case sensitive
B.
The Federation ID must is case sensitive
Answers
C.
The Federation ID must be in the form of an email address.
C.
The Federation ID must be in the form of an email address.
Answers
D.
The Federation ID must be populated on the user record.
D.
The Federation ID must be populated on the user record.
Answers
Suggested answer: B, D

Question 59

Report
Export
Collapse

Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce.

The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

A.
OAuth Refresh Token FLow
A.
OAuth Refresh Token FLow
Answers
B.
OAuth Username-Password Flow
B.
OAuth Username-Password Flow
Answers
C.
OAuth SAML Bearer Assertion FLow
C.
OAuth SAML Bearer Assertion FLow
Answers
D.
OAuth JWT Bearer Token FLow
D.
OAuth JWT Bearer Token FLow
Answers
Suggested answer: C, D

Question 60

Report
Export
Collapse

Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

A.
Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
A.
Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
Answers
B.
Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
B.
Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
Answers
C.
Use a self-signed certificate for salesforce and a self-signed cert for the external system
C.
Use a self-signed certificate for salesforce and a self-signed cert for the external system
Answers
D.
Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
D.
Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
Answers
Suggested answer: C, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms