ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 8

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 71

Report
Export
Collapse

Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?

A.
Create a Canvas app and use Signed Requests to authenticate the users.
A.
Create a Canvas app and use Signed Requests to authenticate the users.
Answers
B.
Rewrite the web application as a set of Visualforce pages and Apex code.
B.
Rewrite the web application as a set of Visualforce pages and Apex code.
Answers
C.
Configure the web application as an item in the Salesforce App Launcher.
C.
Configure the web application as an item in the Salesforce App Launcher.
Answers
D.
Add the web application as a ConnectedApp using OAuth User-Agent flow.
D.
Add the web application as a ConnectedApp using OAuth User-Agent flow.
Answers
Suggested answer: A

Question 72

Report
Export
Collapse

Universal containers wants to implement SAML SSO for their internal salesforce users using a thirdparty IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?

A.
Neithersp - nor IDP - initiated SSO will work
A.
Neithersp - nor IDP - initiated SSO will work
Answers
B.
Either sp - or IDP - initiated SSO will work
B.
Either sp - or IDP - initiated SSO will work
Answers
C.
IDP - initiated SSO will not work
C.
IDP - initiated SSO will not work
Answers
D.
Sp-Initiated SSO will not work
D.
Sp-Initiated SSO will not work
Answers
Suggested answer: D

Question 73

Report
Export
Collapse

Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

A.
User-Agent Oauth flow
A.
User-Agent Oauth flow
Answers
B.
SAML assertion Oauth flow
B.
SAML assertion Oauth flow
Answers
C.
User-Token Oauth flow
C.
User-Token Oauth flow
Answers
D.
Web server Oauth flow
D.
Web server Oauth flow
Answers
Suggested answer: B

Question 74

Report
Export
Collapse

Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

A.
Use the salesforce REST API to sync users from active directory to salesforce
A.
Use the salesforce REST API to sync users from active directory to salesforce
Answers
B.
Use an app exchange product to sync users from Active Directory to salesforce.
B.
Use an app exchange product to sync users from Active Directory to salesforce.
Answers
C.
Use Active Directory Federation Services to sync users from active directory to salesforce.
C.
Use Active Directory Federation Services to sync users from active directory to salesforce.
Answers
D.
Use Identity connect to sync users from Active Directory to salesforce
D.
Use Identity connect to sync users from Active Directory to salesforce
Answers
Suggested answer: B, D

Question 75

Report
Export
Collapse

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up?

Choose 2 answers

A.
Google is the identity provider
A.
Google is the identity provider
Answers
B.
Salesforce is the identity provider
B.
Salesforce is the identity provider
Answers
C.
Google is the service provider
C.
Google is the service provider
Answers
D.
Salesforce is the service provider
D.
Salesforce is the service provider
Answers
Suggested answer: D

Question 76

Report
Export
Collapse

Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

A.
Include client ID and client secret in the login header callout.
A.
Include client ID and client secret in the login header callout.
Answers
B.
Set up a proxy server for the login service in the DMZ.
B.
Set up a proxy server for the login service in the DMZ.
Answers
C.
Require the use of Salesforce security Tokens on password.
C.
Require the use of Salesforce security Tokens on password.
Answers
D.
Enforce mutual Authentication between systems using SSL.
D.
Enforce mutual Authentication between systems using SSL.
Answers
Suggested answer: C

Question 77

Report
Export
Collapse

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

A.
The Oauth authorizations are being revoked by a nightly batch job.
A.
The Oauth authorizations are being revoked by a nightly batch job.
Answers
B.
The refresh token expiration policy is set incorrectly in salesforce
B.
The refresh token expiration policy is set incorrectly in salesforce
Answers
C.
The app is requesting too many access Tokens in a 24-hour period
C.
The app is requesting too many access Tokens in a 24-hour period
Answers
D.
The users forget to check the box to remember their credentials.
D.
The users forget to check the box to remember their credentials.
Answers
Suggested answer: B

Question 78

Report
Export
Collapse

Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider.

Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

A.
Use a professional social media such as LinkedIn as an Authentication provider
A.
Use a professional social media such as LinkedIn as an Authentication provider
Answers
B.
Build a custom web page that uses the identity store and calls frontdoor.jsp
B.
Build a custom web page that uses the identity store and calls frontdoor.jsp
Answers
C.
Build a custom Web service that is supported by Delegated Authentication.
C.
Build a custom Web service that is supported by Delegated Authentication.
Answers
D.
Implement the Openid protocol and configure an Authentication provider
D.
Implement the Openid protocol and configure an Authentication provider
Answers
Suggested answer: C, D

Question 79

Report
Export
Collapse

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory.

What is the role of Active Directory in this scenario?

A.
Identity store
A.
Identity store
Answers
B.
Authentication store
B.
Authentication store
Answers
C.
Identity provider
C.
Identity provider
Answers
D.
Service provider
D.
Service provider
Answers
Suggested answer: C

Question 80

Report
Export
Collapse

Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

A.
Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
A.
Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
Answers
B.
Build a custom visualforce page for both the change password and Forgot password experiences.
B.
Build a custom visualforce page for both the change password and Forgot password experiences.
Answers
C.
Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
C.
Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
Answers
D.
Build a community builder page for both the change password and Forgot password experiences.
D.
Build a community builder page for both the change password and Forgot password experiences.
Answers
Suggested answer: B, C
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms