ExamGecko
Search Search Login
Home Home / Salesforce / Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?
An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated. Which action will accomplish this?
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

Question 81

Report
Export
Collapse

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

A.
Configure the main salesforce org as an Authentication provider.
A.
Configure the main salesforce org as an Authentication provider.
Answers
B.
Configure the main salesforce org as the Identity provider.
B.
Configure the main salesforce org as the Identity provider.
Answers
C.
Configure the regional salesforce orgs as Identity Providers.
C.
Configure the regional salesforce orgs as Identity Providers.
Answers
D.
Configure the main Salesforce org as a service provider.
D.
Configure the main Salesforce org as a service provider.
Answers
Suggested answer: B

Question 82

Report
Export
Collapse

Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

A.
Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
A.
Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
Answers
B.
Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
B.
Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Answers
C.
Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
C.
Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
Answers
D.
Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
D.
Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
Answers
Suggested answer: B, D

Question 83

Report
Export
Collapse

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

A.
Trust relationships between Identity Provider and Service Provider are required.
A.
Trust relationships between Identity Provider and Service Provider are required.
Answers
B.
SAML tokens can be in XML or JSON format and can be used interchangeably.
B.
SAML tokens can be in XML or JSON format and can be used interchangeably.
Answers
C.
Web applications with no passwords are more secure and stronger against attacks.
C.
Web applications with no passwords are more secure and stronger against attacks.
Answers
D.
Access tokens are used to access resources on the server once the user is authenticated.
D.
Access tokens are used to access resources on the server once the user is authenticated.
Answers
E.
Centralized federation provides single point of access, control and auditing.
E.
Centralized federation provides single point of access, control and auditing.
Answers
Suggested answer: A, D, E

Question 84

Report
Export
Collapse

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

A.
Customer Community license
A.
Customer Community license
Answers
B.
Identity license
B.
Identity license
Answers
C.
Customer Community Plus license
C.
Customer Community Plus license
Answers
D.
External Identity license
D.
External Identity license
Answers
Suggested answer: B

Question 85

Report
Export
Collapse

Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

A.
Service Provider, because Salesforce is the application for managing ideas.
A.
Service Provider, because Salesforce is the application for managing ideas.
Answers
B.
Connected App, because Salesforce is connected with Employee portal via API.
B.
Connected App, because Salesforce is connected with Employee portal via API.
Answers
C.
Identity Provider, because the API calls are authenticated by Salesforce.
C.
Identity Provider, because the API calls are authenticated by Salesforce.
Answers
D.
An independent system, because Salesforce is not part of the SSO setup.
D.
An independent system, because Salesforce is not part of the SSO setup.
Answers
Suggested answer: D

Question 86

Report
Export
Collapse

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC’s middleware authenticate to Salesforce while adhering to this requirement?

A.
Create a Connected App that supports the JWT Bearer Token OAuth Flow.
A.
Create a Connected App that supports the JWT Bearer Token OAuth Flow.
Answers
B.
Create a Connected App that supports the Refresh Token OAuth Flow
B.
Create a Connected App that supports the Refresh Token OAuth Flow
Answers
C.
Create a Connected App that supports the Web Server OAuth Flow.
C.
Create a Connected App that supports the Web Server OAuth Flow.
Answers
D.
Create a Connected App that supports the User-Agent OAuth Flow.
D.
Create a Connected App that supports the User-Agent OAuth Flow.
Answers
Suggested answer: A

Question 87

Report
Export
Collapse

In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

A.
Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained.
A.
Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained.
Answers
B.
Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
B.
Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
Answers
C.
Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
C.
Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
Answers
D.
Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
D.
Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
Answers
Suggested answer: C

Question 88

Report
Export
Collapse

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

A.
Require users to provide their RSA token along with their credentials.
A.
Require users to provide their RSA token along with their credentials.
Answers
B.
Require users to supply their email and phone number, which gets validated.
B.
Require users to supply their email and phone number, which gets validated.
Answers
C.
Require users to enter a second password after the first Authentication
C.
Require users to enter a second password after the first Authentication
Answers
D.
Require users to use a biometric reader as well as their password
D.
Require users to use a biometric reader as well as their password
Answers
Suggested answer: A, D

Question 89

Report
Export
Collapse

Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

A.
Use on-the-fly provisioning
A.
Use on-the-fly provisioning
Answers
B.
Use just-in-time provisioning
B.
Use just-in-time provisioning
Answers
C.
Use salesforce APIs to create users on the fly
C.
Use salesforce APIs to create users on the fly
Answers
D.
Use Identity connect to sync users
D.
Use Identity connect to sync users
Answers
Suggested answer: B

Question 90

Report
Export
Collapse

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again.

UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

A.
Configure SAML SSO settings.
A.
Configure SAML SSO settings.
Answers
B.
Configure Delegated Authentication
B.
Configure Delegated Authentication
Answers
C.
Create a connected App
C.
Create a connected App
Answers
D.
Set up my domain
D.
Set up my domain
Answers
Suggested answer: A, D
Total 248 questions
Go to page: of 25
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms