• Home
  • Articles
  • Identity-and-Access-Management-Architect Questions Prepare with Learning Information! 2023 Regularly updated [Q10-Q32]

Identity-and-Access-Management-Architect Questions Prepare with Learning Information! 2023 Regularly updated [Q10-Q32]

Share

Identity-and-Access-Management-Architect Questions Prepare with Learning Information! 2023 Regularly updated

Get Identity-and-Access-Management-Architect Products Practice Material for Identity-and-Access-Management-Architect Exam Question Preparation


Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

TopicDetails
Topic 1
  • Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios
  • Recommend the appropriate method for provisioning users in Salesforce
Topic 2
  • Describe common authentication patterns and understand the differences between each one
  • Given a scenario, identify the configuration settings for a Connected app
Topic 3
  • Describe the various implementation concepts of OAuth
  • Describe the building blocks that are part of an identity solution
Topic 4
  • Given a scenario, describe what tools you can apply to audit and verify the activity
  • user during and after login
  • Describe how trust is established between two systems
Topic 5
  • Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution
  • Given a use case, describe when Salesforce is used as a Service Provider

 

NEW QUESTION 10
Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC1
Choose 2 answers

  • A. Configure Registration for Communities to use a custom Apex Controller.
  • B. Modify the CommunitiesSelfRegController to assign the Profile and Account.
  • C. Configure Registration for Communities to use a custom Visualforce Page.
  • D. Modify the SelfRegistration trigger to assign Profile and Account.

Answer: B,C

 

NEW QUESTION 11
Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

  • A. SAML Bearer Assertion flow
  • B. Web Service flow
  • C. Refresh Token flow
  • D. JWT Bearer Token flow

Answer: A,D

 

NEW QUESTION 12
Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

  • A. Service provider
  • B. Authentication store
  • C. Identity provider
  • D. Identity store

Answer: C

 

NEW QUESTION 13
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. User Agent Flow
  • B. Web Server Flow
  • C. OpenID Connect
  • D. JWT Bearer Token Flow

Answer: B

 

NEW QUESTION 14
Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?

  • A. OAuth 2.0 Asset Token Flow for Securing Connected Devices
  • B. OAuth 2.0 Username-Password Flow for Special Scenarios
  • C. OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
  • D. OAuth 2.0 Web Server Flow for Web App Integration

Answer: A

 

NEW QUESTION 15
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

  • A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
  • B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
  • C. Allow partners to register through the IdP and create partner users in Salesforce through an API.
  • D. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.

Answer: B

 

NEW QUESTION 16
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to use a biometric reader as well as their password
  • B. Require users to supply their email and phone number, which gets validated.
  • C. Require users to enter a second password after the first Authentication
  • D. Require users to provide their RSA token along with their credentials.

Answer: A,D

 

NEW QUESTION 17
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

  • A. Configure SAML SSO settings.
  • B. Set up My Domain.
  • C. Configure Delegated Authentication.
  • D. Create a Connected App.

Answer: A,B

 

NEW QUESTION 18
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number.
The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?

  • A. Use an external Identity Provider
  • B. Integrate with social websites (Facebook, Linkedin. Twitter)
  • C. Use Login Discovery
  • D. Create a custom Lightning Web Component

Answer: C

 

NEW QUESTION 19
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents.
An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

  • A. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
  • B. Select "Enable as a Canvas Personal App" in the connected app settings.
  • C. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
  • D. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

Answer: C,D

 

NEW QUESTION 20
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: C

 

NEW QUESTION 21
The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.
The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.
Which two solutions should the IAM specialist recommend?
Choose 2 answers

  • A. Build custom site pages for reset and forgot password features.
  • B. Login & Registration pages can be branded in the Community Administration settings.
  • C. Build custom pages for branding requirements in Experience Cloud.
  • D. Use Experience Builder to build branded Reset and Forgot Password pages.

Answer: B,D

 

NEW QUESTION 22
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

  • A. Create a contactless user.
  • B. Create only a contact.
  • C. Create a user and a related contact.
  • D. Create a person account.

Answer: C

 

NEW QUESTION 23
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • B. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • C. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • D. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.

Answer: B,C

 

NEW QUESTION 24
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • A. The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • B. The Identity Provider is also used to SSO into five other applications.
  • C. The default language for the Identity Provider and Salesforce are Different.
  • D. The Issuer Certificate from the Identity Provider expired two weeks ago.

Answer: A,D

 

NEW QUESTION 25
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

  • A. Require High Assurance sessions in order to use the Connected App.
  • B. Set Login IP Ranges to the internal network for all of the app users Profiles.
  • C. Use Google Authenticator as an additional part of the login process
  • D. Disallow the use of Single Sign-on for any users of the mobile app.

Answer: A,C

 

NEW QUESTION 26
A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?

  • A. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
  • B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.
  • C. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
  • D. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.

Answer: B

 

NEW QUESTION 27
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

  • A. The user has not configured the salesforce1 mobile app to use my domain for login
  • B. The "Redirect to identity provider" option has not been selected the SAML configuration.
  • C. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
  • D. The user has not been granted the "Enable single Sign-on" permission

Answer: A

 

NEW QUESTION 28
Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth
2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers

  • A. Access Token
  • B. Verification URL
  • C. Scopes
  • D. Client Secret

Answer: A,C,D

 

NEW QUESTION 29
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • C. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Answer: C

 

NEW QUESTION 30
A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 Device Authentication Row
  • B. OAuth 2.0 JWT Bearer Token Flow
  • C. OAuth 2.0 SAML Bearer Assertion Flow
  • D. OAuth 2.0 Asset Token Flow

Answer: D

 

NEW QUESTION 31
Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

  • A. Identity Connect
  • B. Delegated Authentication
  • C. Connected Apps
  • D. Embedded Login

Answer: B,D

 

NEW QUESTION 32
......

Most Reliable Salesforce Identity-and-Access-Management-Architect Training Materials: https://www.vce4plus.com/Salesforce/Identity-and-Access-Management-Architect-valid-vce-dumps.html

The Realest Study Materials Identity-and-Access-Management-Architect Dumps: https://drive.google.com/open?id=1ZC8CA_xtW7uOAWOCIL3Z10Ru8zZsb90Y

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam