DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Latest Salesforce Identity and Access Management Architect Free Exam Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?
A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce
B. Use information in the Signed Request that is received from Facebook
C. Develop a scheduled job that calls out to Facebook on a nightly basis
D. Use the updateUser() method on the Registration Handler class
View answer
Correct Answer: D
Question #2
Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout. Mow can a guest register using data previously collected during order placement?
A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data
B. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data
C. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data
D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data
View answer
Correct Answer: D
Question #3
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.What are two are key benefits of Customer 360 Identity as it relates to Customer 360?Choose 2 answers
A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data
B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications
C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences
D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves
View answer
Correct Answer: BC
Question #4
Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?
A. Configure the main salesforce org as an Authentication provider
B. Configure the main salesforce org as the Identity provider
C. Configure the regional salesforce orgs as Identity Providers
D. Configure the main Salesforce org as a service provider
View answer
Correct Answer: B
Question #5
How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?
A. Apply the “Two-factor Authentication for User Interface Logins” permission and Login IP Ranges for all Profiles
B. Add the company's list of network IP addresses to the Login Range list under 2FA Setup
C. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed
D. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed
View answer
Correct Answer: C
Question #6
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
A. Disallow the use of Single Sign-on for any users of the mobile app
B. Require High Assurance sessions in order to use the Connected App
C. Set Login IP Ranges to the internal network for all of the app users Profiles
D. Use Google Authenticator as an additional part of the login process
View answer
Correct Answer: BD
Question #7
Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.What should be enabled in Salesforce as a prerequisite?
A. My Domain
B. External Identity
C. Identity Provider
D. Multi-Factor Authentication
View answer
Correct Answer: A
Question #8
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
A. Disallow the use of single Sign-on for any users of the mobile app
B. Require high assurance sessions in order to use the connected App
C. Use Google Authenticator as an additional part of the logical processes
D. Set login IP ranges to the internal network for all of the app users profiles
View answer
Correct Answer: BC
Question #9
An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?
A. Ensure the Callback URL is correctly set in the Connected Apps settings
B. Use a browser that has an add-on/extension that can inspect SAML
C. Paste the SAML Assertion Validator in Salesforce
D. Use the browser's Development tools to view the Salesforce page's markup
View answer
Correct Answer: BC
Question #10
Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?
A. Create a Canvas app and use Signed Requests to authenticate the users
B. Rewrite the web application as a set of Visualforce pages and Apex code
C. Configure the web application as an item in the Salesforce App Launcher
D. Add the web application as a ConnectedApp using OAuth User-Agent flow
View answer
Correct Answer: A
Question #11
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers
A. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app
B. Remove existing restrictions on IP ranges for all types of user access
C. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app
D. Use Login Flow to bypass IP range restriction for the mobile app
View answer
Correct Answer: AC
Question #12
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.Which two options should an identity architect recommend to meet the requirement?Choose 2 answers
A. Active Directory Password Sync Plugin
B. Configure Cloud Provider Load Balancer
C. Salesforce Trigger and Field on Contact Object
D. Salesforce Identity Connect
View answer
Correct Answer: AD
Question #13
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?
A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application
B. Use Delegated Authentication with callouts to a third-party fingerprint scanning application
C. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation
D. Use custom login flows with callouts to a third-party fingerprint scanning application
View answer
Correct Answer: D
Question #14
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers
A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps
B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there
C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there
D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps
View answer
Correct Answer: BD
Question #15
An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications. 2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).Which approach should an IAM architect im
A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users
B. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users
C. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users
D. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO
View answer
Correct Answer: A
Question #16
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.What is recommended to ensure these requirements are met ?
A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo
B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems
C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on
D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
View answer
Correct Answer: B
Question #17
Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?
A. Add the Employee portals IP address to the Trusted IP range for the connected App
B. Use a digital certificate signed by the employee portal Server
C. Add the employee portals IP address to the login IP range on the user profile
D. Use a dedicated profile for the user the Employee portal uses
View answer
Correct Answer: A
Question #18
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?
A. Neithersp - nor IDP - initiated SSO will work
B. Either sp - or IDP - initiated SSO will work
C. IDP - initiated SSO will not work
D. Sp-Initiated SSO will not work
View answer
Correct Answer: D
Question #19
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?
A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained
B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain
D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore
View answer
Correct Answer: C
Question #20
Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers
A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP
B. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp
C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp
D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp
View answer
Correct Answer: AC
Question #21
Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?
A. Service provider
B. Identity store
C. Identity provider
D. Authentication store
View answer
Correct Answer: C
Question #22
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers
A. Delegated Authentication is enabled or disabled for the entire Salesforce org
B. UC will be required to develop and support a custom SOAP web service
C. Salesforce users will be locked out of Salesforce if the web service goes down
D. The web service must reside on a public cloud service, such as Heroku
View answer
Correct Answer: BC
Question #23
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?
A. Login Forensics
B. Login Report
C. Login Inspector
D. Login History
View answer
Correct Answer: A
Question #24
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page.What is the likely cause of the issue?
A. The "Redirect to Identity Provider" option has been selected in the my domain configuration
B. The user has not configured the salesforce1 mobile app to use my domain for login
C. The "Redirect to identity provider" option has not been selected the SAML configuration
D. The user has not been granted the "Enable single Sign-on" permission
View answer
Correct Answer: B
Question #25
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?
A. The use of high assurance sections are required for the connected App
B. The users do not have the correct permission set assigned to them
C. The connected App setting "All users may self-authorize" is enabled
D. The salesforce administrators gave revoked the Oauth authorization
View answer
Correct Answer: B
Question #26
Universal Containers (UC) has decided to build a new, highly sensitive application on the Lightning platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/password to authenticate to this application. How can an Architect support fingerprints as a form of identification for Salesforce authentication?
A. Use Custom Login Flows with callouts to a third-party fingerprint scanning application
B. Use Salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application
C. Use Delegated Authentication with callouts to a third-party fingerprint scanning application
D. Use an AppExchange product that does fingerprint scanning with native Salesforce Identity Confirmation
View answer
Correct Answer: D
Question #27
Under which scenario Web Server flow will be used?
A. Used for web applications when server-side code needs to interact with APIS
B. Used for server-side components when page needs to be rendered
C. Used for mobile applications and testing legacy Integrations
D. Used for verifying Access protected resources
View answer
Correct Answer: A
Question #28
Northern Trail Outfitters want to allow its consumer to self-register on it business-to- consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.Which three steps need to be configured to enable self-registration using person accounts?Choose 3 answers
A. Enable access to person and business account record types under Public Access Settings
B. Contact Salesforce Support to enable business accounts
C. Under Login and Registration settings, ensure that the default account field is empty
D. Contact Salesforce Support to enable person accounts
E. Set organization-wide default sharing for Contact to Public Read Only
View answer
Correct Answer: ACD
Question #29
Customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?
A. My domain is configured and active within salesforce
B. The salesforce SSO settings are using http post
C. The identity provider is correctly preserving the Relay state
D. The users have the correct Federation ID within salesforce
View answer
Correct Answer: C
Question #30
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?
A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained
B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
C. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore
D. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain
View answer
Correct Answer: D

View The Updated Salesforce Exam Questions

SPOTO Provides 100% Real Salesforce Exam Questions for You to Pass Your Salesforce Exam!

Get Salesforce Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.