DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Salesforce Identity and Access Management Architect Exam Questions and Answers, | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to- consumer (B2C) application using Salesforce Identity.Which Salesforce license should UC utilize to implement this use case?
A. Identity Only
B. Salesforce Platform
C. External Identity
D. Partner Community
View answer
Correct Answer: C
Question #2
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers
A. The Identity Provider can authenticate multiple applications
B. The Identity Provider can authenticate multiple social media accounts
C. The Identity provider can store credentials for multiple applications
D. The Identity Provider can centralize enterprise password policy
View answer
Correct Answer: AD
Question #3
An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?
A. Ensure that there is an HTTPS connection between IDP and SP
B. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self- signed certificate
C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP
D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP
View answer
Correct Answer: D
Question #4
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?
A. Associate user profiles with the connected Apps
B. Complete my domain and Identity provider setup
C. Create connected apps for the external applications
D. Complete single Sign-on settings in security controls
E. Create named credentials for each external system
View answer
Correct Answer: ABC
Question #5
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real- time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
A. The Self-signed Certificates from the Certificate and Key Management menu
B. The default client Certificate from the Develop--> API menu
C. The default client Certificate or the Certificate and Key Management menu
D. The CA-signed Certificate from the Certificate and Key Management Menu
View answer
Correct Answer: B
Question #6
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.Which solution should the architect recommend to support scalability and reduce main
A. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience
B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows
C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand
D. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience
View answer
Correct Answer: A
Question #7
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.Which two licenses are needed to meet this requirement?Choose 2 answers
A. External Identity Licenses
B. Identity Connect Licenses
C. Email Verification Credits
D. SMS verification Credits
View answer
Correct Answer: AD
Question #8
Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers
A. The Federation ID must be a valid Salesforce Username
B. The Federation ID must is case sensitive
C. The Federation ID must be in the form of an email address
D. The Federation ID must be populated on the user record
View answer
Correct Answer: BD
Question #9
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?
A. User-Agent Oauth flow
B. SAML assertion Oauth flow
C. User-Token Oauth flow
D. Web server Oauth flow
View answer
Correct Answer: B
Question #10
Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers
A. Enable the "Refresh Tokens is valid until revoked " setting in the Connected App
B. Enable the "Enforce Ip restrictions" settings in the connected App
C. Enable the "All users may self-authorize" setting in the Connected App
D. Enable the "High Assurance session required" setting in the Connected App
View answer
Correct Answer: AC
Question #11
A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.Which OAuth flow should the architect recommend?
A. OAuth 2
B. OAuth 2
C. OAuth 2
D. OAuth 2
View answer
Correct Answer: A
Question #12
Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?
A. Use the same SAML Identity location as the first org
B. Use a different Entity ID than the first org
C. Use the same request bindings as the first org
D. Use the Salesforce Username as the SAML Identity Type
View answer
Correct Answer: B
Question #13
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?
A. Use the updateUser method on the registration Handler Class
B. Develop a scheduled job that calls out to Facebook on a nightly basis
C. Use information in the signed Request that is received from facebook
D. Use SAML Just-In-Time Provisioning between Facebook and Salesforce
View answer
Correct Answer: A
Question #14
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?
A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce
B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce
C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce
D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce
View answer
Correct Answer: D
Question #15
Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML- BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose
A. Configure SAML SSO settings
B. Configure Delegated Authentication
C. Create a connected App
D. Set up my domain
View answer
Correct Answer: AD
Question #16
What are three capabilities of Delegated Authentication? Choose 3 answers
A. It can be assigned by Custom Permissions
B. It can connect to SOAP services
C. It can be assigned by Permission Sets
D. It can be assigned by Profiles
E. It can connect to REST services
View answer
Correct Answer: BCE
Question #17
A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?
A. OIDC is more secure than SAML and therefore is the obvious choice
B. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider
C. If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP
D. They are equivalent protocols and there is no real reason to choose one over the other
View answer
Correct Answer: B
Question #18
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers
A. Public Group Assignment
B. Granting report folder access
C. Role Assignment
D. Custom permission assignment
E. Permission sets assignment
View answer
Correct Answer: ACE
Question #19
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?
A. Require the use of Salesforce security tokens on passwords
B. Enforce mutual authentication between systems using SSL
C. Include Client Id and Client Secret in the login header callout
D. Set up a proxy service for the login service in the DMZ
View answer
Correct Answer: A
Question #20
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org. What should be done to enable the retrieval of the access token status for the OpenID Connect connection?
A. Query using OpenID Connect discovery endpoint
B. A Leverage OpenID Connect Token Introspection
C. Create a custom OAuth scope
D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint
View answer
Correct Answer: B
Question #21
An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs. Which Salesforce OAuth authorization flow should be used?
A. OAuth 2-0 SAML Bearer Assertion Flow
B. OAuth 2
C. SAML Assertion Flow
D. OAuth 2
View answer
Correct Answer: C
Question #22
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts.How can the Architect meet these requirements?
A. Create a custom application on Heroku that manages the sign-on process from Facebook
B. Use JIT Provisioning to automatically create the account in the accounting system
C. Add an Apex callout in the registration handler of the authorization provider
D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System
View answer
Correct Answer: C
Question #23
Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.What should an identity architect do to fulfill this requirement?
A. Contact Salesforce Support and enable delegate single sign-on
B. Create a custom external authentication provider
C. Use certificate-based authentication
D. Configure OpenID Connect authentication provider
View answer
Correct Answer: B
Question #24
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers
A. Activate My Domain to Brand each org to the specific business use case
B. Implement SP-Initiated Single Sign-on flows to allow deep linking
C. Implement IdP-Initiated Single Sign-on flows to allow deep linking
D. Implement Delegated Authentication from each org to the LDAP provider
View answer
Correct Answer: AB
Question #25
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?
A. Use Active Directory with Reverse Proxy as the Identity Provider
B. Use Microsoft Access control Service as the Authentication provider
C. Use Active Directory Federation Service (ADFS) as the Identity Provider
D. Use Salesforce Identity Connect as the Identity Provider
View answer
Correct Answer: D
Question #26
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?
A. SP-initiated SSO will not work
B. Neither SP- nor IdP-initiated SSO will work
C. Either SP- or IdP-initiated SSO will work
D. IdP-initiated SSO will not work
View answer
Correct Answer: B
Question #27
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.Once enabled, what role will Salesforce play?
A. Facebook and Linkedln will be the SPs
B. Salesforce will be the service provider (SP)
C. Salesforce will be the identity provider (IdP)
D. Facebook and Linkedln will act as the IdPs and SPs
View answer
Correct Answer: B
Question #28
Users logging into Salesforce are frequently prompted to verify their identity.The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.What should the identity architect recommend to meet the requirement?
A. Implement 2FA authentication for the Salesforce org
B. Set trusted IP ranges for the organization
C. Implement an single sign-on for Salesforce using an external identity provider
D. Implement multi-factor authentication for the Salesforce org
View answer
Correct Answer: B
Question #29
Which three types of attacks would a 2-Factor Authentication solution help garden against?
A. Key logging attacks
B. Network perimeter attacks
C. Phishing attacks
D. Dictionary attacks
E. Man-in-the-middle attacks
View answer
Correct Answer: ABD
Question #30
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the custom
A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site
B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO
C. Use a nightly batch ETL job to sync users between the Customer Community and the e- commerce platform and use SAML to allow SSO
D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO
View answer
Correct Answer: A

View The Updated Salesforce Exam Questions

SPOTO Provides 100% Real Salesforce Exam Questions for You to Pass Your Salesforce Exam!

Get Salesforce Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.