DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Salesforce Identity and Access Management Architect Exam Sample Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled "User Provisioning" on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system.What is the most likely reason for this behaviour?
A. User Provisioning for Connected Apps does not support role sync
B. Required operation(s) was not mapped in User Provisioning Settings
C. The Approval queue for User Provisioning Requests is unmonitored
D. Salesforce roles have more than three levels in the role hierarchy
View answer
Correct Answer: A
Question #2
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org. Which three steps should the identity architect use to implement this requirement?Choose 3 answers
A. Create an approval process for a custom object associated with the provisioning flow
B. Create a connected app for Concur in Salesforce
C. Enable User Provisioning for the connected app
D. Create an approval process for user object associated with the provisioning flow
E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow
View answer
Correct Answer: BCE
Question #3
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).Which three OAuth concepts apply to this flow?Choose 3 answers
A. Client ID
B. Refresh Token
C. Authorization Code
D. Verification Code
E. Scopes
View answer
Correct Answer: ABE
Question #4
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?
A. Customer Community license
B. Identity license
C. Customer Community Plus license
D. External Identity license
View answer
Correct Answer: B
Question #5
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.
A. Custom_permissions
B. Api
C. Refresh_token
D. Full
View answer
Correct Answer: BC
Question #6
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:1. Enter a phone number and/or email address 2. Enter a verification code that is to be sent via email or text. What is the recommended approach to fulfill this requirement?
A. Create a Login Discovery page and provide a Login Discovery Handler Apex class
B. Create a custom login page with an Apex controller
C. Create an Authentication provider and implement a self-registration handler class
D. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service
View answer
Correct Answer: A
Question #7
A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication. Which three functions meet the Salesforce criteria for secure mfa? Choose 3 answers
A. username and password + SMS passcode
B. Username and password + secunty key
C. Third-party single sign-on with Mobile Authenticator app
D. Certificate-based Authentication
E. Lightning Login
View answer
Correct Answer: BCE
Question #8
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?
A. The Oauth authorizations are being revoked by a nightly batch job
B. The refresh token expiration policy is set incorrectly in salesforce
C. The app is requesting too many access Tokens in a 24-hour period
D. The users forget to check the box to remember their credentials
View answer
Correct Answer: B
Question #9
What is a role of an Identity Provider in a Single Sign-on setup using SAML?
A. Consume assertion
B. Revoke assertion
C. Validate assertion
D. Create assertion
View answer
Correct Answer: D
Question #10
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
A. OAuth Refresh Token FLow
B. OAuth Username-Password Flow
C. OAuth SAML Bearer Assertion FLow
D. OAuth JWT Bearer Token FLow
View answer
Correct Answer: CD
Question #11
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API. One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security. Which OAuth flow should be used to fulfill the requirement?
A. JWT Bearer Flow
B. User Agent Flow
C. Web Server Flow
D. Username-Password Flow
View answer
Correct Answer: A
Question #12
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?
A. Login Inspector
B. Login History
C. Login Report
D. Login Forensics
View answer
Correct Answer: D
Question #13
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
A. Federation ID
B. Salesforce User ID
C. User Full Name
D. User Email Address
E. Salesforce Username
View answer
Correct Answer: ACD
Question #14
Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.Which configuration will meet this requirement?
A. Create and assign a permission set to all employees that includes "MFA for User Interface Logins
B. Create a custom login flow that enforces MFA and assign it to a permission set
C. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification
D. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels
View answer
Correct Answer: C
Question #15
The security team at Universal containers(UC) has identified exporting reports as a high- risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesfor
A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission
B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports
C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session
D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission
View answer
Correct Answer: C
Question #16
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department. How should an identity architect implement this requirement?
A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile
B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile
C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning
D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile
View answer
Correct Answer: B
Question #17
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65?set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?
A. IdP-initiated SSO will NOT work
B. Neither SP- nor IdP-initiated SSO will work
C. Either SP- or IdP-initiated SSO will work
D. SP-initiated SSO will NOT work
View answer
Correct Answer: B
Question #18
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
A. Federation ID
B. Salesforce User ID
C. User Full Name
D. User Email Address
E. Salesforce Username
View answer
Correct Answer: ACD
Question #19
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance. Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.Which two steps should be done on the platform to satisfy the requirement?Choose 2 answers
A. Manage which connected apps a user has access to by assigning authentication providers to the users profile
B. Assign the connected app to the customer community, and enable the users profile in the Community settings
C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps
D. Set each of the Connected App access settings to Admin Pre-Approved
View answer
Correct Answer: CD
Question #20
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials. What should an identity architect recommend to meet these requirements?
A. Configure a predefined authentication provider for Amazon
B. Create a custom external authentication provider for Amazon
C. Configure an OpenID Connect Authentication Provider for Amazon
D. Configure Amazon as a connected app
View answer
Correct Answer: C
Question #21
Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud. NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.Which three Salesforce permissions are available to map to AD permissions?Choose 3 answers
A. Public Groups
B. Field-Level Security
C. Roles
D. Sharing Rules
E. Profiles and Permission Sets
View answer
Correct Answer: ACE
Question #22
Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community. Which two recommendations should an identity architect make to fulfill this requirement? Choose 2 answers
A. Add customers as contacts and add them to Experience Cloud site
B. Enable Welcome emails while configuring the Experience Cloud site
C. Allow Password reset using the API to update Experience Cloud site membership
D. Use Login Flows to allow users to reset password in Experience Cloud site
View answer
Correct Answer: CD
Question #23
Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.Which approach will meet this requirement?
A. Create tasks for users who need to update their data or accept the new community rules
B. Create a custom landing page and email campaign asking all community members to login and verify their data
C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information
D. Add a banner to the community Home page asking users to update their profile and accept the new community rules
View answer
Correct Answer: C
Question #24
Universal Containers (UC) has an e - commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP - initiated SSO using a SAML - compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP - initiated SSO work? Choo
A. Configure SAML SSO settings
B. Create a Connected App
C. Configure Delegated Authentication
D. Set up My Domain
View answer
Correct Answer: AD
Question #25
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook andLinkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers
A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration
B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records
C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record
D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page
View answer
Correct Answer: AB
Question #26
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
A. Use the salesforce REST API to sync users from active directory to salesforce
B. Use an app exchange product to sync users from Active Directory to salesforce
C. Use Active Directory Federation Services to sync users from active directory to salesforce
D. Use Identity connect to sync users from Active Directory to salesforce
View answer
Correct Answer: BD
Question #27
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers
A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps
B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there
C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there
D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps
View answer
Correct Answer: BD
Question #28
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage. What is recommended to fulfill this requirement with the least amount of customization?
A. Create custom metadata that stores user alerts and use a LWC to display alerts
B. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile
C. Build a Lightning web Component (LWC) for a homepage that shows custom alerts
D. Use Login Flows to add a screen that shows personalized alerts
View answer
Correct Answer: D
Question #29
Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account. NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.What should an Identity architect do to fulfill the requirement?
A. Configure an authentication provider for Social Login using Google and a custom registration handler
B. Implement a Just-in-Time handler class that has logic to create cases upon first login
C. Create an authentication provider for Social Login using Google and leverage standard registration handler
D. Implement a login flow with a record create component for Case
View answer
Correct Answer: D
Question #30
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?
A. Just-in-Time (JIT) provisioning
B. Custom middleware and web services
C. Custom login flow and Apex handler
D. Third-party AppExchange solution
View answer
Correct Answer: A

View The Updated Salesforce Exam Questions

SPOTO Provides 100% Real Salesforce Exam Questions for You to Pass Your Salesforce Exam!

Get Salesforce Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.