Download the Latest Identity-and-Access-Management-Architect Dumps - 2023 Identity-and-Access-Management-Architect Exam Questions [Q13-Q34]

Download the Latest Identity-and-Access-Management-Architect Dumps - 2023 Identity-and-Access-Management-Architect Exam Questions

Latest Salesforce Identity-and-Access-Management-Architect Certification Practice Test Questions

Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

Topic	Details
Topic 1	Given a scenario, describe what tools you can apply to audit and verify the activity user during and after login Describe how trust is established between two systems
Topic 2	Troubleshoot common points of failure that may be encountered in a single sign-on solution Describe the tools that are available to diagnose IdP issues
Topic 3	Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses Identify the role Identity Connect product plays in a Salesforce Identity implementation
Topic 4	Describe the capabilities for customizing the user experience for Experience Cloud Given a scenario, identify the most appropriate OAuth flow
Topic 5	Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios Recommend the appropriate method for provisioning users in Salesforce
Topic 6	Describe common authentication patterns and understand the differences between each one Given a scenario, identify the configuration settings for a Connected app

 

NEW QUESTION 13
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

• A. Require users to use a biometric reader as well as their password
• B. Require users to enter a second password after the first Authentication
• C. Require users to supply their email and phone number, which gets validated.
• D. Require users to provide their RSA token along with their credentials.

Answer: A,D

 

NEW QUESTION 14
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

• A. RelayState
• B. DisplayState
• C. StartURL
• D. RedirectURL

Answer: A

 

NEW QUESTION 15
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

• A. Increase Password complexity requirements in Salesforce.
• B. Lock sessions to the IP address from which they originated.
• C. Implement Single Sign-on using a corporate Identity store.
• D. Use the Salesforce Authenticator mobile app with two-step verification

Answer: D

 

NEW QUESTION 16
An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

• A. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.
• B. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
• C. Ensure that there is an HTTPS connection between IDP and SP.
• D. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

Answer: A

 

NEW QUESTION 17
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

• A. External Identity Licence.
• B. Salesforce Platform Licence.
• C. Identity Licence.
• D. Salesforce Licence.

Answer: B

 

NEW QUESTION 18
Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.
Which two recommendations should an identity architect make to fulfill this requirement?
Choose 2 answers

• A. Use Login Flows to allow users to reset password in Experience Cloud site.
• B. Enable Welcome emails while configuring the Experience Cloud site.
• C. Allow Password reset using the API to update Experience Cloud site membership.
• D. Add customers as contacts and add them to Experience Cloud site.

Answer: A,C

 

NEW QUESTION 19
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

• A. Build a custom web page that uses the identity store and calls frontdoor.jsp
• B. Build a custom Web service that is supported by Delegated Authentication.
• C. Implement the Openid protocol and configure an Authentication provider
• D. Use a professional social media such as LinkedIn as an Authentication provider

Answer: B,C

 

NEW QUESTION 20
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents.
An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

• A. Select "Enable as a Canvas Personal App" in the connected app settings.
• B. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
• C. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
• D. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

Answer: B,C

 

NEW QUESTION 21
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• D. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.

Answer: A

 

NEW QUESTION 22
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

• A. Either SP- or IdP-initiated SSO will work.
• B. Neither SP- nor IdP-initiated SSO will work.
• C. SP-initiated SSO will not work.
• D. IdP-initiated SSO will not work.

Answer: B

 

NEW QUESTION 23
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

• A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
• B. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
• C. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
• D. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Answer: B

 

NEW QUESTION 24
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

• A. Create a Connected App for each external application.
• B. Set up Identity Connect to Synchronize user data.
• C. Set up Salesforce as a SAML Idp with My Domain.
• D. Set up an Auth Provider for each External Application.
• E. Add each connected App to the App Launcher with a Start URL.

Answer: A,C,E

 

NEW QUESTION 25
An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.
Which two reasons are the source of the issue?
Choose 2 answers

• A. OAuth scope does not include "openid*.
• B. The connected app is not set in the App menu as 'Visible in App Launcher".
• C. Session Policy is set as 'High Assurance Session required' for this connected app.
• D. StartURL for the connected app is not set in Connected App settings.

Answer: C,D

 

NEW QUESTION 26
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

• A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
• B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
• C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
• D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Answer: C

 

NEW QUESTION 27
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

• A. Develop a scheduled job that calls out to Facebook on a nightly basis.
• B. Use the updateUser() method on the Registration Handler class.
• C. Use information in the Signed Request that is received from Facebook.
• D. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Answer: B

 

NEW QUESTION 28
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• A. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• B. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
• C. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
• D. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.

Answer: A,D

 

NEW QUESTION 29
Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.
At a minimum, which Salesforce license is required to support this requirement?

• A. Identity Verification
• B. Identity Only
• C. Identity Connect
• D. External Identity

Answer: B

 

NEW QUESTION 30
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

• A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
• B. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
• C. Use custom login flows with callouts to a third-party fingerprint scanning application.
• D. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.

Answer: C

 

NEW QUESTION 31
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement?
Choose 2 answers

• A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
• B. Assign the connected app to the customer community, and enable the users profile in the Community settings.
• C. Set each of the Connected App access settings to Admin Pre-Approved.
• D. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.

Answer: C,D

 

NEW QUESTION 32
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

• A. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• B. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
• C. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
• D. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

Answer: A,C

 

NEW QUESTION 33
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers

• A. The Use Digital Signature option in the connected app.
• B. The "web" OAuth scope in the connected app,
• C. The "api" OAuth scope in the connected app.
• D. The "edair_api" OAuth scope m the connected app.

Answer: A,C

 

NEW QUESTION 34
......

Verified Identity-and-Access-Management-Architect Dumps Q&As - 1 Year Free & Quickly Updates: https://testking.practicedump.com/Identity-and-Access-Management-Architect-exam-questions.html