Try 100% Updated Identity-and-Access-Management-Architect Exam Questions [2023]
Pass Identity-and-Access-Management-Architect Exam - Real Questions and Answers
NEW QUESTION 116
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?
- A. Implement Delegated Authentication that will update the user profiles as necessary.
- B. Create an apex scheduled job in one org that will synchronize the other orgs profile.
- C. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
- D. Implement an Oauthjwt flow to pass the profile credentials between systems.
Answer: C
NEW QUESTION 117
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers
- A. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
- B. Customize me self-registration Apex handler to create only the user record.
- C. Select the "Configurable Self-Reg Page" option under Login & Registration.
- D. Enable "Allow customers and partners to self-register".
- E. Set jp an external login page and call Salesforce APIs for user creation.
Answer: B,C,D
NEW QUESTION 118
A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?
- A. OAuth 2.0 JWT Bearer How
- B. OAuth 2.0 Asset Token Flow
- C. OAuth 2.0 Device Flow
- D. OAuth 2.0 User-Agent Flow
Answer: C
NEW QUESTION 119
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?
- A. OpenID Connect
- B. Web Server Flow
- C. JWT Bearer Token Flow
- D. User Agent Flow
Answer: B
NEW QUESTION 120
A real estate company wants to provide its customers a digital space to design their interior decoration options.
To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers
- A. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
- B. Use declarative registration handler process builder/flow to create, update users and contacts.
- C. Apex coding skills are needed for registration handler to create and update users.
- D. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
Answer: C,D
NEW QUESTION 121
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?
- A. Third-party AppExchange solution
- B. Just-in-Time (JIT) provisioning
- C. Custom login flow and Apex handler
- D. Custom middleware and web services
Answer: B
NEW QUESTION 122
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
- A. OAuth Username-Password Flow
- B. OAuth Refresh Token FLow
- C. OAuth SAML Bearer Assertion FLow
- D. OAuth JWT Bearer Token FLow
Answer: C,D
NEW QUESTION 123
Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?
- A. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
- B. Just-in-Time (JIT) for both Provisioning and Deprovisioning.
- C. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
- D. Provisioning API for both Provisioning and Deprovisioning.
Answer: B
NEW QUESTION 124
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers
- A. Salesforce Identity Connect
- B. Configure Cloud Provider Load Balancer
- C. Salesforce Trigger & Field on Contact Object
- D. Active Directory Password Sync Plugin
Answer: A,D
NEW QUESTION 125
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer
360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360?
Choose 2 answers
- A. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
- B. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
- C. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
- D. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
Answer: B,C
NEW QUESTION 126
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?
- A. Redirect_uri
- B. Scope
- C. Callback_uri
- D. State
Answer: A
NEW QUESTION 127
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?
- A. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
- B. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
- C. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
- D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
Answer: B
NEW QUESTION 128
Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers
- A. Create a connected App
- B. Configure Delegated Authentication
- C. Set up my domain
- D. Configure SAML SSO settings.
Answer: C,D
NEW QUESTION 129
What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?
- A. Revoke token
- B. Consume token
- C. Create token
- D. Validate token
Answer: C
NEW QUESTION 130
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers
- A. The web service can be written using either the soap or rest protocol.
- B. The web service needs to include Source IP as a method parameter.
- C. UC should whitelist all salesforce ip ranges on their corporate firewall.
- D. Delegated Authentication is enabled for the system administrator profile.
- E. The return type of the Web service method should be a Boolean value
Answer: B,C,E
NEW QUESTION 131
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?
- A. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
- B. Allow partners to register through the IdP and create partner users in Salesforce through an API.
- C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
- D. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
Answer: A
NEW QUESTION 132
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grants an Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?
- A. 4, 1, 5, 2, 3
- B. 2, 1, 3, 4, 5
- C. 4,5,2, 3, 1
- D. 1, 4, 5, 2, 3
Answer: C
NEW QUESTION 133
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers
- A. Custom permission assignment
- B. Granting report folder access
- C. Role Assignment
- D. Public Group Assignment
- E. Permission sets assignment
Answer: C,D,E
NEW QUESTION 134
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?
- A. The salesforce SSO settings are using http post
- B. The identity provider is correctly preserving the Relay state
- C. The users have the correct Federation ID within salesforce.
- D. My domain is configured and active within salesforce.
Answer: B
NEW QUESTION 135
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers
- A. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
- B. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
- C. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
- D. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
Answer: B,C
NEW QUESTION 136
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?
- A. Define a permission set that grants access to the app and assign to authorized users.
- B. Leverage external objects and data classification policies.
- C. Select "Admin approved users are pre-authonzed" and assign specific profiles.
- D. Create custom scopes and assign to the connected app.
Answer: D
NEW QUESTION 137
......
Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Identity-and-Access-Management-Architect Exam Questions Get Updated [2023] with Correct Answers: https://vce4exams.practicevce.com/Salesforce/Identity-and-Access-Management-Architect-practice-exam-dumps.html