Online Questions - Valid Practice Identity-and-Access-Management-Architect Exam Dumps Test Questions [Q41-Q60]

Share

Online Questions - Valid Practice Identity-and-Access-Management-Architect Exam Dumps Test Questions

100% Real Identity-and-Access-Management-Architect dumps  - Brilliant Identity-and-Access-Management-Architect Exam Questions PDF


Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

TopicDetails
Topic 1
  • Identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights
  • Identify the auditing and monitoring approaches available on the platform
Topic 2
  • Describe the capabilities for customizing the user experience for Experience Cloud
  • Given a scenario, identify the most appropriate OAuth flow
Topic 3
  • Describe common authentication patterns and understand the differences between each one
  • Given a scenario, identify the configuration settings for a Connected app
Topic 4
  • Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses
  • Identify the role Identity Connect product plays in a Salesforce Identity implementation
Topic 5
  • Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios
  • Recommend the appropriate method for provisioning users in Salesforce

 

NEW QUESTION 41
An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

  • A. Consumer key and consumer secret
  • B. Apex registration handler
  • C. User info endpoint URL
  • D. Federation ID

Answer: B

 

NEW QUESTION 42
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

  • A. Create custom metadata that stores user alerts and use a LWC to display alerts.
  • B. Use Login Flows to add a screen that shows personalized alerts.
  • C. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
  • D. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.

Answer: B

 

NEW QUESTION 43
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Google is the identity provider
  • B. Google is the service provider
  • C. Salesforce is the service provider
  • D. Salesforce is the identity provider

Answer: C

 

NEW QUESTION 44
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

  • A. The CA-signed Certificate from the Certificate and Key Management Menu.
  • B. The default client Certificate or the Certificate and Key Management menu.
  • C. The Self-signed Certificates from the Certificate & Key Management menu.
  • D. The default client Certificate from the Develop--> API menu.

Answer: D

 

NEW QUESTION 45
Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

  • A. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
  • B. Just-in-Time (JIT) for both Provisioning and Deprovisioning.
  • C. Provisioning API for both Provisioning and Deprovisioning.
  • D. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.

Answer: B

 

NEW QUESTION 46
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

  • A. Use Login Flow to bypass IP range restriction for the mobile app.
  • B. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
  • C. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
  • D. Remove existing restrictions on IP ranges for all types of user access.

Answer: B,C

 

NEW QUESTION 47
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  • A. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  • B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  • C. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
  • D. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

Answer: A

 

NEW QUESTION 48
What are three capabilities of Delegated Authentication? Choose 3 answers

  • A. It can be assigned by Profiles.
  • B. It can be assigned by Custom Permissions.
  • C. It can connect to SOAP services.
  • D. It can be assigned by Permission Sets.
  • E. It can connect to REST services.

Answer: C,D,E

 

NEW QUESTION 49
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers

  • A. Enable "Allow customers and partners to self-register".
  • B. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
  • C. Customize me self-registration Apex handler to create only the user record.
  • D. Set jp an external login page and call Salesforce APIs for user creation.
  • E. Select the "Configurable Self-Reg Page" option under Login & Registration.

Answer: A,C,E

 

NEW QUESTION 50
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • B. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
  • C. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • D. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.

Answer: A,C

 

NEW QUESTION 51
A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.
Which two considerations should the architect keep in mind?
Choose 2 answers

  • A. AMR field shows the authentication methods used at IdP.
  • B. High-assurance sessions must be configured under Session Security Level Policies.
  • C. Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
  • D. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

Answer: A,D

 

NEW QUESTION 52
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

  • A. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
  • B. Configure an Authentication Provider for LinkedIn Social Media Accounts.
  • C. Use Delegated Authentication to call the Twitter login API to authenticate users.
  • D. Create a Custom Apex Registration Handler to handle new and existing users.

Answer: B,D

 

NEW QUESTION 53
Universal containers (UC) would like to enable self - registration for their salesforce partner community users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

  • A. Configure registration for communities to use a custom visualforce page.
  • B. Configure registration for communities to use a custom apex controller.
  • C. Modify the selfregistration trigger to assign profile and account.
  • D. Modify the communitiesselfregcontroller to assign the profile and account.

Answer: A,D

 

NEW QUESTION 54
Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

  • A. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
  • B. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
  • C. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
  • D. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.

Answer: C

 

NEW QUESTION 55
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP).
Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

  • A. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
  • B. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
  • C. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
  • D. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

Answer: A

 

NEW QUESTION 56
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. Email Verification Credits
  • B. SMS verification Credits
  • C. External Identity Licenses
  • D. Identity Connect Licenses

Answer: B,C

 

NEW QUESTION 57
Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

  • A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
  • B. Build a community builder page for both the change password and Forgot password experiences.
  • C. Build a custom visualforce page for both the change password and Forgot password experiences.
  • D. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.

Answer: C,D

 

NEW QUESTION 58
Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled "User Provisioning" on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

  • A. User Provisioning for Connected Apps does not support role sync.
  • B. Required operation(s) was not mapped in User Provisioning Settings.
  • C. Salesforce roles have more than three levels in the role hierarchy.
  • D. The Approval queue for User Provisioning Requests is unmonitored.

Answer: A

 

NEW QUESTION 59
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.
One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.
Which OAuth flow should be used to fulfill the requirement?

  • A. Web Server Flow
  • B. User Agent Flow
  • C. Username-Password Flow
  • D. JWT Bearer Flow

Answer: D

 

NEW QUESTION 60
......

Identity-and-Access-Management-Architect Exam PDF [2022] Tests Free Updated Today with Correct 245 Questions: https://itcertspass.prepawayexam.com/Salesforce/braindumps.Identity-and-Access-Management-Architect.ete.file.html