1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203)
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :247 Q&As
  • Last Updated
    :May 27, 2026

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

  • Question 91:

    Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

    A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
    B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
    C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
    D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

  • Question 92:

    universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

    A. Use a custom attribute on the user object to control access to the mobile app
    B. Use connected apps Oauth policies to restrict mobile app access to authorized users.
    C. Use the permission set license to assign the mobile app permission to sales users
    D. Add a new identity provider to authenticate and authorize mobile users.

  • Question 93:

    What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

    A. Validate token
    B. Create token
    C. Consume token
    D. Revoke token

  • Question 94:

    Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

    A. Configure SAML SSO settings.
    B. Create a Connected App.
    C. Configure Delegated Authentication.
    D. Set up My Domain.

  • Question 95:

    Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

    A. Refresh token
    B. API
    C. full
    D. Web

  • Question 96:

    Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

    A. Custom_permissions
    B. Api
    C. Refresh_token
    D. Full

  • Question 97:

    Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS. How should the quantity of required Identity Verification Credits be estimated?

    A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
    B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
    C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
    D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

  • Question 98:

    An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

    1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

    2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

    Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

    A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
    B. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
    C. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
    D. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.

  • Question 99:

    In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

    A. RedirectURL
    B. RelayState
    C. DisplayState
    D. StartURL

  • Question 100:

    Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

    A. The web application should be hosted on a secure server.
    B. The web server must be able to protect consumer privacy
    C. The flow involves passing the user credentials back and forth.
    D. The flow will not provide an Oauth refresh token back to the server.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.