Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

• Question 101:

  Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org. What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

  A. Query using OpenID Connect discovery endpoint.
  B. A Leverage OpenID Connect Token Introspection.
  C. Create a custom OAuth scope.
  D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
  B. A Leverage OpenID Connect Token Introspection.

• Question 102:

  An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.

  What should the IAM do to fulfill this requirement?

  A. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
  B. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
  C. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
  D. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  D. Confirm performance considerations with Salesforce Customer Support due to high peaks.

• Question 103:

  Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

  A. SP-Initiated with Deep Linking
  B. SP-Initiated
  C. IdP-Initiated
  D. User-Agent
  C. IdP-Initiated

• Question 104:

  Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).

  Which three OAuth concepts apply to this flow?

  Choose 3 answers

  A. Verification URL
  B. Client Secret
  C. Access Token
  D. Scopes
  B. Client Secret
  C. Access Token
  D. Scopes

• Question 105:

  Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

  A. User-Agent
  B. IDP-initiated
  C. Sp-Initiated
  D. Web server
  B. IDP-initiated

• Question 106:

  Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65?set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  A. IdP-initiated SSO will NOT work.
  B. Neither SP- nor IdP-initiated SSO will work.
  C. Either SP- or IdP-initiated SSO will work.
  D. SP-initiated SSO will NOT work
  B. Neither SP- nor IdP-initiated SSO will work.

• Question 107:

  Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.

  Which two Salesforce license types does UC need for its employees' Choose 2 answers

  A. Company Community and Identity licenses
  B. Identity and Identity Connect licenses
  C. Chatter Only and Identity licenses
  D. Salesforce and Identity Connect licenses
  B. Identity and Identity Connect licenses
  D. Salesforce and Identity Connect licenses

• Question 108:

  Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

  A. Web Application flow
  B. SAML Bearer Assertion flow
  C. User-Agent flow
  D. Web Server flow
  D. Web Server flow

• Question 109:

  After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

  A. Require users to provide their RSA token along with their credentials.
  B. Require users to supply their email and phone number, which gets validated.
  C. Require users to enter a second password after the first Authentication
  D. Require users to use a biometric reader as well as their password
  A. Require users to provide their RSA token along with their credentials.
  D. Require users to use a biometric reader as well as their password

• Question 110:

  A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

  

  The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint. What should an Identity architect do to meet this requirement?

  A. Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
  B. Configure the company firewall to allow traffic from Salesforce IP ranges.
  C. Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
  D. Upload a third-party certificate from Salesforce into the on-premise server.
  B. Configure the company firewall to allow traffic from Salesforce IP ranges.

  ---

  Explanation/Reference: