Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

• Question 121:

  Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  A. Use on-the-fly provisioning
  B. Use just-in-time provisioning
  C. Use salesforce APIs to create users on the fly
  D. Use Identity connect to sync users
  B. Use just-in-time provisioning

• Question 122:

  In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.

• Question 123:

  Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

  A. Trust relationships between Identity Provider and Service Provider are required.
  B. SAML tokens can be in XML or JSON format and can be used interchangeably.
  C. Web applications with no passwords are more secure and stronger against attacks.
  D. Access tokens are used to access resources on the server once the user is authenticated.
  E. Centralized federation provides single point of access, control and auditing.
  A. Trust relationships between Identity Provider and Service Provider are required.
  D. Access tokens are used to access resources on the server once the user is authenticated.
  E. Centralized federation provides single point of access, control and auditing.

• Question 124:

  Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?

  Choose 2 answers

  A. Enable My Domain and select "Prevent login from https://login.salesforce.com".
  B. Request Salesforce Support to enable delegated authentication.
  C. Once SSO is enabled, users are only able to login using Salesforce credentials.
  D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.
  A. Enable My Domain and select "Prevent login from https://login.salesforce.com".
  D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.

• Question 125:

  A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.

  Once enabled, what role will Salesforce play?

  A. Facebook and Linkedln will be the SPs.
  B. Salesforce will be the service provider (SP).
  C. Salesforce will be the identity provider (IdP).
  D. Facebook and Linkedln will act as the IdPs and SPs.
  B. Salesforce will be the service provider (SP).

• Question 126:

  Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

  A. The web service needs to include Source IP as a method parameter.
  B. UC should whitelist all salesforce ip ranges on their corporate firewall.
  C. The web service can be written using either the soap or rest protocol.
  D. Delegated Authentication is enabled for the system administrator profile.
  E. The return type of the Web service method should be a Boolean value
  A. The web service needs to include Source IP as a method parameter.
  B. UC should whitelist all salesforce ip ranges on their corporate firewall.
  E. The return type of the Web service method should be a Boolean value

• Question 127:

  Which two considerations should be made when implementing Delegated Authentication? Choose 2 answers

  A. The authentication web service can include custom attributes.
  B. It can be used to authenticate API clients and mobile apps.
  C. It requires trusted IP ranges at the User Profile level.
  D. Salesforce servers receive but do not validate a user's credentials.
  E. Just-in-time Provisioning can be configured for new users.
  B. It can be used to authenticate API clients and mobile apps.
  E. Just-in-time Provisioning can be configured for new users.

• Question 128:

  A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.

  Which OAuth flow should the architect recommend?

  A. OAuth 2.0 Asset Token Flow
  B. OAuth 2.0 Device Authentication Row
  C. OAuth 2.0 JWT Bearer Token Flow
  D. OAuth 2.0 SAML Bearer Assertion Flow
  A. OAuth 2.0 Asset Token Flow

• Question 129:

  Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  C. Use a nightly batch ETL job to sync users between the Customer Community and the e- commerce platform and use SAML to allow SSO.
  D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.

• Question 130:

  Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC's middleware authenticate to Salesforce while adhering to this requirement?

  A. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
  B. Create a Connected App that supports the Refresh Token OAuth Flow
  C. Create a Connected App that supports the Web Server OAuth Flow.
  D. Create a Connected App that supports the User-Agent OAuth Flow.
  A. Create a Connected App that supports the JWT Bearer Token OAuth Flow.