1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203)
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :247 Q&As
  • Last Updated
    :May 27, 2026

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

  • Question 161:

    Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.

    Which approach will meet this requirement?

    A. Create tasks for users who need to update their data or accept the new community rules.
    B. Create a custom landing page and email campaign asking all community members to login and verify their data.
    C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
    D. Add a banner to the community Home page asking users to update their profile and accept the new community rules.

  • Question 162:

    Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

    Which three steps should an identity architect take to implement social sign-on?

    Choose 3 answers

    A. Register both Facebook and Linkedln as connected apps.
    B. Create authentication providers for both Facebook and Linkedln.
    C. Check "Facebook" and "Linkedln" under Login Page Setup.
    D. Enable "Federated Single Sign-On Using SAML".
    E. Update the default registration handlers to create and update users.

  • Question 163:

    Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

    A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
    B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
    C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
    D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

  • Question 164:

    Under which scenario Web Server flow will be used?

    A. Used for web applications when server-side code needs to interact with APIS.
    B. Used for server-side components when page needs to be rendered.
    C. Used for mobile applications and testing legacy Integrations.
    D. Used for verifying Access protected resources.

  • Question 165:

    A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

    Which three functions meet the Salesforce criteria for secure mfa?

    Choose 3 answers

    A. username and password + SMS passcode
    B. Username and password + secunty key
    C. Third-party single sign-on with Mobile Authenticator app
    D. Certificate-based Authentication
    E. Lightning Login

  • Question 166:

    Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML. What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

    A. Identity Provider (IdP)
    B. Resource Server
    C. Service Provider (SP)
    D. Client Application

  • Question 167:

    Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.

    Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.

    Which two steps should be done on the platform to satisfy the requirement?

    Choose 2 answers

    A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
    B. Assign the connected app to the customer community, and enable the users profile in the Community settings.
    C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
    D. Set each of the Connected App access settings to Admin Pre-Approved.

  • Question 168:

    Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

    A. Federation ID
    B. Salesforce User ID
    C. User Full Name
    D. User Email Address
    E. Salesforce Username

  • Question 169:

    Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.

    Which two actions should an identity architect recommend to meet these requirements?

    Choose 2 answers

    A. Create a custom external authentication provider for Facebook.
    B. Configure a predefined authentication provider for Facebook.
    C. Create a custom external authentication provider for Twitter.
    D. Configure a predefined authentication provider for Twitter.

  • Question 170:

    A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

    Which two issues would cause these errors?

    Choose 2 answers

    A. The subject element is missing from the assertion sent to salesforce.
    B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
    C. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
    D. The assertion sent to 5alesforce contains an assertion ID previously used.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.