Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

• Question 71:

  An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.

  Which two licenses are needed to meet this requirement?

  Choose 2 answers

  A. External Identity Licenses
  B. Identity Connect Licenses
  C. Email Verification Credits
  D. SMS verification Credits
  A. External Identity Licenses
  D. SMS verification Credits

• Question 72:

  Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

  A. Google is the service provider and Facebook is the identity provider
  B. Salesforce is the service provider and Google is the identity provider
  C. Facebook is the service provider and salesforce is the identity provider
  D. Salesforce is the service provider and Facebook is the identity provider
  B. Salesforce is the service provider and Google is the identity provider
  D. Salesforce is the service provider and Facebook is the identity provider

• Question 73:

  What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  A. Reference to a URL redirect parameter at the identity provider.
  B. Reference to a URL redirect parameter at the service provider.
  C. Reference to the login address URL of the service provider.
  D. Reference to the login address URL of the identity Provider.
  B. Reference to a URL redirect parameter at the service provider.

• Question 74:

  which three are features of federated Single Sign-on solutions? Choose 3 answers

  A. It federates credentials control to authorized applications.
  B. It establishes trust between Identity store and service provider.
  C. It solves all identity and access management problems.
  D. It improves affiliated applications adoption rates.
  E. It enables quick and easy provisioning and deactivating of users.
  B. It establishes trust between Identity store and service provider.
  C. It solves all identity and access management problems.
  E. It enables quick and easy provisioning and deactivating of users.

• Question 75:

  A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce. What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  A. Use a connected app with user provisioning flow.
  B. Create Canvas app in Salesforce for third-party app to provision users.
  C. Redirect users to the third-party app for registration.
  D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
  A. Use a connected app with user provisioning flow.

• Question 76:

  Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

  A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
  B. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
  C. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
  D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
  D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

• Question 77:

  Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

  Which configuration will meet this requirement?

  A. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
  B. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.
  C. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
  D. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
  C. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.

• Question 78:

  Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

  A. Check the Refresh Token policy defined in the Salesforce Connected App.
  B. Validate that the users are checking the box to remember their passwords.
  C. Verify that the Callback URL is correctly pointing to the new URI Scheme.
  D. Confirm that the access Token's Time-To-Live policy has been set appropriately.
  A. Check the Refresh Token policy defined in the Salesforce Connected App.

• Question 79:

  A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

  Which two considerations should the architect keep in mind?

  Choose 2 answers

  A. AMR field shows the authentication methods used at IdP.
  B. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.
  C. High-assurance sessions must be configured under Session Security Level Policies.
  D. Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
  A. AMR field shows the authentication methods used at IdP.
  B. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

• Question 80:

  Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

  A. Financial System
  B. Pingfederate
  C. Salesforce Org 2
  D. Salesforce Org 1
  B. Pingfederate
  D. Salesforce Org 1