Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Questions & Answers

• Question 81:

  Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

  A. Resource deep linking
  B. App launcher
  C. SSO from salesforce1 mobile app.
  D. Login forensics
  A. Resource deep linking
  C. SSO from salesforce1 mobile app.

• Question 82:

  A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

  

  What is recommended to ensure these requirements are met ?

  A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
  B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
  C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
  D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
  B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

  ---

  Explanation/Reference:

• Question 83:

  Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

  A. OAuth 2.0 SAML Bearer Assertion Flow
  B. A SAML Assertion Row
  C. OAuth 2.0 User-Agent Flow
  D. OAuth 2.0 JWT Bearer Flow
  B. A SAML Assertion Row

• Question 84:

  Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

  What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
  C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

  ---

  Explanation/Reference:

• Question 85:

  Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

  A. The Oauth authorizations are being revoked by a nightly batch job.
  B. The refresh token expiration policy is set incorrectly in salesforce
  C. The app is requesting too many access Tokens in a 24-hour period
  D. The users forget to check the box to remember their credentials.
  B. The refresh token expiration policy is set incorrectly in salesforce

• Question 86:

  Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

  A. Redirect_uri
  B. State
  C. Scope
  D. Callback_uri
  A. Redirect_uri

• Question 87:

  Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

  A. Customer Community license
  B. Identity license
  C. Customer Community Plus license
  D. External Identity license
  B. Identity license

• Question 88:

  Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  A. As part of the body of a Salesforce Knowledge article.
  B. In the mobile navigation menu on Salesforce for Android.
  C. The sidebar of a Salesforce Console as a console component.
  D. Included in the Call Control Tool that's part of Open CTI.
  A. As part of the body of a Salesforce Knowledge article.
  C. The sidebar of a Salesforce Console as a console component.

• Question 89:

  Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

  A. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
  B. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
  C. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
  D. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
  A. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.

• Question 90:

  An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs. Which Salesforce OAuth authorization flow should be used?

  A. OAuth 2-0 SAML Bearer Assertion Flow
  B. OAuth 2.0 JWT Bearer Flow
  C. SAML Assertion Flow
  D. OAuth 2.0 User-Agent Flow
  C. SAML Assertion Flow