Try Free Salesforce Identity and Access Management Architect Dumps Questions

test2022-09-30T07:10:00+00:00

Are you willing to become a Salesforce Identity and Access Management Architect? It is not an easy task to prepare for the Salesforce Certified Identity and Access Management Architect exam. FreeTestShare Salesforce Identity and Access Management Architect Dumps Questions will help you better comprehend the information included in the actual exam.Taking a peek at this free Identity and Access Management Architect practice test can give you an idea of what it takes to pass these difficult exams.

To check how prepared you are, take a free practice exam right now!

Page 1 of 7

1. Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

Federation ID

Salesforce User ID

User Full Name

User Email Address

Salesforce Username

2. Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible.

Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

As part of the body of a Salesforce Knowledge article.

In the mobile navigation menu on Salesforce for Android.

The sidebar of a Salesforce Console as a console component.

Included in the Call Control Tool that's part of Open CT

3. Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.

Which approach will meet this requirement?

Create tasks for users who need to update their data or accept the new community rules.

Create a custom landing page and email campaign asking all community members to login and verify their data.

Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.

Add a banner to the community Home page asking users to update their profile and accept the new community rules.

4. Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.

Which two roles are being performed by Salesforce? Choose 2 answers

SAML Identity Provider

OAuth Client

OAuth Resource Server

SAML Service Provider

5. Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

6. Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce.

What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

Web Server flow

JWT Bearer Token flow

Username-Password flow

User Agent flow

7. A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.

What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing Id

Setup Salesforce as an IdP to authenticate against the LDAP directory.

Use Salesforce connect to synchronize LDAP passwords to Salesforce.

Setup Salesforce as an Authentication Provider to the existing Id

8. How should an identity architect automate provisioning and deprovisioning of users into

Salesforce from an external system?

Call SOAP API upsertQ on user object.

Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Run registration handler on incoming OAuth responses.

Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

9. The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.

What should be used and considered before recommending it as a solution on the Salesforce Platform?

OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.

Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.

Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.

Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.

10. Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce,

Which Salesforce OAuth authorization flow should be used?

OAuth 2.0 SAML Bearer Assertion Flow

A SAML Assertion Row

OAuth 2.0 User-Agent Flow

OAuth 2.0 JWT Bearer Flow

Page 2 of 7

11. Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user.

Which two mechanisms can the Architect provide? Choose 2 Answers

Authentication Token

Session ID

Refresh Token

Access Token

12. An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error.

Which two optimal actions should the Architect take to troubleshoot the issue?

Ensure the Callback URL is correctly set in the Connected Apps settings.

Use a browser that has an add-on/extension that can inspect SAM

Paste the SAML Assertion Validator in Salesforce.

Use the browser's Development tools to view the Salesforce page's markup.

13. Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?

Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

14. Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.

Which Salesforce license is required to fulfill this requirement?

External Identity

Identity Verification

Identity Connect

Identity Only

15. universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.

What would be the recommended solution to grant mobile app access to sales users?

Use a custom attribute on the user object to control access to the mobile app

Use connected apps Oauth policies to restrict mobile app access to authorized users.

Use the permission set license to assign the mobile app permission to sales users

Add a new identity provider to authenticate and authorize mobile users.

16. Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure.

What Certificate is sent along with the Outbound Message?

The CA-Signed Certificate from the Certificate and Key Management menu.

The default Client Certificate from the Develop--> API Menu.

The default Client Certificate or a Certificate from Certificate and Key Management menu.

The Self-Signed Certificates from the Certificate & Key Management menu.

17. In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

RedirectURL

RelayState

DisplayState

StartURL

18. Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app.

Which two scope values should an Architect recommend to UC? Choose 2 answers.

Custom_permissions

Api

Refresh_token

Full

19. Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.

Which two options should the identity architect recommend to support dynamic branding for the site? Choose 2 answers

To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.

To use dynamic branding, the community must be built with the Customer Account Portal template.

An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.

An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

20. Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.

what should an identity architect do to fulfill the above requirements?

For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.

Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.

Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.

Page 3 of 7

21. Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users.

How should UC create the identities of its e-commerce users with the customer community?

Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.

Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SS

Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SS

Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SS

22. Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org.

What action should the IT team take while implementing the second org?

Use the same SAML Identity location as the first org.

Use a different Entity ID than the first org.

Use the same request bindings as the first org.

Use the Salesforce Username as the SAML Identity Type.

23. Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

24. Universal containers (UC) is setting up their customer Community self-registration process.

They are uncomfortable with the idea of assigning new users to a default account record.

What will happen when customers self-register in the community?

The self-registration process will produce an error to the user.

The self-registration page will ask user to select an account.

The self-registration process will create a person Account record.

The self-registration page will create a new account record.

25. Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.

What should an identity architect recommend to meet these requirements?

Configure a predefined authentication provider for Amazon.

Create a custom external authentication provider for Amazon.

Configure an OpenID Connect Authentication Provider for Amazon.

Configure Amazon as a connected app.

26. Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce? Choose 2 answers

Enable My Domain and select "Prevent login from https://login.salesforce.com".

Request Salesforce Support to enable delegated authentication.

Once SSO is enabled, users are only able to login using Salesforce credentials.

Assign user "is Single Sign-on Enabled" permission via profile or permission set.

27. Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.

Mow can a guest register using data previously collected during order placement?

Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.

Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.

Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.

Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.

28. Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure.

Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

OAuth Refresh Token FLow

OAuth Username-Password Flow

OAuth SAML Bearer Assertion FLow

OAuth JWT Bearer Token FLow

29. Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.

After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.

Which three steps should an identity architect follow to implement the outlined requirements? Choose 3 answers

Enable "Allow customers and partners to self-register".

Select the "Configurable Self-Reg Page" option under Login & Registration.

Set jp an external login page and call Salesforce APIs for user creation.

Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.

Customize me self-registration Apex handler to create only the user record.

30. Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking'

Web Server OAuth SSO flow

Service-Provider-Initiated SSO

Identity-Provider-initiated SSO

StartURL on Identity Provider

Page 4 of 7

31. Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.

Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

Delegated Authentication will not work with a.net service.

Delegated Authentication will continue to work with rest services.

Delegated Authentication will continue to work with a.net service.

Delegated Authentication will not work with rest services.

32. Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org.

How does that decision impact their SSO implementation?

SP-initiated SSO will not work.

Neither SP- nor IdP-initiated SSO will work.

Either SP- or IdP-initiated SSO will work.

IdP-initiated SSO will not work.

33. Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app.

Which two are recommendations to make the UC? Choose 2 answers

Disallow the use of Single Sign-on for any users of the mobile app.

Require High Assurance sessions in order to use the Connected App.

Set Login IP Ranges to the internal network for all of the app users Profiles.

Use Google Authenticator as an additional part of the login process

34. Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices.

Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

35. Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access.

What license type should an Architect recommend for the customers?

Customer Community license

Identity license

Customer Community Plus license

External Identity license

36. A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.

What should an Identity architect do to meet this requirement?

Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.

Configure the company firewall to allow traffic from Salesforce IP ranges.

Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.

Upload a third-party certificate from Salesforce into the on-premise server.

37. A group of users try to access one of universal containers connected apps and receive the following error message: "Failed: Not approved for access".

What is most likely to cause of the issue?

The use of high assurance sections are required for the connected App.

The users do not have the correct permission set assigned to them.

The connected App setting "All users may self-authorize" is enabled.

The salesforce administrators gave revoked the Oauth authorization.

38. An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.

One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.

Which OAuth flow should be used to fulfill the requirement?

JWT Bearer Flow

Web Server Flow

User Agent Flow

Username-Password Flow

39. Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.

Enable the "Enforce Ip restrictions" settings in the connected App.

Enable the "All users may self-authorize" setting in the Connected App.

Enable the "High Assurance session required" setting in the Connected App.

40. Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty data.

Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers

Use open-ended security questions and complex password requirements

Primarily use lookup and picklist fields on the self registration page.

Require a captcha at the end of the self-registration process.

Use hidden fields populated via java script events in the self-registration page.

Page 5 of 7

41. Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users.

What are the underlining mechanisms that the UC Architect must ensure are part of the product?

SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.

Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.

Provisioning API for both Provisioning and Deprovisioning.

Just-in-Time (JIT) for both Provisioning and Deprovisioning.

42. customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record.

What item should an architect advise the identity team at UC to investigate first?

My domain is configured and active within salesforce.

The salesforce SSO settings are using http post

The identity provider is correctly preserving the Relay state

The users have the correct Federation ID within salesforce.

43. Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO.

What is the optimal Salesforce licence type for all of the UC employees?

Identity Licence.

Salesforce Licence.

External Identity Licence.

Salesforce Platform Licence.

44. Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app.

Which two recommendations should the architect make? Choose 2 answers

Use the existing SAML SSO flow along with user agent flow.

Configure the embedded Web browser to use my domain UR

Use the existing SAML SSO flow along with Web server flow

Configure the salesforce1 app to use the my domain URL

45. An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite).

An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce.

Which solution is recommended to meet this requirement?

Configure user Provisioning for Connected Apps.

Update the Security Assertion Markup Language Just-in-Time (SAML JIt; handler in Salesforce for user provisioning and de-provisioning.

Build a custom REST endpoint in Salesforce that Google Workspace can poll against.

Build an Apex trigger on the useriogin object to make asynchronous callouts to Google APIs.

46. Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

Use the updateUser method on the registration Handler Class.

Develop a scheduled job that calls out to Facebook on a nightly basis.

Use information in the signed Request that is received from facebook.

Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

47. Universal containers (UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application.

How can an architect support fingerprints as a form of identification for salesforce Authentication?

Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.

Use custom login flows with callouts to a third-party fingerprint scanning application.

48. Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position.

Which two systems are acting as Identity Providers?

Financial System

Pingfederate

Salesforce Org 2

Salesforce Org 1

49. Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages.

What scope should be requested when using the Oauth token to meet this requirement?

Web

Full

API

Visualforce

50. Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice.

Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

The Identity Provider can authenticate multiple applications.

The Identity Provider can authenticate multiple social media accounts.

The Identity provider can store credentials for multiple applications.

The Identity Provider can centralize enterprise password policy.

Page 6 of 7

51. An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce.

What is the probable cause of this behaviour?

The administrator forgot to reset the new user's salesforce password.

The Federation ID field on the new user records is not correctly set

The my domain capability is not enabled on the new user's profile.

The new users do not have the SSO permission enabled on their profiles.

52. Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership.

What would be the optimal way to implement SSO?

Use Active Directory with Reverse Proxy as the Identity Provider.

Use Microsoft Access control Service as the Authentication provider.

Use Active Directory Federation Service (ADFS) as the Identity Provider.

Use Salesforce Identity Connect as the Identity Provider.

53. Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

Google is the identity provider

Salesforce is the identity provider

Google is the service provider

Salesforce is the service provider

54. Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication.

What Oauth flow would be recommended in this scenario?

User-Agent Oauth flow

SAML assertion Oauth flow

User-Token Oauth flow

Web server Oauth flow

55. Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community.

Which two actions should an Architect recommend UC to take?

Use Delegated Authentication to call the Twitter login API to authenticate users.

Configure an Authentication Provider for LinkedIn Social Media Accounts.

Create a Custom Apex Registration Handler to handle new and existing users.

Configure SSO Settings For Facebook to serve as a SAML Identity Provider.

56. Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.

Which two page types are valid login page types for the site? Choose 2 answers

Experience Builder Page

lightning Experience Page

Embedded Login Page

57. A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.

Which two features should be utilized to provide users with login and identity services for the third-party application? Choose 2 answers

Use the App Launcher with single sign-on (SSO).

External a Data source with Named Principal identity type.

Use a connected app.

Use Delegated Authentication.

58. Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

Identity Verification

Identity Connect

Identity Only

External Identity

59. Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).

Which three OAuth concepts apply to this flow? Choose 3 answers

Verification URL

Client Secret

Access Token

Scopes

60. Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.

What should be done to fulfill the requirement? Choose 2 answers

Setup Salesforce as an identity provider (IdP) for order Tracking.

Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,

Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.

Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.

Page 7 of 7

61. Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process.

Which two recommendations should the Architect make to address the Complaints? Choose 2 answers

Activate My Domain to Brand each org to the specific business use case.

Implement SP-Initiated Single Sign-on flows to allow deep linking.

Implement IdP-Initiated Single Sign-on flows to allow deep linking.

Implement Delegated Authentication from each org to the LDAP provider.

62. What item should an Architect consider when designing a Delegated Authentication implementation?

The Web service should be secured with TLS using Salesforce trusted certificates.

The Web service should be able to accept one to four input method parameters.

The web service should use the Salesforce Federation ID to identify the user.

The Web service should implement a custom password decryption method.

63. Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless.

What Authorization flow should the Architect recommend?

JWT Bearer Token Flow

Web Server Authentication Flow

User Agent Flow

Username and Password Flow

Try Free Salesforce Identity and Access Management Architect Dumps Questions

Try Free Salesforce Identity and Access Management Architect Dumps Questions

Share this post

Author

Leave a Reply Cancel reply

Related Posts