Free Identity-and-Access-Management-Architect Exam Files Downloaded Instantly 100% Dumps & Practice Exam [Q31-Q52]

Free Identity-and-Access-Management-Architect Exam Files Downloaded Instantly 100% Dumps & Practice Exam

Free Exam Updates Identity-and-Access-Management-Architect dumps with test Engine Practice

Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

Topic	Details
Topic 1	Troubleshoot common points of failure that may be encountered in a single sign-on solution Describe the tools that are available to diagnose IdP issues
Topic 2	Describe the capabilities for customizing the user experience for Experience Cloud Given a scenario, identify the most appropriate OAuth flow
Topic 3	Given a scenario, describe what tools you can apply to audit and verify the activity user during and after login Describe how trust is established between two systems
Topic 4	Describe common authentication patterns and understand the differences between each one Given a scenario, identify the configuration settings for a Connected app
Topic 5	Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization Given a scenario, determine when to use embedded login

 

NEW QUESTION 31
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

• A. The user has not configured the salesforce1 mobile app to use my domain for login
• B. The "Redirect to identity provider" option has not been selected the SAML configuration.
• C. The user has not been granted the "Enable single Sign-on" permission
• D. The "Redirect to Identity Provider" option has been selected in the my domain configuration.

Answer: A

 

NEW QUESTION 32
An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

• A. Consumer key and consumer secret
• B. User info endpoint URL
• C. Apex registration handler
• D. Federation ID

Answer: C

 

NEW QUESTION 33
Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?

• A. Create tasks for users who need to update their data or accept the new community rules.
• B. Create a custom landing page and email campaign asking all community members to login and verify their data.
• C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
• D. Add a banner to the community Home page asking users to update their profile and accept the new community rules.

Answer: C

 

NEW QUESTION 34
Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.
Which Salesforce license is required to fulfill this requirement?

• A. Identity Verification
• B. Identity Connect
• C. Identity Only
• D. External Identity

Answer: C

 

NEW QUESTION 35
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

• A. Authentication Providers
• B. Canvas App Integration
• C. OAuth Tokens
• D. Connected App and OAuth scopes

Answer: D

 

NEW QUESTION 36
Universal Containers has multiple Salesforce instances where users receive emails from different instances.
Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

• A. My Domain
• B. Multi-Factor Authentication
• C. External Identity
• D. Identity Provider

Answer: A

 

NEW QUESTION 37
Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

• A. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
• B. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
• C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
• D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

Answer: B,C

 

NEW QUESTION 38
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?

• A. Use a HTTP POST to make a call to the revoke token endpoint.
• B. Use a HTTP POST to request the refresh token for the current user.
• C. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.
• D. Enable Single Logout with a secure logout URL.

Answer: A

 

NEW QUESTION 39
Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

• A. Resource Server
• B. Client Application
• C. Identity Provider (IdP)
• D. Service Provider (SP)

Answer: D

 

NEW QUESTION 40
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

• A. Create a Connected App for each external application.
• B. Set up Identity Connect to Synchronize user data.
• C. Add each connected App to the App Launcher with a Start URL.
• D. Set up an Auth Provider for each External Application.
• E. Set up Salesforce as a SAML Idp with My Domain.

Answer: A,C,E

 

NEW QUESTION 41
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

• A. Web Server Flow
• B. JWT Bearer Token Flow
• C. User Agent Flow
• D. OpenID Connect

Answer: A

 

NEW QUESTION 42
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

• A. Either SP- or IdP-initiated SSO will work.
• B. IdP-initiated SSO will NOT work.
• C. Neither SP- nor IdP-initiated SSO will work.
• D. SP-initiated SSO will NOT work

Answer: C

 

NEW QUESTION 43
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

• A. Allow partners to register through the IdP and create partner users in Salesforce through an API.
• B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
• C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
• D. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.

Answer: B

 

NEW QUESTION 44
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

• A. Use a connected app with user provisioning flow.
• B. Redirect users to the third-party app for registration.
• C. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
• D. Create Canvas app in Salesforce for third-party app to provision users.

Answer: A

 

NEW QUESTION 45
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

• A. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
• B. Use Login Flows to add a screen that shows personalized alerts.
• C. Create custom metadata that stores user alerts and use a LWC to display alerts.
• D. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.

Answer: B

 

NEW QUESTION 46
Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

• A. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
• B. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
• C. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
• D. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

Answer: B

 

NEW QUESTION 47
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP).
Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

• A. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
• B. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
• C. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
• D. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

Answer: B

 

NEW QUESTION 48
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

• A. Modify the Community pages to utilize specific fields on the User and Contact records.
• B. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
• C. Modify the existing Communities registration controller to assign different profiles.
• D. Create separate login flows corresponding to the different community user personas.

Answer: A

 

NEW QUESTION 49
Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

• A. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
• B. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
• C. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.
• D. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.

Answer: C

 

NEW QUESTION 50
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

• A. Create a person account.
• B. Create a user and a related contact.
• C. Create a contactless user.
• D. Create only a contact.

Answer: B

 

NEW QUESTION 51
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

• A. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
• B. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
• C. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
• D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

Answer: A,D

 

NEW QUESTION 52
......

Provide Valid Dumps To Help You Prepare For Salesforce Certified Identity and Access Management Architect Exam: https://www.itpass4sure.com/Identity-and-Access-Management-Architect-practice-exam.html

Updated Verified Identity-and-Access-Management-Architect dumps Q&As - 100% Pass Guaranteed: https://drive.google.com/open?id=1LLqtJMG8dfpLEJ7caXyWRLrktwUxpxn3