(PDF) Identity and Access Management Designer Identity-and-Access-Management-Architect Exam and Certification Test Engine
Use Identity-and-Access-Management-Architect Exam Dumps (2023 PDF Dumps) To Have Reliable Identity-and-Access-Management-Architect Test Engine
NEW QUESTION 83
Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.
NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.
Which three Salesforce permissions are available to map to AD permissions?
Choose 3 answers
- A. Roles
- B. Public Groups
- C. Field-Level Security
- D. Profiles and Permission Sets
- E. Sharing Rules
Answer: A,B,D
NEW QUESTION 84
Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth
2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers
- A. Verification URL
- B. Scopes
- C. Client Secret
- D. Access Token
Answer: B,C,D
NEW QUESTION 85
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers
- A. Role Assignment
- B. Public Group Assignment
- C. Granting report folder access
- D. Permission sets assignment
- E. Custom permission assignment
Answer: A,B,D
NEW QUESTION 86
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers
- A. Set jp an external login page and call Salesforce APIs for user creation.
- B. Customize me self-registration Apex handler to create only the user record.
- C. Enable "Allow customers and partners to self-register".
- D. Select the "Configurable Self-Reg Page" option under Login & Registration.
- E. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
Answer: B,C,D
NEW QUESTION 87
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers
- A. External Identity Licenses
- B. SMS verification Credits
- C. Identity Connect Licenses
- D. Email Verification Credits
Answer: A,B
NEW QUESTION 88
Refer to the exhibit.
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?
- A. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
- B. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.
- C. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
- D. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
Answer: B
NEW QUESTION 89
Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third-party employee portal only supports OAuth.
What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?
- A. Configure SSO to use the third party portal as an identity provider.
- B. Create a custom external authentication provider.
- C. Add the third-party portal as a connected app.
- D. Configure Salesforce for Delegated Authentication.
Answer: A
NEW QUESTION 90
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?
- A. Add an Apex callout in the registration handler of the authorization provider.
- B. Use JIT Provisioning to automatically create the account in the accounting system.
- C. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
- D. Create a custom application on Heroku that manages the sign-on process from Facebook.
Answer: A
NEW QUESTION 91
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?
- A. Financial System
- B. Salesforce Org 1
- C. Pingfederate
- D. Salesforce Org 2
Answer: B,C
NEW QUESTION 92
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers
- A. Web
- B. full
- C. API
- D. Refresh token
Answer: C,D
NEW QUESTION 93
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
- A. Salesforce User ID
- B. Federation ID
- C. Salesforce Username
- D. User Email Address
- E. User Full Name
Answer: B,D,E
NEW QUESTION 94
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?
- A. Access Tokens
- B. Scopes
- C. Mobile pins
- D. Refresh Tokens
Answer: B
NEW QUESTION 95
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?
- A. The app is requesting too many access Tokens in a 24-hour period
- B. The Oauth authorizations are being revoked by a nightly batch job.
- C. The refresh token expiration policy is set incorrectly in salesforce
- D. The users forget to check the box to remember their credentials.
Answer: C
NEW QUESTION 96
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?
- A. Confirm that the access Token's Time-To-Live policy has been set appropriately.
- B. Validate that the users are checking the box to remember their passwords.
- C. Check the Refresh Token policy defined in the Salesforce Connected App.
- D. Verify that the Callback URL is correctly pointing to the new URI Scheme.
Answer: C
NEW QUESTION 97
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.
Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?
- A. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
- B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
- C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
- D. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
Answer: D
NEW QUESTION 98
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?
- A. Login History
- B. Login Inspector
- C. Login Report
- D. Login Forensics
Answer: D
NEW QUESTION 99
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?
- A. Third-party AppExchange solution
- B. Custom login flow and Apex handler
- C. Custom middleware and web services
- D. Just-in-Time (JIT) provisioning
Answer: D
NEW QUESTION 100
Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers
- A. Refresh Token flow
- B. JWT Bearer Token flow
- C. SAML Bearer Assertion flow
- D. Web Service flow
Answer: B,C
NEW QUESTION 101
......
Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
Identity-and-Access-Management-Architect Dumps Full Questions with Free PDF Questions to Pass: https://www.examcollectionpass.com/Salesforce/Identity-and-Access-Management-Architect-practice-exam-dumps.html
Identity-and-Access-Management-Architect PDF Recently Updated Questions Dumps to Improve Exam Score: https://drive.google.com/open?id=1RieUHUQD9rvl1gfUZBPUBAldo-D6ZFBy