Identity-and-Access-Management-Architect Dumps By Pros - 1st Attempt Guaranteed Success [Q119-Q134]

Share

Identity-and-Access-Management-Architect Dumps By Pros - 1st Attempt Guaranteed Success

100% Guarantee Download Identity-and-Access-Management-Architect Exam Dumps PDF Q&A

NEW QUESTION # 119
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Create a custom external authentication provider for Facebook.
  • B. Configure a predefined authentication provider for Twitter.
  • C. Configure a predefined authentication provider for Facebook.
  • D. Create a custom external authentication provider for Twitter.

Answer: B,C


NEW QUESTION # 120

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?

  • A. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
  • B. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
  • C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
  • D. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

Answer: D


NEW QUESTION # 121
A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?

  • A. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
  • B. OIDC is more secure than SAML and therefore is the obvious choice.
  • C. They are equivalent protocols and there is no real reason to choose one over the other.
  • D. If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.

Answer: A


NEW QUESTION # 122
Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.
NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.
Which three Salesforce permissions are available to map to AD permissions?
Choose 3 answers

  • A. Profiles and Permission Sets
  • B. Roles
  • C. Public Groups
  • D. Field-Level Security
  • E. Sharing Rules

Answer: A,B,C


NEW QUESTION # 123
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • C. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  • D. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.

Answer: D


NEW QUESTION # 124
Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

  • A. Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
  • B. Enable the "All users may self-authorize" setting in the Connected App.
  • C. Enable the "Enforce Ip restrictions" settings in the connected App.
  • D. Enable the "High Assurance session required" setting in the Connected App.

Answer: A,B


NEW QUESTION # 125
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauth refresh token flow
  • B. Oauth Username-password flow
  • C. Oauthjwt bearer token flow
  • D. Oauth SAML bearer assertion flow

Answer: C,D


NEW QUESTION # 126
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • C. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.

Answer: B,C


NEW QUESTION # 127
Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

  • A. Configure the embedded Web browser to use my domain URL.
  • B. Configure the salesforce1 app to use the my domain URL
  • C. Use the existing SAML SSO flow along with user agent flow.
  • D. Use the existing SAML SSO flow along with Web server flow

Answer: B,C


NEW QUESTION # 128
A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.
Which two features should be utilized to provide users with login and identity services for the third-party application?
Choose 2 answers

  • A. Use Delegated Authentication.
  • B. Use a connected app.
  • C. Use the App Launcher with single sign-on (SSO).
  • D. External a Data source with Named Principal identity type.

Answer: B,C


NEW QUESTION # 129
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. Email Verification Credits
  • B. Identity Connect Licenses
  • C. External Identity Licenses
  • D. SMS verification Credits

Answer: C,D


NEW QUESTION # 130
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

  • A. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
  • B. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  • C. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
  • D. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.

Answer: B


NEW QUESTION # 131
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

  • A. Use a custom attribute on the user object to control access to the mobile app
  • B. Use the permission set license to assign the mobile app permission to sales users
  • C. Add a new identity provider to authenticate and authorize mobile users.
  • D. Use connected apps Oauth policies to restrict mobile app access to authorized users.

Answer: D


NEW QUESTION # 132
An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
Mow can end users change their password?

  • A. Users can click on the "Forgot your Password" link on the Salesforce.com login page.
  • B. Users can request the Salesforce Admin to reset their password.
  • C. Users can change it on the enterprise LDAP authentication portal.
  • D. Users once logged In, can go to the Change Password screen in Salesforce.

Answer: B


NEW QUESTION # 133
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location.
Which two options should an architect recommend? Choose 2 answers

  • A. Remove existing restrictions on ip ranges for all types of user access.
  • B. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
  • C. Use login flow to bypass ip range restriction for the mobile app.
  • D. Relax the ip restriction in the connect app settings for the salesforce1 mobile app

Answer: C,D


NEW QUESTION # 134
......

Earn Quick And Easy Success With Identity-and-Access-Management-Architect Dumps: https://www.dumpsquestion.com/Identity-and-Access-Management-Architect-exam-dumps-collection.html

Kickstart your Career with Real  Updated Questions: https://drive.google.com/open?id=1DahyS4W3DuPWUu5ffS8LmDJoGsvHrX4G