
[May 28, 2023] Passing Key To Getting Identity-and-Access-Management-Architect Certified Exam Engine PDF
Identity-and-Access-Management-Architect Exam Dumps Pass with Updated May-2023 Tests Dumps
The Salesforce Identity-and-Access-Management-Architect exam is designed to test the knowledge and skills of professionals in various areas of identity and access management, including authentication, authorization, and user management. The exam also covers topics such as data security, compliance, and governance. Candidates will be required to demonstrate their ability to design, implement, and manage secure and scalable IAM solutions on the Salesforce platform.
The Salesforce Certified Identity and Access Management Architect certification is ideal for professionals who want to deepen their understanding of Salesforce's identity and access management solutions, and apply their knowledge to help organizations build secure and scalable systems. The exam covers a wide range of topics, including identity and access management models, user authentication and authorization, data security, and compliance.
NEW QUESTION # 70
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents.
An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers
- A. Select "Enable as a Canvas Personal App" in the connected app settings.
- B. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
- C. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
- D. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
Answer: B,D
NEW QUESTION # 71
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?
- A. Id
- B. Api
- C. Custom_permissions
- D. Web
Answer: C
NEW QUESTION # 72
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number.
The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?
- A. Integrate with social websites (Facebook, Linkedin. Twitter)
- B. Create a custom Lightning Web Component
- C. Use an external Identity Provider
- D. Use Login Discovery
Answer: D
NEW QUESTION # 73
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?
- A. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
- B. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
- C. Consolidate Partner related information in a single org and provide access through Salesforce community.
- D. Register partners in one org and access information from other orgs using APIs.
Answer: B
NEW QUESTION # 74
Northern Trail Outfitters (NTO) is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page.
The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.
Which approach should the identity architect recommend?
- A. Implement Experience ID in the code and extend the URLs and endpomts, as required.
- B. Configure an additional community site on the same org that is dedicated for the new brand.
- C. Use Heroku to build the new brand site and embedded login to reuse identities.
- D. Create a full sandbox to replicate the portal site and update the branding accordingly.
Answer: A
NEW QUESTION # 75
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?
- A. User-Agent flow
- B. SAML Bearer Assertion flow
- C. Web Server flow
- D. Web Application flow
Answer: C
NEW QUESTION # 76
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
- A. Identity Verification Credits Add-on License
- B. Identity Only License
- C. Identity Connect License
- D. External Identity License
Answer: B
NEW QUESTION # 77
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?
- A. Configure Amazon as a connected app.
- B. Configure an OpenID Connect Authentication Provider for Amazon.
- C. Configure a predefined authentication provider for Amazon.
- D. Create a custom external authentication provider for Amazon.
Answer: B
NEW QUESTION # 78
Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled "User Provisioning" on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?
- A. User Provisioning for Connected Apps does not support role sync.
- B. Required operation(s) was not mapped in User Provisioning Settings.
- C. Salesforce roles have more than three levels in the role hierarchy.
- D. The Approval queue for User Provisioning Requests is unmonitored.
Answer: A
NEW QUESTION # 79
Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?
- A. Username and Password Flow
- B. User Agent Flow
- C. JWT Bearer Token Flow
- D. Web Server Authentication Flow
Answer: B
NEW QUESTION # 80
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers
- A. Google is the service provider
- B. Salesforce is the service provider
- C. Salesforce is the identity provider
- D. Google is the identity provider
Answer: B
NEW QUESTION # 81
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?
- A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
- B. Implement an Oauthjwt flow to pass the profile credentials between systems.
- C. Implement Delegated Authentication that will update the user profiles as necessary.
- D. Create an apex scheduled job in one org that will synchronize the other orgs profile.
Answer: A
NEW QUESTION # 82
What item should an Architect consider when designing a Delegated Authentication implementation?
- A. The Web service should implement a custom password decryption method.
- B. The web service should use the Salesforce Federation ID to identify the user.
- C. The Web service should be secured with TLS using Salesforce trusted certificates.
- D. The Web service should be able to accept one to four input method parameters.
Answer: C
NEW QUESTION # 83
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?
- A. Either SP- or IdP-initiated SSO will work.
- B. IdP-initiated SSO will NOT work.
- C. Neither SP- nor IdP-initiated SSO will work.
- D. SP-initiated SSO will NOT work
Answer: C
NEW QUESTION # 84
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?
- A. Use a HTTP POST to request the refresh token for the current user.
- B. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.
- C. Use a HTTP POST to make a call to the revoke token endpoint.
- D. Enable Single Logout with a secure logout URL.
Answer: C
NEW QUESTION # 85
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?
- A. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
- B. Redirect users to the third-party app for registration.
- C. Create Canvas app in Salesforce for third-party app to provision users.
- D. Use a connected app with user provisioning flow.
Answer: D
NEW QUESTION # 86
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP).
Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?
- A. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
- B. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
- C. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
- D. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
Answer: C
NEW QUESTION # 87
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?
- A. Salesforce Org 1
- B. Financial System
- C. Pingfederate
- D. Salesforce Org 2
Answer: A,C
NEW QUESTION # 88
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers
- A. Require users to use a biometric reader as well as their password
- B. Require users to supply their email and phone number, which gets validated.
- C. Require users to provide their RSA token along with their credentials.
- D. Require users to enter a second password after the first Authentication
Answer: A,C
NEW QUESTION # 89
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The Self-signed Certificates from the Certificate & Key Management menu.
- B. The default client Certificate or the Certificate and Key Management menu.
- C. The CA-signed Certificate from the Certificate and Key Management Menu.
- D. The default client Certificate from the Develop--> API menu.
Answer: D
NEW QUESTION # 90
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
- A. Authentication Token
- B. Access Token
- C. Refresh Token
- D. Session ID
Answer: B,C
NEW QUESTION # 91
......
Identity-and-Access-Management-Architect exam questions for practice in 2023 Updated 245 Questions: https://www.dumpsquestion.com/Identity-and-Access-Management-Architect-exam-dumps-collection.html
Updated Premium Identity-and-Access-Management-Architect Exam Engine pdf: https://drive.google.com/open?id=1DahyS4W3DuPWUu5ffS8LmDJoGsvHrX4G