• support@dumpspool.com

SPECIAL LIMITED TIME DISCOUNT OFFER. USE DISCOUNT CODE TO GET 20% OFF DP2021

PDF Only

Dumpspool PDF book

$49.00 Free Updates Upto 90 Days

  • Identity-and-Access-Management-Architect Dumps PDF
  • 243 Questions
  • Updated On May 21, 2025

PDF + Test Engine

Dumpspool PDF and Test Engine book

$99.00 Free Updates Upto 90 Days

  • Identity-and-Access-Management-Architect Question Answers
  • 243 Questions
  • Updated On May 21, 2025

Test Engine

Dumpspool Test Engine book

$69.00 Free Updates Upto 90 Days

  • Identity-and-Access-Management-Architect Practice Questions
  • 243 Questions
  • Updated On May 21, 2025
Check Our Free Salesforce Identity-and-Access-Management-Architect Online Test Engine Demo.

How to pass Salesforce Identity-and-Access-Management-Architect exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest Salesforce Identity-and-Access-Management-Architect Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know Salesforce Identity-and-Access-Management-Architect Dumps are Worth it?

Did we mention our latest Identity-and-Access-Management-Architect Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just Salesforce Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our Salesforce Certified Identity andAccess Management Architect (SU24) Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Salesforce Certified Identity andAccess Management Architect (SU24) Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get Identity-and-Access-Management-Architect Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the Identity-and-Access-Management-Architect exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

Salesforce Identity-and-Access-Management-Architect:

Aspect Details
Exam Cost $400 USD
Total Time 105 minutes
Available Languages English, Japanese
Passing Marks 65%
Exam Type Multiple Choice and Multiple Select Questions
Prerequisites None
Retake Policy 24 hours after first attempt
Exam Format Proctored Online or In Testing Center

Salesforce Certified Identity and Access Management Architect Exam Topics Breakdown

Content Area Percentage
Identity Management 20%
Access Management 20%
Multi-Org Access Strategy 15%
Single Sign-On Implementation 20%
Authorization and Data Security Model 15%
Identity Architecture Development 10%

Salesforce Identity-and-Access-Management-Architect Frequently Asked Questions

Salesforce Identity-and-Access-Management-Architect Sample Question Answers

Question # 1

Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets. Which two mechanisms are used to provision agents with the appropriate permissions? Choose 2 answers 

A. Use Login Flow in User Context to update role and permission sets. 
B. Use Login Flow in System Context to update role and permission sets. 
C. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets. 
D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets. 

Question # 2

Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout. Mow can a guest register using data previously collected during order placement?

A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.
 B. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data. 
C. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data. 
D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data. 

Question # 3

Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal? 

A. Associate user profiles with the connected Apps. 
B. Complete my domain and Identity provider setup. 
C. Create connected apps for the external applications. 
D. Complete single Sign-on settings in security controls.
 E. Create named credentials for each external system. 

Question # 4

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way. What should be done to improve security? 

A. Select "Admin approved users are pre-authonzed" and assign specific profiles. 
B. Create custom scopes and assign to the connected app. 
C. Define a permission set that grants access to the app and assign to authorized users. 
D. Leverage external objects and data classification policies. 

Question # 5

Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers 

A. Use the salesforce REST API to sync users from active directory to salesforce 
B. Use an app exchange product to sync users from Active Directory to salesforce. 
C. Use Active Directory Federation Services to sync users from active directory to salesforce. 
D. Use Identity connect to sync users from Active Directory to salesforce 

Question # 6

Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO? 

A. Use Active Directory with Reverse Proxy as the Identity Provider.
 B. Use Microsoft Access control Service as the Authentication provider. 
C. Use Active Directory Federation Service (ADFS) as the Identity Provider. 
D. Use Salesforce Identity Connect as the Identity Provider. 

Question # 7

Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation? 

A. SP-initiated SSO will not work. 
B. Neither SP- nor IdP-initiated SSO will work. 
C. Either SP- or IdP-initiated SSO will work. 
D. IdP-initiated SSO will not work. 

Question # 8

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal? 

A. Access Tokens 
B. Mobile pins 
C. Refresh Tokens 
D. Scopes 

Question # 9

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

 A. Configure SAML SSO settings. 
B. Create a Connected App. 
C. Configure Delegated Authentication. 
D. Set up My Domain. 

Question # 10

Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org. Which three steps should the identity architect use to implement this requirement? Choose 3 answers 

A. Create an approval process for a custom object associated with the provisioning flow.
 B. Create a connected app for Concur in Salesforce. 
C. Enable User Provisioning for the connected app. 
D. Create an approval process for user object associated with the provisioning flow. 
E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow. 

Question # 11

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met: 1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer. 2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce. 3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity. 3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce . Which two options allow the Identity Architect to fulfill the requirements? Choose 2 answers

A. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community. 
B. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details. 
C. Redirect the user to a custom page that allows the user to select an existing social identity for login. 
D. Use the custom registration handler to link social identities to Salesforce identities. 

Question # 12

Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable. Which two Salesforce tools should an identity architect recommend to satisfy the requirements? Choose 2 answers

A. salesforce Canvas 
B. Identity Connect 
C. Connected Apps 
D. App Launcher 

Question # 13

Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication? 

A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application. 
B. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
 C. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation. 
D. Use custom login flows with callouts to a third-party fingerprint scanning application. 

Question # 14

A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue? 

A. The use of high assurance sections are required for the connected App. 
B. The users do not have the correct permission set assigned to them. 
C. The connected App setting "All users may self-authorize" is enabled. 
D. The salesforce administrators gave revoked the Oauth authorization. 

Question # 15

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS. How should the quantity of required Identity Verification Credits be estimated? 

A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed. 
B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users. 
C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge. 
D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses. 

Question # 16

Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider. Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce? 

A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets. 
B. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets. 
C. Use a login flow to query custom SAML attributes and set permission sets. 
D. Use a login flow to query standard SAML attributes and set permission sets. 

Question # 17

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce. What should be done to fulfill the requirement? Choose 2 answers 

A. Setup Salesforce as an identity provider (IdP) for order Tracking. 
B. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking, 
C. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login. 
D. Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion. 

Question # 18

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts. A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site. NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization. what should an identity architect do to fulfill the above requirements? 

A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex. 
B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens. 
C. Authorize third-party service by sending authorization requests to the communityurl/services/oauth2/authorize/cookie_value. 
D. Authorize third-party service by sending authorization requests to the communityurl/services/oauth2/authonze/expid_value.

Question # 19

In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication? 

A. RedirectURL 
B. RelayState 
C. DisplayState 
D. StartURL 

Question # 20

Which three are features of federated Single sign-on solutions? Choose 3 Answers

A. It establishes trust between Identity Store and Service Provider. 
B. It federates credentials control to authorized applications. 
C. It solves all identity and access management problems. 
D. It improves affiliated applications adoption rates. 
E. It enables quick and easy provisioning and deactivating of users. 

Question # 21

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type). Which three OAuth concepts apply to this flow? Choose 3 answers 

A. Client ID 
B. Refresh Token 
C. Authorization Code 
D. Verification Code 
E. Scopes 

Question # 22

A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements: 1) Customer purchases the device. 2) Customer registers the device using their mobile app. 3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking. Which OAuth flow should be used to meet these requirements? 

A. OAuth 2.0 Asset Token Flow
 B. OAuth 2.0 Username-Password Flow 
C. OAuth 2.0 User-Agent Flow 
D. OAuth 2.0 SAML Bearer Assertion Flow 

Question # 23

Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue? 

A. The "Redirect to Identity Provider" option has been selected in the my domain configuration. 
B. The user has not configured the salesforce1 mobile app to use my domain for login 
C. The "Redirect to identity provider" option has not been selected the SAML configuration. 
D. The user has not been granted the "Enable single Sign-on" permission 

Question # 24

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers 

A. Federation ID 
B. Salesforce User ID 
C. User Full Name 
D. User Email Address 
E. Salesforce Username 

Question # 25

Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar. UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month. Which of the following license types should be used to meet the requirement? 

A. External Apps License 
B. Partner Community License 
C. Partner Community Login License
 D. Customer Community plus Login License 

Question # 26

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers 

A. The Identity Provider is also used to SSO into five other applications. 
B. The clock on the Identity Provider server is twenty minutes behind Salesforce. 
C. The Issuer Certificate from the Identity Provider expired two weeks ago. 
D. The default language for the Identity Provider and Salesforce are Different. 

Question # 27

Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario? 

A. User-Agent Oauth flow 
B. SAML assertion Oauth flow 
C. User-Token Oauth flow 
D. Web server Oauth flow 

Question # 28

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce. What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

A. Require the use of Salesforce security tokens on passwords. 
B. Enforce mutual authentication between systems using SSL. 
C. Include Client Id and Client Secret in the login header callout. 
D. Set up a proxy service for the login service in the DMZ. 

Question # 29

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit? 

A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload. 
B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices. 
C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload. 
D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion. 

Question # 30

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials. The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically. Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login? 

A. Just-in-Time (JIT) provisioning 
B. Custom middleware and web services 
C. Custom login flow and Apex handler 
D. Third-party AppExchange solution 

Question # 31

Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking? 

A. Web server Oauth SSO flow. 
B. Identity-provider-initiated SSO 
C. Service-provider-initiated SSO 
D. Start URL on identity provider 

Question # 32

Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN. Which two options should an identity architect recommend to meet the requirement? Choose 2 answers 

A. Active Directory Password Sync Plugin 
B. Configure Cloud Provider Load Balancer 
C. Salesforce Trigger & Field on Contact Object 
D. Salesforce Identity Connect 

Question # 33

A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice. Which authentication mechanism should an identity architect recommend to meet the requirements? 

A. OAuth Web-Server Flow 
B. Identity Connect 
C. Delegated Authentication 
D. Just-in-Time Provisioning 

Question # 34

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue? 

A. Ensure the Callback URL is correctly set in the Connected Apps settings. 
B. Use a browser that has an add-on/extension that can inspect SAML. 
C. Paste the SAML Assertion Validator in Salesforce. 
D. Use the browser's Development tools to view the Salesforce page's markup. 

Question # 35

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-toconsumer (B2C) application using Salesforce Identity. Which Salesforce license should UC utilize to implement this use case? 

A. Identity Only 
B. Salesforce Platform 
C. External Identity 
D. Partner Community 

Question # 36

The security team at Universal containers(UC) has identified exporting reports as a highrisk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials? 

A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission. 
B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports. 
C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session. 
D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission. 

Question # 37

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers 

A. Google is the identity provider 
B. Salesforce is the identity provider 
C. Google is the service provider 
D. Salesforce is the service provider 

Question # 38

Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project. What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers 

A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data. 
B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications. 
C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences. 
D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves. 

Question # 39

Which three types of attacks would a 2-Factor Authentication solution help garden against? 

A. Key logging attacks 
B. Network perimeter attacks 
C. Phishing attacks 
D. Dictionary attacks 
E. Man-in-the-middle attacks 

Question # 40

Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend? 

A. JWT Bearer Token Flow 
B. Web Server Authentication Flow 
C. User Agent Flow 
D. Username and Password Flow 

Question # 41

What item should an Architect consider when designing a Delegated Authentication implementation? 

A. The Web service should be secured with TLS using Salesforce trusted certificates. 
B. The Web service should be able to accept one to four input method parameters. 
C. The web service should use the Salesforce Federation ID to identify the user.
 D. The Web service should implement a custom password decryption method. 

Question # 42

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers 

A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration. 
B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records. 
C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record. 
D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page. 

Question # 43

An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into. Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands? 

A. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience. 
B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows. 
C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand. 
D. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience. 

Question # 44

In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates? 

A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained. 
B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA 
C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
 D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore. 

Question # 45

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process. Which two options should the identity architect recommend to support dynamic branding for the site? Choose 2 answers 

A. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template. 
B. To use dynamic branding, the community must be built with the Customer Account Portal template. 
C. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand. 
D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites. 

Question # 46

Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers 

A. The Identity Provider can authenticate multiple applications.
 B. The Identity Provider can authenticate multiple social media accounts.
 C. The Identity provider can store credentials for multiple applications. 
D. The Identity Provider can centralize enterprise password policy. 

Question # 47

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO). Which feature of Identity Connect is applicable for this scenario? 

A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
 B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion. 
C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box. 
D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Question # 48

Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event. Which approach will meet this requirement? 

A. Create tasks for users who need to update their data or accept the new community rules. 
B. Create a custom landing page and email campaign asking all community members to login and verify their data. 
C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information. 
D. Add a banner to the community Home page asking users to update their profile and accept the new community rules. 

Question # 49

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible. What should an identity architect recommend?

 A. Setup Salesforce as a Service Provider to the existing IdP. 
B. Setup Salesforce as an IdP to authenticate against the LDAP directory. 
C. Use Salesforce connect to synchronize LDAP passwords to Salesforce.
 D. Setup Salesforce as an Authentication Provider to the existing IdP. 

What our clients say about Identity-and-Access-Management-Architect Exam Simulations

Leave a comment

Your email address will not be published. Required fields are marked *

Rating / Feedback About This Exam