Get New 2024 Valid Practice Identity and Access Management Designer Identity-and-Access-Management-Architect Q&A - Testing Engine [Q27-Q48]

Rate this post

Get New 2024 Valid Practice Identity and Access Management Designer Identity-and-Access-Management-Architect Q&A – Testing Engine

Identity-and-Access-Management-Architect Dumps PDF – 100% Passing Guarantee

Salesforce Identity-and-Access-Management-Architect (IAM) Certification Exam is a highly advanced certification that validates the expertise of an individual in designing, implementing and managing Salesforce Identity and Access Management solutions. Salesforce Certified Identity and Access Management Architect certification is designed for professionals who have deep knowledge and experience in managing the security and access control of Salesforce applications. Identity-and-Access-Management-Architect exam focuses on various aspects of Identity and Access Management such as authentication, authorization, single sign-on, multi-factor authentication, and user provisioning. Salesforce Certified Identity and Access Management Architect certification exam is intended for experienced professionals who have a thorough understanding of the Salesforce platform and its security features.

QUESTION 27
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

Identity Only License

External Identity License

Identity Verification Credits Add-on License

Identity Connect License

QUESTION 28
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

As part of the body of a Salesforce Knowledge article.

In the mobile navigation menu on Salesforce for Android.

The sidebar of a Salesforce Console as a console component.

Included in the Call Control Tool that’s part of Open CTI.

QUESTION 29
Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO’s corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

Create and assign a permission set to all employees that includes “MFA for User Interface Logins.”

Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

Enable “MFA for User Interface Logins” for your organization from Setup -> Identity Verification.

For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org’s Session Security Levels.

QUESTION 30
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements?
Choose 2 answers

salesforce Canvas

Identity Connect

Connected Apps

App Launcher

QUESTION 31
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

OpenID Connect

User Agent Flow

JWT Bearer Token Flow

Web Server Flow

QUESTION 32
Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.
Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.
What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

QUESTION 33
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

OpenID Connect

User Agent Flow

JWT Bearer Token Flow

Web Server Flow

QUESTION 34
Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

Web server Oauth SSO flow.

Identity-provider-initiated SSO

Service-provider-initiated SSO

Start URL on identity provider

QUESTION 35
A group of users try to access one of universal containers connected apps and receive the following error message : “Failed : Not approved for access”. what is most likely to cause of the issue?

The use of high assurance sections are required for the connected App.

The users do not have the correct permission set assigned to them.

The connected App setting “All users may self-authorize” is enabled.

The salesforce administrators gave revoked the Oauth authorization.

QUESTION 36
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

Configure the Embedded Web Browser to use My Domain URL.

Configure the Salesforce1 App to use the MY Domain URL.

Use the existing SAML-SSO flow along with User Agent Flow.

Use the existing SAML SSO flow along with Web Server Flow.

QUESTION 37
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

Configure an authentication provider and a registration handler for each social sign-on provider.

Configure a single sign-on setting and a registration handler for each social sign-on provider.

Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.

Configure a single sign-on setting and a JIT handler for each social sign-on provider.

QUESTION 38
Universal containers want to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

Access Tokens

Mobile pins

Refresh Tokens

Scopes

QUESTION 39
Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.
What role does identity Connect play in the outlined requirements?

Service Provider

Single Sign-On

Identity Provider

User Management

QUESTION 40
Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce.
Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?

Use a Login Flow to query SAML attributes and set permission sets.

Use a Login Flow with invocable Apex to callout to the security application and set permission sets.

Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.

Use the Apex JIT handler to callout to the security application and set permission sets

QUESTION 41
Universal containers (UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

Use the updateuser() method on the registration handler class.

Use SAML just-in-time provisioning between Facebook and Salesforce

Use information in the signed request that is received from Facebook.

Develop a schedule job that calls out to Facebook on a nightly basis.

QUESTION 42
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC’s middleware authenticate to Salesforce while adhering to this requirement?

Create a Connected App that supports the JWT Bearer Token OAuth Flow.

Create a Connected App that supports the Refresh Token OAuth Flow

Create a Connected App that supports the Web Server OAuth Flow.

Create a Connected App that supports the User-Agent OAuth Flow.

QUESTION 43
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.

Use the custom 2fa system for on-premise applications and native 2fa for salesforce.

Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.

Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

QUESTION 44
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

Resource deep linking

App launcher

SSO from salesforce1 mobile app.

QUESTION 45
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

Service Provider, because Salesforce is the application for managing ideas.

Connected App, because Salesforce is connected with Employee portal via API.

Identity Provider, because the API calls are authenticated by Salesforce.

An independent system, because Salesforce is not part of the SSO setup.

QUESTION 46
A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.
Which two features should be utilized to provide users with login and identity services for the third-party application?
Choose 2 answers

Use the App Launcher with single sign-on (SSO).

External a Data source with Named Principal identity type.

Use a connected app.

Use Delegated Authentication.

QUESTION 47
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.

Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.

Remove the Login page from the list of Authentication Services on the My Domain configuration.

Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

QUESTION 48
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

The “Redirect to Identity Provider” option has been selected in the my domain configuration.

The user has not configured the salesforce1 mobile app to use my domain for login

The “Redirect to identity provider” option has not been selected the SAML configuration.

The user has not been granted the “Enable single Sign-on” permission

Identity-and-Access-Management-Architect Braindumps Real Exam Updated on Jan 04, 2024 with 245 Questions: https://www.pdf4test.com/Identity-and-Access-Management-Architect-dump-torrent.html

Free certification test prep

Get New 2024 Valid Practice Identity and Access Management Designer Identity-and-Access-Management-Architect Q&A – Testing Engine [Q27-Q48]

Leave a Reply Cancel reply