• Home
  • Articles
  • [Q120-Q139] Download Online VALID Identity-and-Access-Management-Architect Exam Dumps File Instantly [Nov 03, 2022]

[Q120-Q139] Download Online VALID Identity-and-Access-Management-Architect Exam Dumps File Instantly [Nov 03, 2022]

Share

Download Online VALID Identity-and-Access-Management-Architect Exam Dumps File Instantly[Nov 03, 2022]

Identity-and-Access-Management-Architect Exam Dumps For Certification Exam Preparation


Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

TopicDetails
Topic 1
  • Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution
  • Given a use case, describe when Salesforce is used as a Service Provider
Topic 2
  • Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios
  • Recommend the appropriate method for provisioning users in Salesforce
Topic 3
  • Describe common authentication patterns and understand the differences between each one
  • Given a scenario, identify the configuration settings for a Connected app
Topic 4
  • Describe the capabilities for customizing the user experience for Experience Cloud
  • Given a scenario, identify the most appropriate OAuth flow
Topic 5
  • Describe the various implementation concepts of OAuth
  • Describe the building blocks that are part of an identity solution
Topic 6
  • Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization
  • Given a scenario, determine when to use embedded login
Topic 7
  • Given a scenario, describe what tools you can apply to audit and verify the activity
  • user during and after login
  • Describe how trust is established between two systems
Topic 8
  • Troubleshoot common points of failure that may be encountered in a single sign-on solution
  • Describe the tools that are available to diagnose IdP issues
Topic 9
  • Identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights
  • Identify the auditing and monitoring approaches available on the platform

 

NEW QUESTION 120
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

  • A. Query using OpenID Connect discovery endpoint.
  • B. A Leverage OpenID Connect Token Introspection.
  • C. Create a custom OAuth scope.
  • D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer: B

 

NEW QUESTION 121
Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?

  • A. OAuth 2.0 Username-Password Flow for Special Scenarios
  • B. OAuth 2.0 Asset Token Flow for Securing Connected Devices
  • C. OAuth 2.0 Web Server Flow for Web App Integration
  • D. OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration

Answer: B

 

NEW QUESTION 122
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

  • A. Issuer
  • B. SAML identity location
  • C. Entity id
  • D. Identity provider login URL

Answer: C

 

NEW QUESTION 123
Universal Containers has multiple Salesforce instances where users receive emails from different instances.
Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

  • A. My Domain
  • B. Identity Provider
  • C. Multi-Factor Authentication
  • D. External Identity

Answer: A

 

NEW QUESTION 124
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

  • A. Login Forensics
  • B. Login Inspector
  • C. Login History
  • D. Login Report

Answer: A

 

NEW QUESTION 125
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

  • A. Resource deep linking
  • B. SSO from Salesforce Mobile App
  • C. Login Forensics
  • D. App Launcher

Answer: A,B

 

NEW QUESTION 126
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • B. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • C. To use dynamic branding, the community must be built with the Customer Account Portal template.
  • D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

Answer: B,C

 

NEW QUESTION 127
Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.
The chief security officer is rolling out an org wide compliance policy to enforce re-venfication of devices if an employee has not logged in from that device in the last week.
Which connected app setting should be leveraged to comply with this policy change?

  • A. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
  • B. Session Policy - Set timeout value of the connected app to 7 days.
  • C. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.
  • D. Scope - Deny refresh_token scope for this connected app.

Answer: A

 

NEW QUESTION 128
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

  • A. Set up Salesforce as a SAML Idp with My Domain.
  • B. Create a Connected App for each external application.
  • C. Set up an Auth Provider for each External Application.
  • D. Set up Identity Connect to Synchronize user data.
  • E. Add each connected App to the App Launcher with a Start URL.

Answer: A,B,E

 

NEW QUESTION 129
Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees'
Choose 2 answers

  • A. Company Community and Identity licenses
  • B. Chatter Only and Identity licenses
  • C. Identity and Identity Connect licenses
  • D. Salesforce and Identity Connect licenses

Answer: C,D

 

NEW QUESTION 130
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.

Answer: A,B

 

NEW QUESTION 131
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

  • A. Centralized federation provides single point of access, control and auditing.
  • B. SAML tokens can be in XML or JSON format and can be used interchangeably.
  • C. Trust relationships between Identity Provider and Service Provider are required.
  • D. Access tokens are used to access resources on the server once the user is authenticated.
  • E. Web applications with no passwords are more secure and stronger against attacks.

Answer: A,C,D

 

NEW QUESTION 132
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer
360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360?
Choose 2 answers

  • A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
  • B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
  • C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
  • D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: B,C

 

NEW QUESTION 133
An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

  • A. Ensure that there is an HTTPS connection between IDP and SP.
  • B. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.
  • C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
  • D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer: D

 

NEW QUESTION 134
Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

  • A. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
  • B. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
  • C. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
  • D. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.

Answer: A

 

NEW QUESTION 135
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?

  • A. Facebook and Linkedln will be the SPs.
  • B. Salesforce will be the identity provider (IdP).
  • C. Facebook and Linkedln will act as the IdPs and SPs.
  • D. Salesforce will be the service provider (SP).

Answer: D

 

NEW QUESTION 136
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

  • A. Redirect_uri
  • B. State
  • C. Callback_uri
  • D. Scope

Answer: A

 

NEW QUESTION 137
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Google is the identity provider
  • B. Salesforce is the identity provider
  • C. Google is the service provider
  • D. Salesforce is the service provider

Answer: D

 

NEW QUESTION 138
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

  • A. Disallow the use of single Sign-on for any users of the mobile app.
  • B. Set login IP ranges to the internal network for all of the app users profiles.
  • C. Require high assurance sessions in order to use the connected App
  • D. Use Google Authenticator as an additional part of the logical processes.

Answer: C,D

 

NEW QUESTION 139
......

Latest Verified & Correct Identity-and-Access-Management-Architect Questions: https://www.prep4sures.top/Identity-and-Access-Management-Architect-exam-dumps-torrent.html

100% Pass Guaranteed Download Identity and Access Management Designer Exam PDF Q&A: https://drive.google.com/open?id=1fmDGpTeEAFawDmdPttcQ6Yz4y80iyz7F

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam