Black Friday Special - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

Hot Vendors

Identity-and-Access-Management-Architect Salesforce Certified Identity andAccess Management Architect (SU24) Questions and Answers

Questions 4

A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.

Which two features should be utilized to provide users with login and identity services for the third-party application?

Choose 2 answers

Options:

A.

Use the App Launcher with single sign-on (SSO).

B.

External a Data source with Named Principal identity type.

C.

Use a connected app.

D.

Use Delegated Authentication.

Buy Now
Questions 5

Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

Options:

A.

Add the Employee portals IP address to the Trusted IP range for the connected App

B.

Use a digital certificate signed by the employee portal Server.

C.

Add the employee portals IP address to the login IP range on the user profile.

D.

Use a dedicated profile for the user the Employee portal uses.

Buy Now
Questions 6

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

Options:

A.

Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

B.

Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

C.

Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

D.

Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

Buy Now
Questions 7

In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

Options:

A.

RedirectURL

B.

RelayState

C.

DisplayState

D.

StartURL

Buy Now
Questions 8

A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.

Which OAuth flow should the architect recommend?

Options:

A.

OAuth 2.0 Asset Token Flow

B.

OAuth 2.0 Device Authentication Row

C.

OAuth 2.0 JWT Bearer Token Flow

D.

OAuth 2.0 SAML Bearer Assertion Flow

Buy Now
Questions 9

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.

Which two options should be utilized in creating an authentication provider?

Choose 2 answers

Options:

A.

A custom registration handier can be set.

B.

A custom error URL can be set.

C.

The default login user can be set.

D.

The default authentication provider certificate can be set.

Buy Now
Questions 10

Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.

Which Salesforce license is required to fulfill this requirement?

Options:

A.

External Identity

B.

Identity Verification

C.

Identity Connect

D.

Identity Only

Buy Now
Questions 11

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

Options:

A.

User Provisioning for Connected Apps does not support role sync.

B.

Required operation(s) was not mapped in User Provisioning Settings.

C.

The Approval queue for User Provisioning Requests is unmonitored.

D.

Salesforce roles have more than three levels in the role hierarchy.

Buy Now
Questions 12

Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

Options:

A.

Ensure that users have the same email value in their user records in all of UC's salesforce orgs.

B.

Ensure the same username is allowed in multiple orgs by contacting salesforce support.

C.

Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.

D.

Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Buy Now
Questions 13

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

Options:

A.

Trust relationships between Identity Provider and Service Provider are required.

B.

SAML tokens can be in XML or JSON format and can be used interchangeably.

C.

Web applications with no passwords are more secure and stronger against attacks.

D.

Access tokens are used to access resources on the server once the user is authenticated.

E.

Centralized federation provides single point of access, control and auditing.

Buy Now
Questions 14

An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

Options:

A.

Consumer key and consumer secret

B.

Federation ID

C.

User info endpoint URL

D.

Apex registration handler

Buy Now
Questions 15

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

Options:

A.

IdP-initiated SSO will NOT work.

B.

Neither SP- nor IdP-initiated SSO will work.

C.

Either SP- or IdP-initiated SSO will work.

D.

SP-initiated SSO will NOT work

Buy Now
Questions 16

A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

Options:

A.

The use of high assurance sections are required for the connected App.

B.

The users do not have the correct permission set assigned to them.

C.

The connected App setting "All users may self-authorize" is enabled.

D.

The salesforce administrators gave revoked the Oauth authorization.

Buy Now
Questions 17

How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

Options:

A.

Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.

B.

Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.

C.

Remove the Login page from the list of Authentication Services on the My Domain configuration.

D.

Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

Buy Now
Questions 18

Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

Options:

A.

Check the Refresh Token policy defined in the Salesforce Connected App.

B.

Validate that the users are checking the box to remember their passwords.

C.

Verify that the Callback URL is correctly pointing to the new URI Scheme.

D.

Confirm that the access Token's Time-To-Live policy has been set appropriately.

Buy Now
Questions 19

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

Options:

A.

Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

B.

Build an integration that queries LDAP periodically and creates new active users in Salesforce.

C.

Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

D.

Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at

first login.

Buy Now
Questions 20

Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.

NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.

What should an Identity Architect do to provision, deprovision and authenticate users?

Options:

A.

Salesforce Identity is not needed since NTO uses Microsoft AD.

B.

Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.

C.

Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.

D.

A Salesforce Identity can be included but NTO will require Identity Connect.

Buy Now
Questions 21

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:

1. User Authenticates and Authorizes Access

2. Request an Access Token

3. Salesforce Grants an Access Token

4. Request an Authorization Code

5. Salesforce Grants Authorization Code

What is the correct sequence for the authorization flow?

Options:

A.

1, 4, 5, 2, 3

B.

4, 1, 5, 2, 3

C.

2, 1, 3, 4, 5

D.

4,5,2, 3, 1

Buy Now
Questions 22

Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

Options:

A.

Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.

B.

Remove existing restrictions on IP ranges for all types of user access.

C.

Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.

D.

Use Login Flow to bypass IP range restriction for the mobile app.

Buy Now
Questions 23

Which three are features of federated Single sign-on solutions? Choose 3 Answers

Options:

A.

It establishes trust between Identity Store and Service Provider.

B.

It federates credentials control to authorized applications.

C.

It solves all identity and access management problems.

D.

It improves affiliated applications adoption rates.

E.

It enables quick and easy provisioning and deactivating of users.

Buy Now
Questions 24

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.

What should the IAM do to fulfill this requirement?

Options:

A.

Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.

B.

Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

C.

Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.

D.

Confirm performance considerations with Salesforce Customer Support due to high peaks.

Buy Now
Questions 25

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.

Which two Salesforce license types does UC need for its employees'

Choose 2 answers

Options:

A.

Company Community and Identity licenses

B.

Identity and Identity Connect licenses

C.

Chatter Only and Identity licenses

D.

Salesforce and Identity Connect licenses

Buy Now
Questions 26

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

Options:

A.

Web server

B.

Jwt bearer token

C.

User-Agent

D.

Username-password

Buy Now
Questions 27

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

Options:

A.

The web application should be hosted on a secure server.

B.

The web server must be able to protect consumer privacy

C.

The flow involves passing the user credentials back and forth.

D.

The flow will not provide an Oauth refresh token back to the server.

Buy Now
Questions 28

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

Options:

A.

The CA-Signed Certificate from the Certificate and Key Management menu.

B.

The default Client Certificate from the Develop--> API Menu.

C.

The default Client Certificate or a Certificate from Certificate and Key Management menu.

D.

The Self-Signed Certificates from the Certificate & Key Management menu.

Buy Now
Questions 29

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

Options:

A.

My domain is configured and active within salesforce.

B.

The salesforce SSO settings are using http post

C.

The identity provider is correctly preserving the Relay state

D.

The users have the correct Federation ID within salesforce.

Buy Now
Questions 30

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:

1. Users should not have to login every time they use the app.

2. The app should be able to make calls to the Salesforce REST API.

3. End users should NOT see the OAuth approval page.

How should the identity architect configure the Salesforce connected app to meet the requirements?

Options:

A.

Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".

B.

Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".

C.

Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".

D.

Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".

Buy Now
Questions 31

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

Options:

A.

OpenID Connect

B.

User Agent Flow

C.

JWT Bearer Token Flow

D.

Web Server Flow

Buy Now
Questions 32

Which two statements are capable of Identity Connect? Choose 2 answers

Options:

A.

Synchronization of Salesforce Permission Set Licence Assignments.

B.

Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.

C.

Support multiple orgs connecting to multiple Active Directory servers.

D.

Automated user synchronization and de-activation.

Buy Now
Questions 33

Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?

Options:

A.

Neithersp - nor IDP - initiated SSO will work

B.

Either sp - or IDP - initiated SSO will work

C.

IDP - initiated SSO will not work

D.

Sp-Initiated SSO will not work

Buy Now
Questions 34

Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking'

Options:

A.

Web Server OAuth SSO flow

B.

Service-Provider-Initiated SSO

C.

Identity-Provider-initiated SSO

D.

StartURL on Identity Provider

Buy Now
Questions 35

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

Options:

A.

Google is the service provider and Facebook is the identity provider

B.

Salesforce is the service provider and Google is the identity provider

C.

Facebook is the service provider and salesforce is the identity provider

D.

Salesforce is the service provider and Facebook is the identity provider

Buy Now
Questions 36

Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.

Mow can a guest register using data previously collected during order placement?

Options:

A.

Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.

B.

Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.

C.

Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.

D.

Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.

Buy Now
Questions 37

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

Options:

A.

The Use Digital Signature option in the connected app.

B.

The "web" OAuth scope in the connected app,

C.

The "api" OAuth scope in the connected app.

D.

The "edair_api" OAuth scope m the connected app.

Buy Now
Exam Name: Salesforce Certified Identity andAccess Management Architect (SU24)
Last Update: Nov 20, 2024
Questions: 243

PDF + Testing Engine

$48  $159.99

Testing Engine

$36  $119.99
buy now Identity-and-Access-Management-Architect testing engine

PDF (Q&A)

$30  $99.99
buy now Identity-and-Access-Management-Architect pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 22 Nov 2024