• Home
  • Articles
  • [Jul 24, 2024] Achive your Success with Latest Salesforce Identity-and-Access-Management-Architect Exam [Q65-Q85]

[Jul 24, 2024] Achive your Success with Latest Salesforce Identity-and-Access-Management-Architect Exam [Q65-Q85]

Share

Achive your Success with Latest Salesforce Identity-and-Access-Management-Architect Exam [Jul 24, 2024]

The Identity-and-Access-Management-Architect Exam Test For Brief Preparation 


Salesforce Identity-and-Access-Management-Architect certification exam is intended for professionals who have experience working with large-scale Salesforce environments and possess a deep understanding of the various Salesforce modules and applications. Salesforce Certified Identity and Access Management Architect certification is particularly relevant for professionals who work in IT security, compliance, and governance roles and are responsible for ensuring the security and privacy of sensitive data.


Salesforce Certified Identity and Access Management Architect certification exam is a challenging exam that requires candidates to have a deep understanding of the concepts and principles of identity and access management. Candidates will need to demonstrate their knowledge of authentication and authorization protocols, identity federation, access control, and other related topics. Identity-and-Access-Management-Architect exam consists of multiple-choice questions and is timed. Candidates will need to score at least 65% to pass the exam.


Salesforce Identity-and-Access-Management-Architect (IAM) certification is a well-recognized and highly sought-after certification in the field of Salesforce architecture. Salesforce Certified Identity and Access Management Architect certification focuses on the critical area of identity and access management, which is a crucial aspect of any enterprise-level Salesforce implementation. Salesforce Certified Identity and Access Management Architect certification validates the expertise and skills of individuals in designing and implementing secure and scalable identity and access management solutions for Salesforce.

 

NEW QUESTION # 65
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
1. Enter a phone number and/or email address
2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?

  • A. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
  • B. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
  • C. Create an Authentication provider and implement a self-registration handler class.
  • D. Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.

Answer: B


NEW QUESTION # 66
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

  • A. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
  • B. Passwordless authentication cannot be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
  • C. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
  • D. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.

Answer: A

Explanation:
Explanation
According to the Salesforce documentation3, contactless user feature allows creating users without contact information, such as email address or phone number. This reduces the overhead of managing customers and partners who don't need or want to provide their contact information. However, if a contactless user is upgraded to a Community license, a contact record is automatically created and linked to the user record, but not associated with an account. This can impact the architecture of NTO's Customer 360 Platform, as they may need to associate contacts with accounts for reporting or other purposes.


NEW QUESTION # 67
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Api
  • B. Refresh_token
  • C. Full
  • D. Custom_permissions

Answer: A,B


NEW QUESTION # 68
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

  • A. My domain is configured and active within salesforce.
  • B. The users have the correct Federation ID within salesforce.
  • C. The salesforce SSO settings are using http post
  • D. The identity provider is correctly preserving the Relay state

Answer: D


NEW QUESTION # 69
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

  • A. Debug Logs
  • B. Login History
  • C. View Setup Audit Trail
  • D. Apex Exception Email

Answer: B


NEW QUESTION # 70
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

  • A. Neither SP- nor IdP-initiated SSO will work.
  • B. IdP-initiated SSO will NOT work.
  • C. SP-initiated SSO will NOT work
  • D. Either SP- or IdP-initiated SSO will work.

Answer: A


NEW QUESTION # 71
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

  • A. A SAML Assertion Row
  • B. OAuth 2.0 User-Agent Flow
  • C. OAuth 2.0 JWT Bearer Flow
  • D. OAuth 2.0 SAML Bearer Assertion Flow

Answer: A


NEW QUESTION # 72
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

  • A. Authentication Providers
  • B. OAuth Tokens
  • C. Connected App and OAuth scopes
  • D. Canvas App Integration

Answer: C


NEW QUESTION # 73
A group of users try to access one of universal containers connected apps and receive the following error message: "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The use of high assurance sections are required for the connected App.
  • B. The salesforce administrators gave revoked the Oauth authorization.
  • C. The users do not have the correct permission set assigned to them.
  • D. The connected App setting "All users may self-authorize" is enabled.

Answer: C

Explanation:
Explanation
The users do not have the correct permission set assigned to them is the most likely cause of the issue. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect1. Connected apps use these protocols to authorize, authenticate, and provide single sign-on (SSO) for external apps1. To access a connected app, users must have the appropriate permissions assigned to them, either through their profile or a permission set2. If the users do not have the required permissions, they will receive an error message when they try to access the connected app. The use of high assurance sessions are required for the connected app is not a valid option, as high assurance sessions are related to multi-factor authentication (MFA), not connected apps3. The connected app setting "All users may self-authorize" is enabled is not a cause of the issue, but a possible solution. This setting allows users to access the connected app without pre-approval from an administrator4. The Salesforce administrators have revoked the OAuth authorization is not a likely cause of the issue, as OAuth authorization is granted by the users, not the administrators5. Revoking OAuth authorization would also affect all users, not just a group of them.
References: Learn About Connected Apps, Create a Connected App, [Multi-Factor Authentication (MFA) for Salesforce], [Connected App Basics], OAuth Authorization Flows


NEW QUESTION # 74
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

  • A. Enforce mutual Authentication between systems using SSL.
  • B. Require the use of Salesforce security Tokens on password.
  • C. Include client ID and client secret in the login header callout.
  • D. Set up a proxy server for the login service in the DMZ.

Answer: A

Explanation:
Explanation
To enable a trusted connection between the login services and Salesforce, UC should enforce mutual authentication between systems using SSL. Mutual authentication is a process in which both parties in a communication verify each other's identity using certificates7. SSL (Secure Sockets Layer) is a protocol that provides secure communication over the Internet using encryption and certificates8. By using mutual authentication with SSL, UC can ensure that only authorized login services can access Salesforce and vice versa. This can prevent unauthorized access, impersonation, or phishing attacks.
References: Mutual Authentication, SSL (Secure Sockets Layer)


NEW QUESTION # 75
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

  • A. Salesforce User ID
  • B. Federation ID
  • C. Salesforce Username
  • D. User Full Name
  • E. User Email Address

Answer: B,D,E


NEW QUESTION # 76
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

  • A. Use the Activations feature to meet the compliance requirement to track device information.
  • B. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
  • C. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
  • D. Use the Login History object to track information about devices from which users log in.

Answer: A

Explanation:
Explanation
To track information about devices from which users log in and revoke the device access, the identity architect should use the Activations feature. Activations are records that store information about the devices and browsers that users use to access Salesforce. Administrators can view, manage, and revoke activations for users from the Setup menu. Activations can help monitor and control user access from different devices.
References: Activations, Manage Activations for Your Users


NEW QUESTION # 77
The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

  • A. Username-password
  • B. Jwt bearer token
  • C. Web server
  • D. User-Agent

Answer: C,D

Explanation:
Explanation
The two OAuth flows that support refresh tokens are Web server and User-Agent. According to the Salesforce documentation2, "The web server authentication flow and user-agent flow both provide a refresh token that can be used to get a new access token." Therefore, option A and C are the correct answers.
References: Salesforce Documentation


NEW QUESTION # 78
Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

  • A. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.
  • B. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
  • C. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
  • D. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

Answer: A

Explanation:
Explanation
OAuth 2.0 is an open standard for authorization that allows a third-party application to obtain limited access to a protected resource on behalf of a user. To authorize a third-party service using OAuth 2.0 with the Salesforce Experience Cloud site, the identity architect should do the following steps:
Create a connected app for the third-party service in Salesforce. A connected app is an application that integrates with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. To create a connected app, you need to provide the basic information, such as the app name, logo URL, contact email, and API name. You also need to enable OAuth and configure the OAuth settings, such as the callback URL, the scopes, and the policies.
Authorize the third-party service by sending authorization requests to the community-url/services/oauth2/authorize/expid_value. This is a special endpoint that allows you to specify an experience ID (expid) as a query parameter in the authorization request. The experience ID is a unique identifier for each experience (community or site) in Salesforce. By using this endpoint, you can dynamically render the login page images based on the user's brand preference selected in the third-party service before authorization.
References:
OAuth 2.0
OAuth 2.0 Web Server Authentication Flow
Connected Apps
Create a Connected App
Experience ID
Authorize Apps with OAuth


NEW QUESTION # 79
Which two considerations should be made when implementing Delegated Authentication?
Choose 2 answers

  • A. Salesforce servers receive but do not validate a user's credentials.
  • B. Just-in-time Provisioning can be configured for new users.
  • C. It can be used to authenticate API clients and mobile apps.
  • D. It requires trusted IP ranges at the User Profile level.
  • E. The authentication web service can include custom attributes.

Answer: B,C


NEW QUESTION # 80
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. External Identity Licenses
  • B. SMS verification Credits
  • C. Identity Connect Licenses
  • D. Email Verification Credits

Answer: A,B


NEW QUESTION # 81
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?

  • A. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
  • B. Consolidate Partner related information in a single org and provide access through Salesforce community.
  • C. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
  • D. Register partners in one org and access information from other orgs using APIs.

Answer: C

Explanation:
Explanation
SAML federation allows partners to log in to multiple Salesforce orgs with a single identity provider. The partner login can be created for the country of their operation and then federated to other orgs using SAML assertions. References: SAML Single Sign-On Overview, Federated Authentication Using SAML


NEW QUESTION # 82
A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:
1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce
.
Which two options allow the Identity Architect to fulfill the requirements?
Choose 2 answers

  • A. Redirect the user to a custom page that allows the user to select an existing social identity for login.
  • B. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
  • C. Use the custom registration handler to link social identities to Salesforce identities.
  • D. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.

Answer: C,D

Explanation:
Explanation
To allow customers to log in to the community with any of their social identities, such as Facebook, Google, or Twitter, the identity architect needs to use authentication providers for social sign-on. Authentication providers are configurations that enable users to authenticate with an external identity provider and access Salesforce resources. To ensure that Salesforce has only one user per customer, regardless of how many social identities they have, the identity architect needs to use the custom registration handler to link social identities to Salesforce identities. The custom registration handler is a class that implements the Auth.RegistrationHandler interface and defines how to create or update users in Salesforce based on the information from the external identity provider. The custom registration handler can also be used to insert or update personal details of the customers when they log in to Salesforce using their social identity.
References: Authentication Providers, Social Sign-On with Authentication Providers, Create a Custom Registration Handler


NEW QUESTION # 83
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • B. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
  • C. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • D. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.

Answer: A,C


NEW QUESTION # 84
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

  • A. Run registration handler on incoming OAuth responses.
  • B. Call SOAP API upsertQ on user object.
  • C. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
  • D. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Answer: A


NEW QUESTION # 85
......

Revolutionary Guide To Exam Salesforce Dumps: https://www.verifieddumps.com/Identity-and-Access-Management-Architect-valid-exam-braindumps.html

Pass Identity-and-Access-Management-Architect Exam Latest Practice Questions: https://drive.google.com/open?id=1TDwFL15RUqdqARFLE3a6xvJhaQbNwY__

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam