IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

A. Google is the service provider and Facebook is the identity provider

B. Salesforce is the service provider and Google is the identity provider

C. Facebook is the service provider and salesforce is the identity provider

D. Salesforce is the service provider and Facebook is the identity provider

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

A. Entity id

B. Issuer

C. Identity provider login URL

D. SAML identity location

Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

A. Custom_permissions

B. Api

C. Refresh_token

D. Full

Under which scenario Web Server flow will be used?

A. Used for web applications when server-side code needs to interact with APIS.

B. Used for server-side components when page needs to be rendered.

C. Used for mobile applications and testing legacy Integrations.

D. Used for verifying Access protected resources.

A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.

Which two steps should an identity architect recommend?

Choose 2 answers

A. Implement Auth.SamlJitHandler Interface.

B. Create and update methods.

C. Implement RegistrationHandler Interface.

D. Implement SesslonManagement Class.

Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.

Which approach will meet this requirement?

A. Create tasks for users who need to update their data or accept the new community rules.

B. Create a custom landing page and email campaign asking all community members to login and verify their data.

C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.

D. Add a banner to the community Home page asking users to update their profile and accept the new community rules.

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).

Which feature of Identity Connect is applicable for this scenano?

A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.

B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.

C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.

D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

A. Configure SAML SSO settings.

B. Create a Connected App.

C. Configure Delegated Authentication.

D. Set up My Domain.

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A. Disallow the use of Single Sign-on for any users of the mobile app.

B. Require High Assurance sessions in order to use the Connected App.

C. Set Login IP Ranges to the internal network for all of the app users Profiles.

D. Use Google Authenticator as an additional part of the login process

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

A. The Oauth authorizations are being revoked by a nightly batch job.

B. The refresh token expiration policy is set incorrectly in salesforce

C. The app is requesting too many access Tokens in a 24-hour period

D. The users forget to check the box to remember their credentials.