[Q131-Q148] Exam Passing Guarantee Feb 10, 2023 Identity-and-Access-Management-Architect Exam with Accurate Quastions!

Exam Passing Guarantee Feb 10, 2023 Identity-and-Access-Management-Architect Exam with Accurate Quastions!

Test Engine to Practice Test for Identity-and-Access-Management-Architect Valid and Updated Dumps

Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics:

Topic	Details
Topic 1	Describe common authentication patterns and understand the differences between each one Given a scenario, identify the configuration settings for a Connected app
Topic 2	Describe the capabilities for customizing the user experience for Experience Cloud Given a scenario, identify the most appropriate OAuth flow
Topic 3	Given a scenario, describe what tools you can apply to audit and verify the activity user during and after login Describe how trust is established between two systems
Topic 4	Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization Given a scenario, determine when to use embedded login
Topic 5	Describe the various implementation concepts of OAuth Describe the building blocks that are part of an identity solution
Topic 6	Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios Recommend the appropriate method for provisioning users in Salesforce

 

NEW QUESTION 131
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

• A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
• B. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
• C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
• D. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.

Answer: A

 

NEW QUESTION 132
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer
360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360?
Choose 2 answers

• A. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
• B. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
• C. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
• D. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.

Answer: A,C

 

NEW QUESTION 133
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

• A. Use Microsoft Access control Service as the Authentication provider.
• B. Use Active Directory with Reverse Proxy as the Identity Provider.
• C. Use Salesforce Identity Connect as the Identity Provider.
• D. Use Active Directory Federation Service (ADFS) as the Identity Provider.

Answer: C

 

NEW QUESTION 134

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?

• A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
• B. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
• C. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
• D. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.

Answer: C

 

NEW QUESTION 135
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups.
Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

• A. Use Active Directory Federation Services to sync users from active directory to salesforce.
• B. Use an app exchange product to sync users from Active Directory to salesforce.
• C. Use Identity connect to sync users from Active Directory to salesforce
• D. Use the salesforce REST API to sync users from active directory to salesforce

Answer: B,C

 

NEW QUESTION 136
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

• A. A SAML Assertion Row
• B. OAuth 2.0 JWT Bearer Flow
• C. OAuth 2.0 SAML Bearer Assertion Flow
• D. OAuth 2.0 User-Agent Flow

Answer: A

 

NEW QUESTION 137
A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?

• A. They are equivalent protocols and there is no real reason to choose one over the other.
• B. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
• C. OIDC is more secure than SAML and therefore is the obvious choice.
• D. If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.

Answer: B

 

NEW QUESTION 138
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

• A. Allow partners to register through the IdP and create partner users in Salesforce through an API.
• B. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
• C. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
• D. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.

Answer: D

 

NEW QUESTION 139
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

• A. Just-in-Time (JIT) provisioning
• B. Custom login flow and Apex handler
• C. Third-party AppExchange solution
• D. Custom middleware and web services

Answer: A

 

NEW QUESTION 140
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

• A. Id
• B. Custom_permissions
• C. Api
• D. Web

Answer: B

 

NEW QUESTION 141
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

• A. Login Inspector
• B. Login Report
• C. Login Forensics
• D. Login History

Answer: C

 

NEW QUESTION 142
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

• A. In the mobile navigation menu on Salesforce for Android.
• B. As part of the body of a Salesforce Knowledge article.
• C. The sidebar of a Salesforce Console as a console component.
• D. Included in the Call Control Tool that's part of Open CTI.

Answer: B,C

 

NEW QUESTION 143
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

• A. External Identity License
• B. Identity Only License
• C. Identity Connect License
• D. Identity Verification Credits Add-on License

Answer: B

 

NEW QUESTION 144
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers

• A. A custom registration handier can be set.
• B. The default authentication provider certificate can be set.
• C. The default login user can be set.
• D. A custom error URL can be set.

Answer: A,D

 

NEW QUESTION 145
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

• A. Use SAML just-in-time provisioning between Facebook and Salesforce
• B. Use information in the signed request that is received from Facebook.
• C. Use the updateuser() method on the registration handler class.
• D. Develop a schedule job that calls out to Facebook on a nightly basis.

Answer: C

 

NEW QUESTION 146
Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

• A. Configure Delegated Authentication
• B. Set up my domain
• C. Configure SAML SSO settings.
• D. Create a connected App

Answer: B,C

 

NEW QUESTION 147
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

• A. Develop a scheduled job that calls out to Facebook on a nightly basis.
• B. Use the updateUser() method on the Registration Handler class.
• C. Use information in the Signed Request that is received from Facebook.
• D. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Answer: B

 

NEW QUESTION 148
......

Exam Questions for Identity-and-Access-Management-Architect Updated Versions With Test Engine: https://www.actual4exams.com/Identity-and-Access-Management-Architect-valid-dump.html

Pass Identity-and-Access-Management-Architect Exam with Updated Identity-and-Access-Management-Architect Exam Dumps PDF: https://drive.google.com/open?id=14kYsY_8o8_ot3hJz3HPYNA06YrKn5xw5