Identity-and-Access-Management-Architect Practice Online

Question 1

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an

appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?

A :

Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the

appropriate profile.

B :

Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the

appropriate profile.

C :

Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate

profile during Just-In-Time

(JIT) provisioning.

D :

Make a callout during the login flow to query department from Active Directory to assign the

appropriate profile.

Answer: B

Question 2

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A : Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

B : Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

C : Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

D : Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

Question 3

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the

OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not

be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

A : Set Permitted Users to "Admin approved users are pre-authorized".

B : Set Permitted Users to "All users may self-authorize".

C : Set the Session Timeout value to 3 months.

D : Set the Refresh Token Policy to expire refresh token after 3 months.

Answer: B,D

Question 4

Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal

that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.

Which three steps need to be configured to enable self-registration using person accounts?

Choose 3 answers

A : Enable access to person and business account record types under Public Access Settings.

B : Contact Salesforce Support to enable business accounts.

C : Under Login and Registration settings, ensure that the default account field is empty.

D : Contact Salesforce Support to enable person accounts.

E :

Set organization-wide default sharing for Contact to Public Read Only.

Answer: A,C,D

Question 5

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in

the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application

support teams to finish user deactivations. A terminated employee recently was able to login to NTO's

Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP

directory.

What should an identity architect recommend to prevent this from happening in the future?

A : Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

B : Configure an authentication provider to delegate authentication to the LDAP directory.

C : use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D : Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: B

Name:	Salesforce Certified Identity and Access Management Architect( WI24)
Exam Code:	Identity-and-Access-Management-Architect
Certification:	Salesforce Architect
Vendor:	Salesforce
Total Questions:	250
Last Updated:	May 13, 2024

Download Demo Identity-and-Access-Management-Architect Dumps

Create Account

Password Recovery

Identity-and-Access-Management-Architect Practice Online

Download Demo Identity-and-Access-Management-Architect Dumps

Member Login

Create Account

Password Recovery

Identity-and-Access-Management-Architect Practice Online