Identity-and-Access-Management-Architect Free Certification Exam Material from DumpsTorrent with 245 Questions [Q49-Q68]

4/5 - (1 vote)

Identity-and-Access-Management-Architect Free Certification Exam Material from DumpsTorrent with 245 Questions

Use Real Identity-and-Access-Management-Architect – 100% Cover Real Exam Questions

NEW QUESTION 49
A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend?
Choose 2 answers

Implement Auth.SamlJitHandler Interface.

Create and update methods.

Implement RegistrationHandler Interface.

Implement SesslonManagement Class.

NEW QUESTION 50
A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

OAuth 2.0 JWT Bearer How

OAuth 2.0 Device Flow

OAuth 2.0 User-Agent Flow

OAuth 2.0 Asset Token Flow

NEW QUESTION 51
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

As part of the body of a Salesforce Knowledge article.

In the mobile navigation menu on Salesforce for Android.

The sidebar of a Salesforce Console as a console component.

Included in the Call Control Tool that’s part of Open CTI.

NEW QUESTION 52

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?

Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.

Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.

Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-

NEW QUESTION 53
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement?
Choose 3 answers

Create an approval process for a custom object associated with the provisioning flow.

Create a connected app for Concur in Salesforce.

Enable User Provisioning for the connected app.

Create an approval process for user object associated with the provisioning flow.

Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.

NEW QUESTION 54
A company’s external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

Select “Admin approved users are pre-authonzed” and assign specific profiles.

Create custom scopes and assign to the connected app.

Define a permission set that grants access to the app and assign to authorized users.

Leverage external objects and data classification policies.

NEW QUESTION 55
Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

Web Server flow with a Refresh Token.

Mobile Agent flow with a Bearer Token.

User Agent flow with a Refresh Token.

SAML Assertion flow with a Bearer Token.

NEW QUESTION 56
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers

Active Directory Password Sync Plugin

Configure Cloud Provider Load Balancer

Salesforce Trigger & Field on Contact Object

Salesforce Identity Connect

NEW QUESTION 57
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

Delegated Authentication is enabled or disabled for the entire Salesforce org.

UC will be required to develop and support a custom SOAP web service.

Salesforce users will be locked out of Salesforce if the web service goes down.

The web service must reside on a public cloud service, such as Heroku.

NEW QUESTION 58
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC’s Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.

Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.

Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

NEW QUESTION 59
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?

Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.

Consolidate Partner related information in a single org and provide access through Salesforce community.

Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.

NEW QUESTION 60
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

Implement 2FA authentication for the Salesforce org.

Set trusted IP ranges for the organization.

Implement an single sign-on for Salesforce using an external identity provider.

Implement multi-factor authentication for the Salesforce org.

NEW QUESTION 61
An identity architect’s client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

Ensure that there is an HTTPS connection between IDP and SP.

Ensure that on the SSO settings page, the “Request Signing Certificate” field has a self-signed certificate.

Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

NEW QUESTION 62
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location.
Which two options should an architect recommend? Choose 2 answers

Relax the ip restriction in the connect app settings for the salesforce1 mobile app

Use login flow to bypass ip range restriction for the mobile app.

Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app

Remove existing restrictions on ip ranges for all types of user access.

NEW QUESTION 63
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

Access Tokens

Mobile pins

Refresh Tokens

Scopes

NEW QUESTION 64
Universal containers (UC) is concerned that having a self-registration page will provide a means for “bots” or unintended audiences to create user records, thereby consuming licences and adding dirty data. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose
2 answers

Use open-ended security questions and complex password requirements

Primarily use lookup and picklist fields on the self registration page.

Require a captcha at the end of the self-registration process.

Use hidden fields populated via java script events in the self-registration page.

NEW QUESTION 65
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.

Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

NEW QUESTION 66
When designing a multi-branded Customer Identity and Access Management solution on the Salesforce Platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?

The Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.

Provide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.

Add a custom parameter to the service provider’s OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.

The Audience ID, which can be set in a shared cookie.

NEW QUESTION 67
Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups.
The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.

Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.

Use a login flow to query custom SAML attributes and set permission sets.

Use a login flow to query standard SAML attributes and set permission sets.

NEW QUESTION 68
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.

Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don’t set up JIT user provisioning for other orgs.

Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don’t set up JIT user provisioning for other orgs.

Dumps Brief Outline Of The Identity-and-Access-Management-Architect Exam: https://www.dumpstorrent.com/Identity-and-Access-Management-Architect-exam-dumps-torrent.html

Identity-and-Access-Management-Architect Free Certification Exam Material from DumpsTorrent with 245 Questions [Q49-Q68]

admin

Leave a Reply Cancel reply