Salesforce Identity and Access Management Architect Exam Questions

Certification Exams

Downloadable PDF versions

100% Confidential

Updated Regularly

Advanced Features

Number Of Questions: 243

$59.00

Exam Details

Exam Name:

Salesforce Certified Identity andAccess Management Architect

Exam Code:

Identity-and-Access-Management-Architect

Total Questions in Exam:

243

Demo Questions

Q1. An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered. What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

A.Ensure that there is an HTTPS connection between IDP and SP.

B. Ensure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer

Correct Answer: D

Q2. An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?

A.Configure user Provisioning for Connected Apps.

B. Update the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning.

C. Build a custom REST endpoint in Salesforce that Google Workspace can poll against.

D. Build an Apex trigger on the userlogin object to make asynchronous callouts to Google APIs.

Answer

Correct Answer: A

Q3. Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months. Which two connected app options need to be configured to fulfill this use case?

A.Set Permitted Users to 'Admin approved users are pre-authorized'.

B. Set Permitted Users to 'All users may self-authorize'.

C. Set the Session Timeout value to 3 months.

D. Set the Refresh Token Policy to expire refresh token after 3 months.

Answer

Correct Answer: B, D

Q4. Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?

A.Use a Login Flow to query SAML attributes and set permission sets.

B. Use a Login Flow with invocable Apex to callout to the security application and set permission sets.

C. Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.

D. Use the Apex JIT handler to callout to the security application and set permission sets

Answer

Correct Answer: B

Q5. A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in. Which Salesforce feature should be used to debug the issue?

A.Apex Exception Email

B. View Setup Audit Trail

C. Debug Logs

D. Login History

Answer

Correct Answer: D

Answer

$59.00

Reviews

There are no reviews yet.

Be the first to review “Salesforce Identity and Access Management Architect Exam Questions”

Salesforce Identity and Access Management Architect Exam Questions

Certification Exams

Downloadable PDF versions

100% Confidential

Updated Regularly

Advanced Features

Number Of Questions: 243

Exam Details

Demo Questions

A.Ensure that there is an HTTPS connection between IDP and SP.

B. Ensure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

A.Configure user Provisioning for Connected Apps.

B. Update the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning.

C. Build a custom REST endpoint in Salesforce that Google Workspace can poll against.

D. Build an Apex trigger on the userlogin object to make asynchronous callouts to Google APIs.

A.Set Permitted Users to 'Admin approved users are pre-authorized'.

B. Set Permitted Users to 'All users may self-authorize'.

C. Set the Session Timeout value to 3 months.

D. Set the Refresh Token Policy to expire refresh token after 3 months.

A.Use a Login Flow to query SAML attributes and set permission sets.

B. Use a Login Flow with invocable Apex to callout to the security application and set permission sets.

C. Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.

D. Use the Apex JIT handler to callout to the security application and set permission sets

Q5. A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in. Which Salesforce feature should be used to debug the issue?

A.Apex Exception Email

B. View Setup Audit Trail

C. Debug Logs

D. Login History

Reviews

Quick Links

Contact Us