100% Real & Accurate Identity-and-Access-Management-Architect Questions and Answers with Free and Fast Updates
Get Unlimited Access to Identity-and-Access-Management-Architect Certification Exam Cert Guide
Salesforce Certified Identity and Access Management Architect certification is an excellent choice for professionals who want to build their expertise in identity and access management, and help organizations build secure and scalable systems. With the right preparation and dedication, candidates can pass Identity-and-Access-Management-Architect exam and earn this valuable certification.
Salesforce Identity-and-Access-Management-Architect exam is designed to test the knowledge and skills of professionals in various areas of identity and access management, including authentication, authorization, and user management. Identity-and-Access-Management-Architect exam also covers topics such as data security, compliance, and governance. Candidates will be required to demonstrate their ability to design, implement, and manage secure and scalable IAM solutions on the Salesforce platform.
Salesforce Certified Identity and Access Management Architect certification is a valuable asset for individuals who are seeking to advance their career in Salesforce. Salesforce Certified Identity and Access Management Architect certification demonstrates that the candidate has a deep understanding of Salesforce's security model and can design and implement secure solutions that align with industry best practices. Salesforce Certified Identity and Access Management Architect certification also allows candidates to differentiate themselves in a competitive job market and can lead to increased career opportunities.
NEW QUESTION # 105
Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers
- A. Facebook is the service provider and salesforce is the identity provider
- B. Salesforce is the service provider and Google is the identity provider
- C. Salesforce is the service provider and Facebook is the identity provider
- D. Google is the service provider and Facebook is the identity provider
Answer: B,C
NEW QUESTION # 106
A real estate company wants to provide its customers a digital space to design their interior decoration options.
To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers
- A. Apex coding skills are needed for registration handler to create and update users.
- B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
- C. Use declarative registration handler process builder/flow to create, update users and contacts.
- D. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
Answer: A,B
NEW QUESTION # 107
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?
- A. Use SAML just-in-time provisioning between Facebook and Salesforce
- B. Use information in the signed request that is received from Facebook.
- C. Develop a schedule job that calls out to Facebook on a nightly basis.
- D. Use the updateuser() method on the registration handler class.
Answer: D
NEW QUESTION # 108
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?
- A. Use on-the-fly provisioning
- B. Use Identity connect to sync users
- C. Use salesforce APIs to create users on the fly
- D. Use just-in-time provisioning
Answer: D
NEW QUESTION # 109
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?
- A. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
- B. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
- C. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
- D. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
Answer: B
NEW QUESTION # 110
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.
What role combination is represented by the systems in this scenario''
- A. Salesforce Org1 and PingFederate are acting as Identity Providers.
- B. Financial System and CPQ System are the only Service Providers.
- C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
- D. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
Answer: A
NEW QUESTION # 111
A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?
- A. OAuth 2.0 User-Agent Flow
- B. OAuth 2.0 JWT Bearer How
- C. OAuth 2.0 Asset Token Flow
- D. OAuth 2.0 Device Flow
Answer: D
NEW QUESTION # 112
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?
- A. IDP - initiated SSO will not work
- B. Sp-Initiated SSO will not work
- C. Neithersp - nor IDP - initiated SSO will work
- D. Either sp - or IDP - initiated SSO will work
Answer: B
NEW QUESTION # 113
A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?
- A. OAuth 2.0 Device Authentication Row
- B. OAuth 2.0 SAML Bearer Assertion Flow
- C. OAuth 2.0 JWT Bearer Token Flow
- D. OAuth 2.0 Asset Token Flow
Answer: D
NEW QUESTION # 114
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers
- A. Delegated Authentication will not work with a.net service.
- B. Delegated Authentication will not work with rest services.
- C. Delegated Authentication will continue to work with a.net service.
- D. Delegated Authentication will continue to work with rest services.
Answer: B,C
NEW QUESTION # 115
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?
- A. Mobile pins
- B. Refresh Tokens
- C. Scopes
- D. Access Tokens
Answer: C
NEW QUESTION # 116
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?
- A. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
- B. Consolidate Partner related information in a single org and provide access through Salesforce community.
- C. Register partners in one org and access information from other orgs using APIs.
- D. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
Answer: A
NEW QUESTION # 117
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?
- A. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
- B. Use the Activations feature to meet the compliance requirement to track device information.
- C. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
- D. Use the Login History object to track information about devices from which users log in.
Answer: B
NEW QUESTION # 118
The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?
- A. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
- B. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
- C. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
- D. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
Answer: D
NEW QUESTION # 119
Under which scenario Web Server flow will be used?
- A. Used for verifying Access protected resources.
- B. Used for mobile applications and testing legacy Integrations.
- C. Used for web applications when server-side code needs to interact with APIS.
- D. Used for server-side components when page needs to be rendered.
Answer: C
NEW QUESTION # 120
......
Reliable Study Materials for Identity-and-Access-Management-Architect Exam Success For Sure: https://www.prepawayexam.com/Salesforce/braindumps.Identity-and-Access-Management-Architect.ete.file.html
100% Latest Most updated Identity-and-Access-Management-Architect Questions and Answers: https://drive.google.com/open?id=1Jur2pNRg6RFq3-JsGn6tQwboqPC9M08-