IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

A. The web application should be hosted on a secure server.

B. The web server must be able to protect consumer privacy

C. The flow involves passing the user credentials back and forth.

D. The flow will not provide an Oauth refresh token back to the server.

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

A. Entity id

B. Issuer

C. Identity provider login URL

D. SAML identity location

Which two statements are capable of Identity Connect? Choose 2 answers

A. Synchronization of Salesforce Permission Set Licence Assignments.

B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.

C. Support multiple orgs connecting to multiple Active Directory servers.

D. Automated user synchronization and de-activation.

Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.

What are two are key benefits of Customer 360 Identity as it relates to Customer 360?

Choose 2 answers

A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.

B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.

C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.

D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

A. Google is the identity provider

B. Salesforce is the identity provider

C. Google is the service provider

D. Salesforce is the service provider

The security team at Universal containers(UC) has identified exporting reports as a high- risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

A. The Identity Provider is also used to SSO into five other applications.

B. The clock on the Identity Provider server is twenty minutes behind Salesforce.

C. The Issuer Certificate from the Identity Provider expired two weeks ago.

D. The default language for the Identity Provider and Salesforce are Different.

Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.

UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.

Which of the following license types should be used to meet the requirement?

A. External Apps License

B. Partner Community License

C. Partner Community Login License

D. Customer Community plus Login License

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

A. The web service needs to include Source IP as a method parameter.

B. UC should whitelist all salesforce ip ranges on their corporate firewall.

C. The web service can be written using either the soap or rest protocol.

D. Delegated Authentication is enabled for the system administrator profile.

E. The return type of the Web service method should be a Boolean value

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

A. Financial System and CPQ System are the only Service Providers.

B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.

C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.

D. Salesforce Org1 and PingFederate are acting as Identity Providers.