IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third- party employee portal only supports OAuth.

What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

A. Configure SSO to use the third party portal as an identity provider.

B. Create a custom external authentication provider.

C. Add the third-party portal as a connected app.

D. Configure Salesforce for Delegated Authentication.

Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

Which license should the identity architect recommend to fulfill this requirement?

A. Identity Only License

B. External Identity License

C. Identity Verification Credits Add-on License

D. Identity Connect License

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.

B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.

C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.

Which two actions should an identity architect recommend to meet these requirements?

Choose 2 answers

A. Create a custom external authentication provider for Facebook.

B. Configure a predefined authentication provider for Facebook.

C. Create a custom external authentication provider for Twitter.

D. Configure a predefined authentication provider for Twitter.

What are three capabilities of Delegated Authentication? Choose 3 answers

A. It can be assigned by Custom Permissions.

B. It can connect to SOAP services.

C. It can be assigned by Permission Sets.

D. It can be assigned by Profiles.

E. It can connect to REST services.

Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

A. Delegated Authentication is enabled or disabled for the entire Salesforce org.

B. UC will be required to develop and support a custom SOAP web service.

C. Salesforce users will be locked out of Salesforce if the web service goes down.

D. The web service must reside on a public cloud service, such as Heroku.

Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

A. User-Agent Oauth flow

B. SAML assertion Oauth flow

C. User-Token Oauth flow

D. Web server Oauth flow

Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.

what should an identity architect do to fulfill the above requirements?

A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.

B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

C. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authorize/cookie_value.

D. Authorize third-party service by sending authorization requests to the community- url/services/oauth2/authonze/expid_value.

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.

B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.

D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real- time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

A. The Self-signed Certificates from the Certificate and Key Management menu.

B. The default client Certificate from the Develop--> API menu.

C. The default client Certificate or the Certificate and Key Management menu.

D. The CA-signed Certificate from the Certificate and Key Management Menu.