IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).

Mow can end users change their password?

A. Users once logged In, can go to the Change Password screen in Salesforce.

B. Users can click on the "Forgot your Password" link on the Salesforce.com login page.

C. Users can request the Salesforce Admin to reset their password.

D. Users can change it on the enterprise LDAP authentication portal.

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

Which three functions meet the Salesforce criteria for secure mfa?

Choose 3 answers

A. username and password + SMS passcode

B. Username and password + secunty key

C. Third-party single sign-on with Mobile Authenticator app

D. Certificate-based Authentication

E. Lightning Login

An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The

administrator requested assistance from an identity architect to resolve the issue.

Which two reasons are the source of the issue?

Choose 2 answers

A. StartURL for the connected app is not set in Connected App settings.

B. OAuth scope does not include "openid*.

C. Session Policy is set as 'High Assurance Session required' for this connected app.

D. The connected app is not set in the App menu as 'Visible in App Launcher".

Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

A. App Launcher

B. Resource deep linking

C. SSO from Salesforce Mobile App

D. Login Forensics

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

A. Add each connected App to the App Launcher with a Start URL.

B. Set up an Auth Provider for each External Application.

C. Set up Salesforce as a SAML Idp with My Domain.

D. Set up Identity Connect to Synchronize user data.

E. Create a Connected App for each external application.

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).

Which feature of Identity Connect is applicable for this scenano?

A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.

B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.

C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.

D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

What item should an Architect consider when designing a Delegated Authentication implementation?

A. The Web service should be secured with TLS using Salesforce trusted certificates.

B. The Web service should be able to accept one to four input method parameters.

C. The web service should use the Salesforce Federation ID to identify the user.

D. The Web service should implement a custom password decryption method.

A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A. OAuth Web-Server Flow

B. Identity Connect

C. Delegated Authentication

D. Just-in-Time Provisioning

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

What should be used to fulfill this requirement?

A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

B. Use the Activations feature to meet the compliance requirement to track device information.

C. Use the Login History object to track information about devices from which users log in.

D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.

What should a identity architect recommend to create partners?

A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.

B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.

C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.

D. Allow partners to register through the IdP and create partner users in Salesforce through an API.