• Home
  • Articles
  • 2023 Realistic Identity-and-Access-Management-Architect Dumps are Available for Instant Access [Q32-Q51]

2023 Realistic Identity-and-Access-Management-Architect Dumps are Available for Instant Access [Q32-Q51]

Share

2023 Realistic Identity-and-Access-Management-Architect Dumps are Available for Instant Access

Download Exam Identity-and-Access-Management-Architect Practice Test Questions with 100% Verified Answers


Salesforce Certified IAM Architect certification is recognized worldwide and is highly valued by employers. It is an excellent way for professionals to demonstrate their expertise in identity and access management solutions and advance their careers. Salesforce Certified Identity and Access Management Architect certification also provides access to a community of experts who share knowledge and best practices in identity and access management. With this certification, professionals can demonstrate their commitment to security and position themselves as leaders in the field of identity and access management.


Salesforce Certified Identity and Access Management Architect certification is an essential certification for architects who want to demonstrate their expertise in designing and implementing IAM solutions using Salesforce. Salesforce Certified Identity and Access Management Architect certification validates an individual's knowledge of core IAM concepts and their ability to configure and use Salesforce's IAM tools effectively. If you are an experienced architect looking to advance your career in IAM, then the Salesforce Certified Identity and Access Management Architect certification is the right choice for you.


Salesforce Identity-and-Access-Management-Architect is a certification that focuses on the practice of identity and access management within Salesforce. Salesforce Certified Identity and Access Management Architect certification is designed for individuals who are experienced in Salesforce and have a strong understanding of the platform's security model. Identity-and-Access-Management-Architect exam is ideal for those who are looking to demonstrate their expertise in identity and access management within the Salesforce ecosystem.

 

NEW QUESTION # 32
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

  • A. User-Agent Oauth flow
  • B. User-Token Oauth flow
  • C. SAML assertion Oauth flow
  • D. Web server Oauth flow

Answer: C


NEW QUESTION # 33
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

  • A. Issuer
  • B. SAML identity location
  • C. Entity id
  • D. Identity provider login URL

Answer: C


NEW QUESTION # 34
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Api
  • B. Refresh_token
  • C. Custom_permissions
  • D. Full

Answer: A,B

Explanation:
Explanation
The two scope values that an architect should recommend to UC are api and refresh_token. The api scope allows the app to access the Salesforce REST API and use custom objects and custom Apex code. The refresh_token scope allows the app to obtain a refresh token that can be used to get new access tokens without requiring the user to re-enter credentials. Option A is not a good choice because the custom_permissions scope allows the app to access custom permissions in Salesforce, but it does not affect how the app can access the REST API or avoid user re-authentication. Option D is not a good choice because the full scope allows the app to access all data accessible by the user, including the web UI and the API, but it may be unnecessary or insecure for UC's requirement. References: OAuth 2.0 Web Server Authentication Flow, Digging Deeper into OAuth 2.0 on Force.com


NEW QUESTION # 35
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers

  • A. The Identity provider can store credentials for multiple applications.
  • B. The Identity Provider can centralize enterprise password policy.
  • C. The Identity Provider can authenticate multiple applications.
  • D. The Identity Provider can authenticate multiple social media accounts.

Answer: B,C

Explanation:
Explanation
The two capabilities of an identity provider that the architect should detail to help strengthen the business case are that the identity provider can authenticate multiple applications and that the identity provider can centralize enterprise password policy. These capabilities can provide benefits such as reducing login friction, improving user experience, enhancing security, and simplifying administration. Option B is not a good choice because the identity provider can authenticate multiple social media accounts may not be relevant for UC's business case, as it does not specify how UC will use social media for its identity management. Option C is not a good choice because the identity provider can store credentials for multiple applications may not be desirable or secure for UC's business case, as it may imply that the identity provider is using password vaulting or federation rather than single sign-on (SSO) or identity federation. References: Identity Management Concepts, [Single Sign-On Implementation Guide]


NEW QUESTION # 36
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

  • A. External Identity Licence.
  • B. Salesforce Platform Licence.
  • C. Salesforce Licence.
  • D. Identity Licence.

Answer: B

Explanation:
Explanation
The optimal Salesforce license type for all of the UC employees who will access the custom Innovation platform without logging in with Salesforce credentials is the Salesforce Platform license. The Salesforce Platform license allows users to access custom applications built on the Lightning Platform, such as Apex and Visualforce, and use standard objects such as accounts, contacts, reports, dashboards, and custom tabs. It also supports SSO with a third-party identity provider using SAML. Option A is not a good choice because the Identity license is designed for users who need to access Salesforce Identity features, such as identity provider, social sign-on, and user provisioning, but not for users who need to access custom applications. Option B is not a good choice because the Salesforce license is designed for users who need full access to standard CRM and Lightning Platform features, such as leads, opportunities, campaigns, forecasts, and contracts, but it may be unnecessary or expensive for users who only need to access custom applications. Option C is not a good choice because the External Identity license is designed for users who are external to the organization, such as customers or partners, but not for users who are internal employees.
References: Salesforce Help: User License Types, [Salesforce Help: Single Sign-On for Desktop and Mobile Applications using SAML and OAuth]


NEW QUESTION # 37
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

  • A. Configure Amazon as a connected app.
  • B. Configure an OpenID Connect Authentication Provider for Amazon.
  • C. Configure a predefined authentication provider for Amazon.
  • D. Create a custom external authentication provider for Amazon.

Answer: B


NEW QUESTION # 38
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

  • A. The administrator forgot to reset the new user's salesforce password.
  • B. The my domain capability is not enabled on the new user's profile.
  • C. The Federation ID field on the new user records is not correctly set
  • D. The new users do not have the SSO permission enabled on their profiles.

Answer: C


NEW QUESTION # 39
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

  • A. Set trusted IP ranges for the organization.
  • B. Implement multi-factor authentication for the Salesforce org.
  • C. Implement 2FA authentication for the Salesforce org.
  • D. Implement a single sign-on for Salesforce using an external identity provider.

Answer: A

Explanation:
Explanation
To reduce the frequency of prompt verification for users logging into Salesforce, the identity architect should recommend setting trusted IP ranges for the organization. Trusted IP ranges are IP addresses that are considered safe for logging in without any additional verification. Users who log in from trusted IP ranges do not need to activate their computer or use a verification code. Trusted IP ranges can improve user convenience and security. References: Trusted IP Ranges, Set Trusted IP Ranges for Your Organization


NEW QUESTION # 40
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
  • B. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • C. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • D. To use dynamic branding, the community must be built with the Customer Account Portal template.

Answer: B,D

Explanation:
Explanation
Dynamic branding is a feature that allows Experience Cloud sites to display different branding elements, such as logos, colors, or images, based on the user's profile or preferences. To use dynamic branding, the community must be built with the Customer Account Portal template, which supports this feature. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand and trigger the dynamic branding logic.
References: Dynamic Branding for Experience Cloud Sites, Create a Customer Account Portal


NEW QUESTION # 41
Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

  • A. Configure the regional salesforce orgs as Identity Providers.
  • B. Configure the main Salesforce org as a service provider.
  • C. Configure the main salesforce org as an Authentication provider.
  • D. Configure the main salesforce org as the Identity provider.

Answer: D


NEW QUESTION # 42
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?

  • A. Facebook and Linkedln will act as the IdPs and SPs.
  • B. Salesforce will be the service provider (SP).
  • C. Salesforce will be the identity provider (IdP).
  • D. Facebook and Linkedln will be the SPs.

Answer: B

Explanation:
Explanation
To allow users to login with their Facebook or LinkedIn credentials, Salesforce will play the role of a service provider (SP). A SP is an entity that relies on an identity provider (IdP) to authenticate and authorize users. In this scenario, Facebook and LinkedIn are the IdPs, and Salesforce is the SP. The SP receives a token from the IdP and uses it to access Salesforce resources. The other options are not correct for this scenario. References:
Service Provider, Social Sign-On with Authentication Providers


NEW QUESTION # 43
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

  • A. UC will be required to develop and support a custom SOAP web service.
  • B. The web service must reside on a public cloud service, such as Heroku.
  • C. Salesforce users will be locked out of Salesforce if the web service goes down.
  • D. Delegated Authentication is enabled or disabled for the entire Salesforce org.

Answer: A,C

Explanation:
Explanation
The two risks that the architect should point out for using delegated authentication as the sole means of authenticating Salesforce users are:
UC will be required to develop and support a custom SOAP web service. Delegated authentication is a feature that allows Salesforce to delegate the authentication process to an external service by making a SOAP callout to a web service that verifies the user's credentials. This feature requires UC to develop and support a custom SOAP web service that can accept and validate the user's username and password, and return a boolean value to indicate whether the authentication is successful or not. This could increase complexity and cost for UC, as they need to write custom code and maintain the web service.
Salesforce users will be locked out of Salesforce if the web service goes down. Delegated authentication relies on the availability and performance of the external web service that handles the authentication requests from Salesforce. If the web service goes down or becomes slow, Salesforce users will not be able to log in or access Salesforce, as they will receive an error message or a timeout response. This could cause disruption and frustration for UC's business operations and user satisfaction.
The other options are not valid risks for using delegated authentication. Delegated authentication can be enabled or disabled for individual users or groups of users by using permission sets or profiles, not for the entire Salesforce org. The web service does not need to reside on a public cloud service, such as Heroku, as it can be hosted on any platform that supports SOAP services and can communicate with Salesforce. References:
[Delegated Authentication], [Enable 'Delegated Authentication'], [Troubleshoot Delegated Authentication]


NEW QUESTION # 44
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

  • A. OAuth Tokens
  • B. Canvas App Integration
  • C. Authentication Providers
  • D. Connected App and OAuth scopes

Answer: D


NEW QUESTION # 45
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

  • A. OAuth Tokens
  • B. Canvas App Integration
  • C. Authentication Providers
  • D. Connected App and OAuth scopes

Answer: D

Explanation:
Explanation
To integrate the order fulfillment app with the Salesforce API using OAuth 2.0 protocol, the identity architect should use a Connected App and OAuth scopes. A Connected App is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as OAuth 2.0. OAuth scopes are permissions that define the specific data that an external application can access or modify in Salesforce. To use OAuth 2.0 protocol, the identity architect needs to configure a Connected App in Salesforce and assign the appropriate OAuth scopes to it, such as "api" or "full". References: Connected Apps, OAuth Scopes


NEW QUESTION # 46
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers

  • A. The Identity provider can store credentials for multiple applications.
  • B. The Identity Provider can centralize enterprise password policy.
  • C. The Identity Provider can authenticate multiple applications.
  • D. The Identity Provider can authenticate multiple social media accounts.

Answer: B,C


NEW QUESTION # 47
Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

  • A. A Salesforce Identity can be included but NTO will require Identity Connect.
  • B. Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
  • C. Salesforce Identity is not needed since NTO uses Microsoft AD.
  • D. Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.

Answer: A

Explanation:
Explanation
Identity Connect is a Salesforce product that integrates Microsoft Active Directory with Salesforce user records. It allows provisioning, deprovisioning, and authentication of users based on AD data. The other options are either incorrect or irrelevant for this use case. References: Get to Know Identity Connect, Identity Connect


NEW QUESTION # 48
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

  • A. The Self-Signed Certificates from the Certificate & Key Management menu.
  • B. The CA-Signed Certificate from the Certificate and Key Management menu.
  • C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
  • D. The default Client Certificate from the Develop--> API Menu.

Answer: B

Explanation:
Explanation
The CA-Signed Certificate from the Certificate and Key Management menu is the certificate that is sent along with the outbound message. An outbound message is a SOAP message that is sent from Salesforce to an external endpoint when a workflow rule or approval process is triggered. To ensure that the communication between Salesforce and the target system is secure, the outbound message can be signed with a certificate that is generated or uploaded in the Certificate and Key Management menu. The certificate must be CA-Signed, which means that it is issued by a trusted certificate authority (CA) that verifies the identity of the sender. The other options are not valid certificates for this purpose. The default client certificate from the Develop-> API Menu is a self-signed certificate that is used for testing purposes only and does not provide adequate security.
The default client certificate or a certificate from Certificate and Key Management menu is too vague and does not specify whether the certificate is CA-Signed or self-signed. The self-signed certificates from the Certificate
& Key Management menu are certificates that are generated by Salesforce without any verification by a CA, and they are not recommended for production use.
References: [Outbound Messages], [Sign Outbound Messages with a Certificate], [CA-Signed Certificates],
[Default Client Certificate], [Self-Signed Certificates]


NEW QUESTION # 49
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements?
Choose 2 answers

  • A. Connected Apps
  • B. salesforce Canvas
  • C. App Launcher
  • D. Identity Connect

Answer: B,C

Explanation:
Explanation
Salesforce Canvas is a tool that allows external applications to be embedded into Salesforce as iframes, which can provide a seamless user experience. App Launcher is a feature that allows users to access connected apps from a single location in Salesforce. To enable single sign-on and use Salesforce as the identity provider, the external billing application needs to be configured as a connected app and use an OAuth 2.0 or SAML protocol. Identity Connect is not relevant for this scenario, as it is a tool for synchronizing user data between Salesforce and Active Directory. References: Salesforce Canvas Developer Guide, App Launcher, Connected Apps


NEW QUESTION # 50
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

  • A. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
  • B. Allow partners to register through the IdP and create partner users in Salesforce through an API.
  • C. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
  • D. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.

Answer: C


NEW QUESTION # 51
......

Positive Aspects of Valid Dumps Identity-and-Access-Management-Architect Exam Dumps! : https://www.exam4tests.com/Identity-and-Access-Management-Architect-valid-braindumps.html

Share Latest Identity-and-Access-Management-ArchitectTest Practice Test Questions, Exam Dumps: https://drive.google.com/open?id=1BDXpRnXCF0RrKIUfujvhHuVtcE6uWwOx

Related Articles

more
Salesforce Identity-and-Access-Management-Architect Certification Practice Exam

Copyright © 2026 Exam4Tests NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy