Salesforce Identity-and-Access-Management-Architect Exam Practice Test Instant Access

Question 1

An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite).

An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce.

Which solution is recommended to meet this requirement?

AConfigure user Provisioning for Connected Apps.

BUpdate the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning.

CBuild a custom REST endpoint in Salesforce that Google Workspace can poll against.

DBuild an Apex trigger on the userlogin object to make asynchronous callouts to Google APIs.

Answer : A

Question 2

Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

AVerification URL

BClient Secret

CAccess Token

DScopes

Answer : B, C, D

Question 3

Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.

Which two roles are being performed by Salesforce?

Choose 2 answers

ASAML Identity Provider

BOAuth Client

COAuth Resource Server

DSAML Service Provider

Answer : B, D

Question 4

Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

The chief security officer is rolling out an org wide compliance policy to enforce re-venfication of devices if an employee has not logged in from that device in the last week.

Which connected app setting should be leveraged to comply with this policy change?

AScope - Deny refresh_token scope for this connected app.

BRefresh Token Policy - Expire the refresh token if it has not been used for 7 days.

CSession Policy - Set timeout value of the connected app to 7 days.

DPermitted User - Ask admins to maintain a list of users who are permitted based on last login date.

Answer : B

Question 5

A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.

How should an identity architect meet the above requirements with the privately distributed mobile app?

AUse connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.

BConfigure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.

CUse Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.

DCreate a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.

Answer : B

Question 6

The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.

The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.

Which two solutions should the IAM specialist recommend?

Choose 2 answers

AUse Experience Builder to build branded Reset and Forgot Password pages.

BBuild custom pages for branding requirements in Experience Cloud.

CBuild custom site pages for reset and forgot password features.

DLogin & Registration pages can be branded in the Community Administration settings.

Answer : A, D

Question 7

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.

Which Salesforce license should UC utilize to implement this use case?

AIdentity Only

BSalesforce Platform

CExternal Identity

DPartner Community

Answer : C

Salesforce Certified Identity and Access Management Architect Exam Practice Test