Salesforce Identity and Access Management Architect Exam Practice Test Instant Access

Question 1

Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce.

Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?

AUse a Login Flow to query SAML attributes and set permission sets.

BUse a Login Flow with invocable Apex to callout to the security application and set permission sets.

CUse the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.

DUse the Apex JIT handler to callout to the security application and set permission sets

Answer : B

Question 2

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.

Which Salesforce license should UC utilize to implement this use case?

AIdentity Only

BSalesforce Platform

CExternal Identity

DPartner Community

Answer : C

Question 3

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

ASet Permitted Users to 'Admin approved users are pre-authorized'.

BSet Permitted Users to 'All users may self-authorize'.

CSet the Session Timeout value to 3 months.

DSet the Refresh Token Policy to expire refresh token after 3 months.

Answer : B, D

Question 4

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

AIdentity Verification

BIdentity Connect

CIdentity Only

DExternal Identity

Answer : C

Question 5

Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.

Which approach will meet this requirement?

ACreate tasks for users who need to update their data or accept the new community rules.

BCreate a custom landing page and email campaign asking all community members to login and verify their data.

CCreate a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.

DAdd a banner to the community Home page asking users to update their profile and accept the new community rules.

Answer : C

Question 6

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

ALogin Inspector

BLogin History

CLogin Report

DLogin Forensics

Answer : D

Question 7

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

AA Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.

BConfigure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.

CConfigure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.

DDeploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.

Answer : A

Salesforce Identity and Access Management Architect Salesforce Certified Identity and Access Management Architect Exam Practice Test