Salesforce Identity and Access Management Architect Exam Practice Test Instant Access

Question 1

Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.

After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.

Which three steps should an identity architect follow to implement the outlined requirements?

Choose 3 answers

AEnable 'Allow customers and partners to self-register'.

BSelect the 'Configurable Self-Reg Page' option under Login & Registration.

CSet jp an external login page and call Salesforce APIs for user creation.

DCustomize the self-registration Apex handler to temporarily associate the user to a shared single contact record.

ECustomize me self-registration Apex handler to create only the user record.

Answer : A, B, E

Question 2

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

AReview the User record and evaluate the login and transaction history.

BDownload the Setup Audit Trail and review all recent activities performed by the user.

CDownload the Identity Provider Event Log and evaluate the details of activities performed by the user.

DDownload the Login History and evaluate the details of logins performed by the user.

Answer : D

Question 3

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

ACreate a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

BConfigure an authentication provider to delegate authentication to the LDAP directory.

Cuse a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

DSetup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer : B

Question 4

A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.

Which Salesforce feature should be used to debug the issue?

AApex Exception Email

BView Setup Audit Trail

CDebug Logs

DLogin History

Answer : D

Question 5

An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite).

An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce.

Which solution is recommended to meet this requirement?

AConfigure user Provisioning for Connected Apps.

BUpdate the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning.

CBuild a custom REST endpoint in Salesforce that Google Workspace can poll against.

DBuild an Apex trigger on the userlogin object to make asynchronous callouts to Google APIs.

Answer : A

Question 6

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.

How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

AConfigure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.

BHave generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.

CHave generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

DEnable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

Answer : D

Question 7

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

AMerge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

BDelete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

CContacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

DEnable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

Answer : C

Salesforce Identity and Access Management Architect Salesforce Certified Identity and Access Management Architect Exam Practice Test