Salesforce Identity and Access Management Architect Exam Practice Test Instant Access

Question 1

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.

What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

AEnsure that there is an HTTPS connection between IDP and SP.

BEnsure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

CEnsure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

DEncrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer : D

Question 2

An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).

Mow can end users change their password?

AUsers once logged In, can go to the Change Password screen in Salesforce.

BUsers can click on the 'Forgot your Password' link on the Salesforce.com login page.

CUsers can request the Salesforce Admin to reset their password.

DUsers can change it on the enterprise LDAP authentication portal.

Answer : C

Question 3

Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.

Which OAuth flow should the identity architect recommend to meet the requirement?

AOAuth 2.0 Asset Token Flow for Securing Connected Devices

BOAuth 2.0 Username-Password Flow for Special Scenarios

COAuth 2.0 Web Server Flow for Web App Integration

DOAuth 2.0 JWT Bearer Flow for Server-to-Server Integration

Answer : A

Question 4

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

Which configuration will meet this requirement?

ACreate and assign a permission set to all employees that includes 'MFA for User Interface Logins.'

BCreate a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

CEnable 'MFA for User Interface Logins' for your organization from Setup -> Identity Verification.

DFor all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

Answer : C

Question 5

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:

1. Users should not have to login every time they use the app.

2. The app should be able to make calls to the Salesforce REST API.

3. End users should NOT see the OAuth approval page.

How should the identity architect configure the Salesforce connected app to meet the requirements?

AEnable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to 'Admin Pre-Approved'.

BEnable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved'.

CEnable the Full Access Scope and then set the connected app access settings to 'Admin Pre-Approved'.

DEnable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to 'User may self authorize'.

Answer : A

Question 6

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

ALogin Inspector

BLogin History

CLogin Report

DLogin Forensics

Answer : D

Question 7

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

AA Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.

BConfigure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.

CConfigure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.

DDeploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.

Answer : A

Salesforce Identity and Access Management Architect Salesforce Certified Identity and Access Management Architect Exam Practice Test