New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Pass Identity-and-Access-Management-Architect Exam Guide

Page: 7 / 18
Question 28

Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

Options:

A.

Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.

B.

Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.

C.

Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system

D.

Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.

Question 29

Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users’ access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

Options:

A.

User-Agent

B.

IDP-initiated

C.

Sp-Initiated

D.

Web server

Question 30

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

Options:

A.

Use the updateUser method on the registration Handler Class.

B.

Develop a scheduled job that calls out to Facebook on a nightly basis.

C.

Use information in the signed Request that is received from facebook.

D.

Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Question 31

Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprint as a form of identification for salesforce Authentication?

Options:

A.

Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

B.

Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

C.

Use an AppExchange product that does fingerprint scanning with native salesforce identity confirmation.

D.

Use custom login flows with callouts to a third-party fingerprint scanning application.

Page: 7 / 18
Exam Name: Salesforce Certified Identity andAccess Management Architect (SU24)
Last Update: Dec 22, 2024
Questions: 243
Identity-and-Access-Management-Architect pdf

Identity-and-Access-Management-Architect PDF

$25.5  $84.99
Identity-and-Access-Management-Architect Engine

Identity-and-Access-Management-Architect Testing Engine

$28.5  $94.99
Identity-and-Access-Management-Architect PDF + Engine

Identity-and-Access-Management-Architect PDF + Testing Engine

$40.5  $134.99