Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Identity-and-Access-Management-Architect Exam Dumps - Salesforce Identity and Access Management Designer Questions and Answers

Question # 4

A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.

Which feature should an identity architect recommend to meet the requirements?

Options:

A.

Integrate with social websites (Facebook, Linkedin. Twitter)

B.

Use an external Identity Provider

C.

Create a custom Lightning Web Component

D.

Use Login Discovery

Buy Now
Question # 5

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

Options:

A.

Enable Facebook and Linkedin as Login options in the login section of the Community configuration.

B.

Create custom Registration Handlers to link Linkedin and facebook accounts to user records.

C.

Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.

D.

Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Buy Now
Question # 6

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

Options:

A.

Require users to provide their RSA token along with their credentials.

B.

Require users to supply their email and phone number, which gets validated.

C.

Require users to enter a second password after the first Authentication

D.

Require users to use a biometric reader as well as their password

Buy Now
Question # 7

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

Options:

A.

The Use Digital Signature option in the connected app.

B.

The "web" OAuth scope in the connected app,

C.

The "api" OAuth scope in the connected app.

D.

The "edair_api" OAuth scope m the connected app.

Buy Now
Question # 8

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

Options:

A.

IdP-initiated SSO will NOT work.

B.

Neither SP- nor IdP-initiated SSO will work.

C.

Either SP- or IdP-initiated SSO will work.

D.

SP-initiated SSO will NOT work

Buy Now
Question # 9

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

Options:

A.

Users leaving laptops unattended and not logging out of Salesforce.

B.

Users accessing Salesforce from a public Wi-Fi access point.

C.

Users choosing passwords that are the same as their Facebook password.

D.

Users creating simple-to-guess password reset questions.

Buy Now
Question # 10

What item should an Architect consider when designing a Delegated Authentication implementation?

Options:

A.

The Web service should be secured with TLS using Salesforce trusted certificates.

B.

The Web service should be able to accept one to four input method parameters.

C.

The web service should use the Salesforce Federation ID to identify the user.

D.

The Web service should implement a custom password decryption method.

Buy Now
Question # 11

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

Options:

A.

Set Permitted Users to "Admin approved users are pre-authorized".

B.

Set Permitted Users to "All users may self-authorize".

C.

Set the Session Timeout value to 3 months.

D.

Set the Refresh Token Policy to expire refresh token after 3 months.

Buy Now
Question # 12

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

Options:

A.

Reference to a URL redirect parameter at the identity provider.

B.

Reference to a URL redirect parameter at the service provider.

C.

Reference to the login address URL of the service provider.

D.

Reference to the login address URL of the identity Provider.

Buy Now
Question # 13

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.

How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

Options:

A.

Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.

B.

Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.

C.

Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

D.

Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

Buy Now
Exam Name: Salesforce Certified Identity andAccess Management Architect (SU24)
Last Update: Feb 18, 2025
Questions: 243
Identity-and-Access-Management-Architect pdf

Identity-and-Access-Management-Architect PDF

$29.75  $84.99
Identity-and-Access-Management-Architect Engine

Identity-and-Access-Management-Architect Testing Engine

$33.25  $94.99
Identity-and-Access-Management-Architect PDF + Engine

Identity-and-Access-Management-Architect PDF + Testing Engine

$47.25  $134.99