IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

A. The Use Digital Signature option in the connected app.

B. The "web" OAuth scope in the connected app,

C. The "api" OAuth scope in the connected app.

D. The "edair_api" OAuth scope m the connected app.

A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the

Salesforce API using OAuth 2.0 protocol.

What should an identity architect use to fulfill this requirement?

A. Canvas App Integration

B. OAuth Tokens

C. Authentication Providers

D. Connected App and OAuth scopes

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.

B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.

C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

A. Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

B. Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

C. Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

D. Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

A. Use a custom attribute on the user object to control access to the mobile app

B. Use connected apps Oauth policies to restrict mobile app access to authorized users.

C. Use the permission set license to assign the mobile app permission to sales users

D. Add a new identity provider to authenticate and authorize mobile users.

Under which scenario Web Server flow will be used?

A. Used for web applications when server-side code needs to interact with APIS.

B. Used for server-side components when page needs to be rendered.

C. Used for mobile applications and testing legacy Integrations.

D. Used for verifying Access protected resources.

Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?

A. Neithersp - nor IDP - initiated SSO will work

B. Either sp - or IDP - initiated SSO will work

C. IDP - initiated SSO will not work

D. Sp-Initiated SSO will not work

Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

Which three steps should an identity architect take to implement social sign-on?

Choose 3 answers

A. Register both Facebook and Linkedln as connected apps.

B. Create authentication providers for both Facebook and Linkedln.

C. Check "Facebook" and "Linkedln" under Login Page Setup.

D. Enable "Federated Single Sign-On Using SAML".

E. Update the default registration handlers to create and update users.

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities. Which Salesforce OAuth authorization flow should be used?

A. OAuth 2.0 JWT Bearer How

B. OAuth 2.0 Device Flow

C. OAuth 2.0 User-Agent Flow

D. OAuth 2.0 Asset Token Flow

Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A. Disallow the use of single Sign-on for any users of the mobile app.

B. Require high assurance sessions in order to use the connected App

C. Use Google Authenticator as an additional part of the logical processes.

D. Set login IP ranges to the internal network for all of the app users profiles.