This page was exported from Actual Test Materials [ http://blog.actualtests4sure.com ] Export date:Fri Nov 15 20:42:35 2024 / +0000 GMT ___________________________________________________ Title: Free 2022 Identity-and-Access-Management-Architect Dumps 100 Pass Guarantee With Latest Demo [Q115-Q131] --------------------------------------------------- Free 2022 Identity-and-Access-Management-Architect Dumps 100 Pass Guarantee With Latest Demo Prepare Identity-and-Access-Management-Architect Question Answers Free Update With 100% Exam Passing Guarantee [2022] Salesforce Identity-and-Access-Management-Architect Exam Syllabus Topics: TopicDetailsTopic 1Given a scenario, recommend appropriate Scope and Configuration of the connected App for Authorization Given a scenario, determine when to use embedded loginTopic 2Troubleshoot common points of failure that may be encountered in a single sign-on solution Describe the tools that are available to diagnose IdP issuesTopic 3Describe the capabilities for customizing the user experience for Experience Cloud Given a scenario, identify the most appropriate OAuth flowTopic 4Identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights Identify the auditing and monitoring approaches available on the platformTopic 5Given a scenario, recommend the most appropriate way to provision users from identity stores in B2E and B2C scenarios Recommend the appropriate method for provisioning users in SalesforceTopic 6Given a scenario, describe what tools you can apply to audit and verify the activityuser during and after login Describe how trust is established between two systemsTopic 7Describe the various implementation concepts of OAuth Describe the building blocks that are part of an identity solutionTopic 8Given a scenario identify if Salesforce Customer 360 Identity fits into a fully developed Customer 360 solution Given a use case, describe when Salesforce is used as a Service ProviderTopic 9Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses Identify the role Identity Connect product plays in a Salesforce Identity implementation   NO.115 Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?  Use the updateuser() method on the registration handler class.  Use SAML just-in-time provisioning between Facebook and Salesforce  Use information in the signed request that is received from Facebook.  Develop a schedule job that calls out to Facebook on a nightly basis. NO.116 Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers  Google is the identity provider  Salesforce is the identity provider  Google is the service provider  Salesforce is the service provider NO.117 Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).Which three OAuth concepts apply to this flow?Choose 3 answers  Client ID  Refresh Token  Authorization Code  Verification Code  Scopes NO.118 An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).Mow can end users change their password?  Users once logged In, can go to the Change Password screen in Salesforce.  Users can click on the “Forgot your Password” link on the Salesforce.com login page.  Users can request the Salesforce Admin to reset their password.  Users can change it on the enterprise LDAP authentication portal. NO.119 A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.Which two steps should an identity architect recommend?Choose 2 answers  Implement Auth.SamlJitHandler Interface.  Create and update methods.  Implement RegistrationHandler Interface.  Implement SesslonManagement Class. NO.120 Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers  The web application should be hosted on a secure server.  The web server must be able to protect consumer privacy  The flow involves passing the user credentials back and forth.  The flow will not provide an Oauth refresh token back to the server. NO.121 In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?  RedirectURL  RelayState  DisplayState  StartURL NO.122 Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups.The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?  Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.  Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.  Use a login flow to query custom SAML attributes and set permission sets.  Use a login flow to query standard SAML attributes and set permission sets. NO.123 Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC’s Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers  Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.  Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.  Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.  Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners. NO.124 Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers  Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC’s IdP.  Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.  Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.  Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp. NO.125 Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.What role combination is represented by the systems in this scenario”  Financial System and CPQ System are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.  Salesforce Org1 and PingFederate are acting as Identity Providers. NO.126 Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.Which two roles are being performed by Salesforce?Choose 2 answers  SAML Identity Provider  OAuth Client  OAuth Resource Server  SAML Service Provider NO.127 Which two considerations should be made when implementing Delegated Authentication?Choose 2 answers  The authentication web service can include custom attributes.  It can be used to authenticate API clients and mobile apps.  It requires trusted IP ranges at the User Profile level.  Salesforce servers receive but do not validate a user’s credentials.  Just-in-time Provisioning can be configured for new users. NO.128 An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?  The administrator forgot to reset the new user’s salesforce password.  The Federation ID field on the new user records is not correctly set  The my domain capability is not enabled on the new user’s profile.  The new users do not have the SSO permission enabled on their profiles. NO.129 Universal Container’s (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.Which two options should be utilized in creating an authentication provider?Choose 2 answers  A custom registration handier can be set.  A custom error URL can be set.  The default login user can be set.  The default authentication provider certificate can be set. NO.130 Universal containers (UC) has a classified information system that it’s call centre team uses only when they are working on a case with a record type of “classified”. They are only allowed to access the system when they own an open “classified” case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff’s access to the classified information system based on whether they currently own an open “classified” case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open “classified” case record criteria?  Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open “classified” cases.  Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open “classified” case, and remove it when the case is closed.  Use custom SAML jit provisioning to dynamically query the user’s open “classified” cases when attempting to access the classified information system  Use salesforce reports to identify users that currently owns open “classified” cases and should be granted access to the classified information system. NO.131 Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.Which two Salesforce tools should an identity architect recommend to satisfy the requirements?Choose 2 answers  salesforce Canvas  Identity Connect  Connected Apps  App Launcher  Loading … Dumps Real Salesforce Identity-and-Access-Management-Architect Exam Questions [Updated 2022]: https://www.actualtests4sure.com/Identity-and-Access-Management-Architect-test-questions.html --------------------------------------------------- Images: https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif https://blog.actualtests4sure.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-12-15 10:01:46 Post date GMT: 2022-12-15 10:01:46 Post modified date: 2022-12-15 10:01:46 Post modified date GMT: 2022-12-15 10:01:46