Salesforce Salesforce Certifications IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Questions & Answers

• Question 241:

  The security team at Universal Containers (UC) has identified exporting reports as a high- risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.

  B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

  C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

  D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

  Correct Answer: C

• Question 242:

  A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

  

  The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint. What should an Identity architect do to meet this requirement?

  A. Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.

  B. Configure the company firewall to allow traffic from Salesforce IP ranges.

  C. Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.

  D. Upload a third-party certificate from Salesforce into the on-premise server.

  Correct Answer: B

• Question 243:

  Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.

  B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.

  C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.

  D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

  Correct Answer: C

• Question 244:

  Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

  Which two settings need to be configured in the connect app to support this requirement?

  Choose 2 answers

  A. The Use Digital Signature option in the connected app.

  B. The "web" OAuth scope in the connected app,

  C. The "api" OAuth scope in the connected app.

  D. The "edair_api" OAuth scope m the connected app.

  Correct Answer: AC

• Question 245:

  Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third- party employee portal only supports OAuth.

  What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

  A. Configure SSO to use the third party portal as an identity provider.

  B. Create a custom external authentication provider.

  C. Add the third-party portal as a connected app.

  D. Configure Salesforce for Delegated Authentication.

  Correct Answer: A

• Question 246:

  The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience. What should be used and considered before recommending it as a solution on the Salesforce Platform?

  A. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.

  B. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.

  C. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.

  D. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.

  Correct Answer: D

• Question 247:

  Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.

  How should an identity architect configure AWS to authenticate and authorize Salesforce users?

  A. Configure the custom employee app as a connected app.

  B. Configure AWS as an OpenID Connect Provider.

  C. Create a custom external authentication provider.

  D. Develop a custom Auth server in AWS.

  Correct Answer: B