- Expert Verified, Online, Free.

MAIL US

info@examtopicspro.com

Salesforce Identity and Access Management Architect Exam Questions

Certification Exams

Downloadable PDF versions

100% Confidential

Updated Regularly

Advanced Features

Number Of Questions

243

$ 39

Description

Exam Name: Salesforce Certified Identity and Access Management Architect
Exam Code: Identity and Access Management Architect
Related Certification(s): Salesforce Architect Certification
Certification Provider: Salesforce
Actual Exam Duration: 120 Minutes
Number of Identity and Access Management Architect practice questions in our database: 248

Expected Identity and Access Management Architect Exam Topics, as suggested by Salesforce :

  • Module 1: Identity Management Concepts: This topic covers common authentication patterns, building blocks of identity solutions (authentication, authorization, accountability), and establishing trust between systems. It also includes methods for provisioning users in Salesforce and troubleshooting common points of failure in SSO solutions.
  • Module 2: Accepting Third-Party Identity in Salesforce: It discusses cases where Salesforce acts as a Service Provider (SP), methods for provisioning users from identity stores (B2E, B2C), appropriate authentication mechanisms for accepting third-party identities, and ways to provision users to enable SSO while applying access rights. Moreover, the topic also addresses auditing, monitoring approaches, and tools to diagnose IdP issues.
  • Module 3: Salesforce as an Identity Provider: In this topic, you’ll find information on OAuth flows, configuring Connected Apps for authorization, and implementation concepts of OAuth. It also recommends Salesforce technologies to provide identity to third-party systems.
  • Module 4: Access Management Best Practices: This topic covers methods of multi-factor authentication (MFA), assigning roles, profiles, and permission sets during SSO, auditing and verifying activity post-login, and configuring settings for a Connected App.
  • Module 5: Salesforce Identity: This topic explains the role of Identity Connect in Salesforce Identity implementations, the fit of Salesforce Customer 360 Identity in a comprehensive Customer 360 solution, and recommendations for Salesforce license types based on specific requirements.
  • Module 6: Community (Partner and Customer): Here, you’ll find details on customizing user experiences in Experience Cloud, supporting external IdPs in communities, understanding External Identity solutions and associated licenses, and when to use embedded login based on different scenarios.

Description

Exam Name: Salesforce Certified Identity and Access Management Architect
Exam Code: Identity and Access Management Architect
Related Certification(s): Salesforce Architect Certification
Certification Provider: Salesforce
Actual Exam Duration: 120 Minutes
Number of Identity and Access Management Architect practice questions in our database: 248

Expected Identity and Access Management Architect Exam Topics, as suggested by Salesforce :

  • Module 1: Identity Management Concepts: This topic covers common authentication patterns, building blocks of identity solutions (authentication, authorization, accountability), and establishing trust between systems. It also includes methods for provisioning users in Salesforce and troubleshooting common points of failure in SSO solutions.
  • Module 2: Accepting Third-Party Identity in Salesforce: It discusses cases where Salesforce acts as a Service Provider (SP), methods for provisioning users from identity stores (B2E, B2C), appropriate authentication mechanisms for accepting third-party identities, and ways to provision users to enable SSO while applying access rights. Moreover, the topic also addresses auditing, monitoring approaches, and tools to diagnose IdP issues.
  • Module 3: Salesforce as an Identity Provider: In this topic, you’ll find information on OAuth flows, configuring Connected Apps for authorization, and implementation concepts of OAuth. It also recommends Salesforce technologies to provide identity to third-party systems.
  • Module 4: Access Management Best Practices: This topic covers methods of multi-factor authentication (MFA), assigning roles, profiles, and permission sets during SSO, auditing and verifying activity post-login, and configuring settings for a Connected App.
  • Module 5: Salesforce Identity: This topic explains the role of Identity Connect in Salesforce Identity implementations, the fit of Salesforce Customer 360 Identity in a comprehensive Customer 360 solution, and recommendations for Salesforce license types based on specific requirements.
  • Module 6: Community (Partner and Customer): Here, you’ll find details on customizing user experiences in Experience Cloud, supporting external IdPs in communities, understanding External Identity solutions and associated licenses, and when to use embedded login based on different scenarios.

Reviews

There are no reviews yet.

Be the first to review “Salesforce Identity and Access Management Architect Exam Questions”

Your email address will not be published. Required fields are marked *

Q1. An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered. What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

A.Ensure that there is an HTTPS connection between IDP and SP.

B. Ensure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Correct Answer: D

Q2. An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is recommended to meet this requirement?

A.Configure user Provisioning for Connected Apps.

B. Update the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning.

C. Build a custom REST endpoint in Salesforce that Google Workspace can poll against.

D. Build an Apex trigger on the userlogin object to make asynchronous callouts to Google APIs.

Correct Answer: A

Q3. Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months. Which two connected app options need to be configured to fulfill this use case?

A.Set Permitted Users to 'Admin approved users are pre-authorized'.

B. Set Permitted Users to 'All users may self-authorize'.

C. Set the Session Timeout value to 3 months.

D. Set the Refresh Token Policy to expire refresh token after 3 months.

Correct Answer: B, D

Q4. Northern Trail Outfitters mar ages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce. Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?

A.Use a Login Flow to query SAML attributes and set permission sets.

B. Use a Login Flow with invocable Apex to callout to the security application and set permission sets.

C. Use the Apex Just-in-Time (JIT) handler to query the Security Assertion markup Language (SAML) attributes and set permission sets.

D. Use the Apex JIT handler to callout to the security application and set permission sets

Correct Answer: B

Q5. A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in. Which Salesforce feature should be used to debug the issue?

A.Apex Exception Email

B. View Setup Audit Trail

C. Debug Logs

D. Login History

Correct Answer: D

Frequently Asked Questions

ExamTopics Pro is a premium service offering a comprehensive collection of exam questions and answers for over 1000 certification exams. It is regularly updated and designed to help users pass their certification exams confidently.
Please contact team@examtopics.com and we will provide you with alternative payment options.
The subscriptions at Examtopics.com are recurring according to the Billing Cycle of your Subscription Plan, i.e. after a certain period of time your credit card is re-billed automatically until/unless you cancel your subscription.
Free updates are available for the duration of your subscription, after the subscription is expired, your access will no longer be available.