Dumps4free
Discount Offer
Go Back on Identity-and-Access-Management-Architect Exam
Available in 1, 3, 6 and 12 Months Free Updates Plans
PDF: $15 $60

Test Engine: $20 $80

PDF + Engine: $25 $99



Pass exam with Dumps4free or we will provide you with three additional months of access for FREE.

Identity-and-Access-Management-Architect Practice Test

Whether you're a beginner or brushing up on skills, our Identity-and-Access-Management-Architect practice exam is your key to success. Our comprehensive question bank covers all key topics, ensuring you’re fully prepared.


Page 6 out of 51 Pages

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?


A. Validate token


B. Create token


C. Consume token


D. Revoke token





B.   Create token

Explanation

Creating a token is one of the roles of an Identity Provider in a Single Sign-on setup using SAML. SAMLis a standard protocol that allows users to access multiple applications with a single login. In SAML, an Identity Provider (IdP) is a system that authenticates users and issues a security token that contains information about the user’s identity and permissions. A Service Provider (SP) is a system that consumes the token and grants access to the user based on the token’s attributes. The other options are not roles of an IdP, but rather functions of the SAML protocol or the SP.

Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.

Which three steps should an identity architect take to implement social sign-on? Choose 3 answers


A. Register both Facebook and Linkedln as connected apps.


B. Create authentication providers for both Facebook and Linkedln.


C. Check "Facebook" and "Linkedln" under Login Page Setup.


D. Enable "Federated Single Sign-On Using SAML".


E. Update the default registration handlers to create and update users.





B.   Create authentication providers for both Facebook and Linkedln.

C.   Check "Facebook" and "Linkedln" under Login Page Setup.

E.   Update the default registration handlers to create and update users.

Explanation

To implement social sign-on for customers to register and log in to a portal built on Salesforce Experience Cloud using their Facebook or LinkedIn credentials, the identity architect should take three steps:

Create authentication providers for both Facebook and LinkedIn. Authentication providers are configurations that enable users to authenticate with an external identity provider and access Salesforce resources. Salesforce provides predefined authentication providers for some common identity providers, such as Facebook and LinkedIn, which can be easily configured with minimal customization.

Check “Facebook” and “LinkedIn” under Login Page Setup. Login Page Setup is a setting that allows administrators to customize the login page for Experience Cloud sites. By checking “Facebook” and “LinkedIn”, the identity architect can enable social sign-on buttons for these identity providers on the login page.

Update the default registration handlers to create and update users. Registration handlers are classes that implement the Auth. Registration Handler interface and define how to create or update users in Salesforce based on the information from the external identity provider. The identity architect can update the default registration handlers to link the user’s social identity with their Salesforce identity and prevent duplicate accounts. References: Authentication Providers, Social Sign-On with Authentication Providers, Login Page Setup, Create a Custom Registration Handler.

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate main frame credentials.

How can the Architect meet these requirements?


A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.


B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.


C. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.


D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.





C.   Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.

Explanation

The best way to meet the requirements of UC isto implement Just-In-Time Provisioning on the mainframe to create the user on the fly. According to the Salesforce documentation, “Just-in-time provisioning lets you create or update user accounts on the fly when users log in to Salesforce using single sign-on (SSO).” This way, UC can authenticate users to Salesforce using their mainframe credentials and also create or update their user accounts in Salesforce without using a SAML provider. Therefore, option C is the correct answer.

References: [Just-in-Time Provisioning]

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?


A. Identity Verification


B. Identity Connect


C. Identity Only


D. External Identity





C.   Identity Only

Explanation

To use Salesforce Identity to control access to the custom time tracking app, the identity architect should use the Identity Only license. The Identity Only license is a license type that enables users to access external applications that are integrated with Salesforce using single sign-on (SSO) or delegated authentication, but not access Salesforce objects or data. The other license types are not relevant for this scenario.

References: Identity Only License, User Licenses

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?


A. Customer Community license


B. Identity license


C. Customer Community Plus license


D. External Identity license





D.   External Identity license

Explanation

D is correct because External Identity license is designed forcustomers who need to log in to Salesforce using external authentication providers, such as Facebook and Google. External Identity license also supports App Launcher, which allows customers to access other applications from Salesforce using OAuth or OpenIDConnect .

A is incorrect because Customer Community license is designed for customers who need to access data and records in Salesforce, such as cases, accounts, and contacts. Customer Community license does not support App Launcher or external authentication providers.

B is incorrect because Identity license is designed for employees who need to access multiple applications from Salesforce using SSO and App Launcher. Identity license does not support external authentication providers or customer data access.

C is incorrect because Customer Community Plus license is designed for customers who need to access data and records in Salesforce, as well as collaborate with other customers and partners. Customer Community Plus license does not support App Launcheror external authentication providers.

References: : Salesforce Licensing Module - Trailhead : Free Salesforce Identity-and-Access-Management-Architect Questions … : Salesforce Licensing Module - Trailhead : Salesforce Licensing Module - Trailhead : Salesforce Licensing Module - Trailhead


Page 6 out of 51 Pages
Previous