Salesforce Identity and Access Management Architect Exam Practice Test Instant Access

Question 1

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement?

Choose 2 answers

AThe Use Digital Signature option in the connected app.

BThe 'web' OAuth scope in the connected app,

CThe 'api' OAuth scope in the connected app.

DThe 'edair_api' OAuth scope m the connected app.

Answer : A, C

Question 2

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

AConfigure the main salesforce org as an Authentication provider.

BConfigure the main salesforce org as the Identity provider.

CConfigure the regional salesforce orgs as Identity Providers.

DConfigure the main Salesforce org as a service provider.

Answer : B

Question 3

A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.

What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

AUse a connected app with user provisioning flow.

BCreate Canvas app in Salesforce for third-party app to provision users.

CRedirect users to the third-party app for registration.

DUse Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

Answer : A

Question 4

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

ARequire the use of Salesforce security tokens on passwords.

BEnforce mutual authentication between systems using SSL.

CInclude Client Id and Client Secret in the login header callout.

DSet up a proxy service for the login service in the DMZ.

Answer : A

Question 5

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

AThe CA-Signed Certificate from the Certificate and Key Management menu.

BThe default Client Certificate from the Develop--> API Menu.

CThe default Client Certificate or a Certificate from Certificate and Key Management menu.

DThe Self-Signed Certificates from the Certificate & Key Management menu.

Answer : B

Question 6

Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

ACustom_permissions

BApi

CRefresh_token

DFull

Answer : B, C

Question 7

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

AFederation ID

BSalesforce User ID

CUser Full Name

DUser Email Address

ESalesforce Username

Answer : A, C, D

Salesforce Identity and Access Management Architect Salesforce Certified Identity and Access Management Architect Exam Practice Test