Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam Questions Instant Access

Question 1

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

What should be enabled in Salesforce as a prerequisite?

AMy Domain

BExternal Identity

CIdentity Provider

DMulti-Factor Authentication

Answer : A

Question 2

which three are features of federated Single Sign-on solutions? Choose 3 answers

AIt federates credentials control to authorized applications.

BIt establishes trust between Identity store and service provider.

CIt solves all identity and access management problems.

DIt improves affiliated applications adoption rates.

EIt enables quick and easy provisioning and deactivating of users.

Answer : B, C, E

Question 3

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

AConfigure SAML SSO settings.

BCreate a Connected App.

CConfigure Delegated Authentication.

DSet up My Domain.

Answer : A, D

Question 4

Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.

NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.

What role does identity Connect play in the outlined requirements?

AService Provider

BSingle Sign-On

CIdentity Provider

DUser Management

Answer : D

Question 5

Northern Trail Outfitters (NTO) is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page.

The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.

Which approach should the identity architect recommend?

ACreate a full sandbox to replicate the portal site and update the branding accordingly.

BImplement Experience ID in the code and extend the URLs and endpoints, as required.

CUse Heroku to build the new brand site and embedded login to reuse identities.

DConfigure an additional community site on the same org that is dedicated for the new brand.

Answer : B

Question 6

What item should an Architect consider when designing a Delegated Authentication implementation?

AThe Web service should be secured with TLS using Salesforce trusted certificates.

BThe Web service should be able to accept one to four input method parameters.

CThe web service should use the Salesforce Federation ID to identify the user.

DThe Web service should implement a custom password decryption method.

Answer : A

Question 7

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?