Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam Questions Instant Access

Question 1

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:

1. Enter a phone number and/or email address

2. Enter a verification code that is to be sent via email or text.

What is the recommended approach to fulfill this requirement?

ACreate a Login Discovery page and provide a Login Discovery Handler Apex class.

BCreate a custom login page with an Apex controller. The controller has logic to send and verify the identity.

CCreate an Authentication provider and implement a self-registration handler class.

DCreate a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Answer : A

Question 2

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

AThe web service needs to include Source IP as a method parameter.

BUC should whitelist all salesforce ip ranges on their corporate firewall.

CThe web service can be written using either the soap or rest protocol.

DDelegated Authentication is enabled for the system administrator profile.

EThe return type of the Web service method should be a Boolean value

Answer : A, B, E

Question 3

Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location. Which two options should an architect recommend? Choose 2 answers

ARelax the ip restriction in the connect app settings for the salesforce1 mobile app

BUse login flow to bypass ip range restriction for the mobile app.

CRelax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app

DRemove existing restrictions on ip ranges for all types of user access.

Answer : A, B

Question 4

A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

ALogin Forensics

BLogin Report

CLogin Inspector

DLogin History

Answer : A

Question 5

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.

Which Salesforce OAuth authorization flow should be used?

AOAuth 2.0 JWT Bearer How

BOAuth 2.0 Device Flow

COAuth 2.0 User-Agent Flow

DOAuth 2.0 Asset Token Flow

Answer : B

Question 6

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

AEntity id

BIssuer

CIdentity provider login URL

DSAML identity location

Answer : A

Question 7

An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.

Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

AAssign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.

BUse Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.

CCreate a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.

DCreate a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.

Answer : A