Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam Practice Test Instant Access

Question 1

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

AThe CA-Signed Certificate from the Certificate and Key Management menu.

BThe default Client Certificate from the Develop--> API Menu.

CThe default Client Certificate or a Certificate from Certificate and Key Management menu.

DThe Self-Signed Certificates from the Certificate & Key Management menu.

Answer : B

Question 2

Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Dat

a. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

AIdentity Licence.

BSalesforce Licence.

CExternal Identity Licence.

DSalesforce Platform Licence.

Answer : D

Question 3

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).

Which feature of Identity Connect is applicable for this scenano?

AWhen Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.

BIf the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing
Salesforce users in First-in, First-out (FIFO) fashion.

CIdentity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.

DWhen configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Answer : A

Question 4

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

AQuery using OpenID Connect discovery endpoint.

BA Leverage OpenID Connect Token Introspection.

CCreate a custom OAuth scope.

DEnable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer : B

Question 5

which three are features of federated Single Sign-on solutions? Choose 3 answers

AIt federates credentials control to authorized applications.

BIt establishes trust between Identity store and service provider.

CIt solves all identity and access management problems.

DIt improves affiliated applications adoption rates.

EIt enables quick and easy provisioning and deactivating of users.

Answer : B, C, E

Question 6

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

AInstall Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

BBuild an integration that queries LDAP periodically and creates new active users in Salesforce.

CConfigure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

DBuild an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

Answer : C

Question 7

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.

Which two options should be utilized in creating an authentication provider?

Choose 2 answers

AA custom registration handier can be set.

BA custom error URL can be set.

CThe default login user can be set.

DThe default authentication provider certificate can be set.

Answer : A, B

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Salesforce Certified Platform Identity and Access Management Architect Exam Practice Test