IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT Online Practice Questions and Answers

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

A. Refresh token

B. API

C. full

D. Web

Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

A. The self-registration process will produce an error to the user.

B. The self-registration page will ask user to select an account.

C. The self-registration process will create a person Account record.

D. The self-registration page will create a new account record.

Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.

Which two recommendations should an identity architect make to fulfill this requirement?

Choose 2 answers

A. Add customers as contacts and add them to Experience Cloud site.

B. Enable Welcome emails while configuring the Experience Cloud site.

C. Allow Password reset using the API to update Experience Cloud site membership.

D. Use Login Flows to allow users to reset password in Experience Cloud site.

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

A. As part of the body of a Salesforce Knowledge article.

B. In the mobile navigation menu on Salesforce for Android.

C. The sidebar of a Salesforce Console as a console component.

D. Included in the Call Control Tool that's part of Open CTI.

Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

A. Include client ID and client secret in the login header callout.

B. Set up a proxy server for the login service in the DMZ.

C. Require the use of Salesforce security Tokens on password.

D. Enforce mutual Authentication between systems using SSL.

Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?

A. Web

B. Full

C. API

D. Visualforce

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

A. Identity Verification

B. Identity Connect

C. Identity Only

D. External Identity

Users logging into Salesforce are frequently prompted to verify their identity.

The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.

What should the identity architect recommend to meet the requirement?

A. Implement 2FA authentication for the Salesforce org.

B. Set trusted IP ranges for the organization.

C. Implement an single sign-on for Salesforce using an external identity provider.

D. Implement multi-factor authentication for the Salesforce org.

Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org. Which three steps should the identity architect use to implement this requirement?

Choose 3 answers

A. Create an approval process for a custom object associated with the provisioning flow.

B. Create a connected app for Concur in Salesforce.

C. Enable User Provisioning for the connected app.

D. Create an approval process for user object associated with the provisioning flow.

E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

A. Customer Community license

B. Identity license

C. Customer Community Plus license

D. External Identity license