Salesforce Identity-and-Access-Management-Architect Exam Dumps

Salesforce Identity-and-Access-Management-Architect Exam Dumps

Salesforce Certified Identity and Access Management Architect (WI24)

245 Questions & Answers with Explanation
Update Date : February 22, 2024
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75

Money back Guarantee

We just do not compromise with the bright future of our respected customers. PassExam4Sure takes the future of clients quite seriously and we ensure that our Identity-and-Access-Management-Architect exam dumps get you through the line. If you think that our exam question and answers did not help you much with the exam paper and you failed it somehow, we will happily return all of your invested money with a full 100% refund.

100% Real Questions

We verify and assure the authenticity of Salesforce Identity-and-Access-Management-Architect exam dumps PDFs with 100% real and exam-oriented questions. Our exam questions and answers comprise 100% real exam questions from the latest and most recent exams in which you’re going to appear. So, our majestic library of exam dumps for Salesforce Identity-and-Access-Management-Architect is surely going to push on forward on the path of success.

Security & Privacy

Free for download Salesforce Identity-and-Access-Management-Architect demo papers are available for our customers to verify the authenticity of our legit helpful exam paper samples, and to authenticate what you will be getting from PassExam4Sure. We have tons of visitors daily who simply opt and try this process before making their purchase for Salesforce Identity-and-Access-Management-Architect exam dumps.

Last Week Identity-and-Access-Management-Architect Exam Results


Customers Passed Salesforce Identity-and-Access-Management-Architect Exam


Average Score In Real Identity-and-Access-Management-Architect Exam


Questions came from our Identity-and-Access-Management-Architect dumps.

Authentic Identity-and-Access-Management-Architect Exam Dumps

Prepare for Salesforce Identity-and-Access-Management-Architect Exam like a Pro

PassExam4Sure is famous for its top-notch services for providing the most helpful, accurate, and up-to-date material for Salesforce Identity-and-Access-Management-Architect exam in form of PDFs. Our Identity-and-Access-Management-Architect dumps for this particular exam is timely tested for any reviews in the content and if it needs any format changes or addition of new questions as per new exams conducted in recent times. Our highly-qualified professionals assure the guarantee that you will be passing out your exam with at least 85% marks overall. PassExam4Sure Salesforce Identity-and-Access-Management-Architect ProvenDumps is the best possible way to prepare and pass your certification exam.

Easy Access and Friendly UI

PassExam4Sure is your best buddy in providing you with the latest and most accurate material without any hidden charges or pointless scrolling. We value your time and we strive hard to provide you with the best possible formatting of the PDFs with accurate, to the point, and vital information about Salesforce Identity-and-Access-Management-Architect. PassExam4Sure is your 24/7 guide partner and our exam material is curated in a way that it will be easily readable on all smartphone devices, tabs, and laptop PCs.

PassExam4Sure - The Undisputed King for Preparing Identity-and-Access-Management-Architect Exam

We have a sheer focus on providing you with the best course material for Salesforce Identity-and-Access-Management-Architect. So that you may prepare your exam like a pro, and get certified within no time. Our practice exam material will give you the necessary confidence you need to sit, relax, and do the exam in a real exam environment. If you truly crave success then simply sign up for PassExam4Sure Salesforce Identity-and-Access-Management-Architect exam material. There are millions of people all over the globe who have completed their certification using PassExam4Sure exam dumps for Salesforce Identity-and-Access-Management-Architect.

100% Authentic Salesforce Identity-and-Access-Management-Architect – Study Guide (Update 2024)

Our Salesforce Identity-and-Access-Management-Architect exam questions and answers are reviewed by us on weekly basis. Our team of highly qualified Salesforce professionals, who once also cleared the exams using our certification content does all the analysis of our recent exam dumps. The team makes sure that you will be getting the latest and the greatest exam content to practice, and polish your skills the right way. All you got to do now is to practice, practice a lot by taking our demo questions exam, and making sure that you prepare well for the final examination. Salesforce Identity-and-Access-Management-Architect test is going to test you, play with your mind and psychology, and so be prepared for what’s coming. PassExam4Sure is here to help you and guide you in all steps you will be going through in your preparation for glory. Our free downloadable demo content can be checked out if you feel like testing us before investing your hard-earned money. PassExam4Sure guaranteed your success in the Salesforce Identity-and-Access-Management-Architect exam because we have the newest and most authentic exam material that cannot be found anywhere else on the internet.

Salesforce Identity-and-Access-Management-Architect Sample Questions

Question # 1

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered. What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP? 

A. Ensure that there is an HTTPS connection between IDP and SP. 
B. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a selfsigned certificate. 
C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP. 
D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP. 

Question # 2

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce. What should a identity architect recommend to create partners? 

A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping. 
B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store. 
C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs. 
D. Allow partners to register through the IdP and create partner users in Salesforce through an API. 

Question # 3

A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials. Once enabled, what role will Salesforce play? 

A. Facebook and Linkedln will be the SPs. 
B. Salesforce will be the service provider (SP). 
C. Salesforce will be the identity provider (IdP). 
D. Facebook and Linkedln will act as the IdPs and SPs. 

Question # 4

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours? 

A. Login Inspector 
B. Login History 
C. Login Report 
D. Login Forensics 

Question # 5

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAMLBASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers 

A. Configure SAML SSO settings. 
B. Configure Delegated Authentication 
C. Create a connected App 
D. Set up my domain 

Question # 6

An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API. One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security. Which OAuth flow should be used to fulfill the requirement? 

A. JWT Bearer Flow 
B. Web Server Flow 
C. User Agent Flow 
D. Username-Password Flow 

Question # 7

Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met? 

A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce. 
B. Use information in the Signed Request that is received from Facebook. 
C. Develop a scheduled job that calls out to Facebook on a nightly basis. 
D. Use the updateUser() method on the Registration Handler class. 

Question # 8

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers 

A. Delegated Authentication will not work with a.net service. 
B. Delegated Authentication will continue to work with rest services. 
C. Delegated Authentication will continue to work with a.net service. 
D. Delegated Authentication will not work with rest services. 

Question # 9

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue? 

A. The Oauth authorizations are being revoked by a nightly batch job. 
B. The refresh token expiration policy is set incorrectly in salesforce 
C. The app is requesting too many access Tokens in a 24-hour period 
D. The users forget to check the box to remember their credentials. 

Question # 10

Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community? 

A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
 B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
 C. Use a nightly batch ETL job to sync users between the Customer Community and the ecommerce platform and use SAML to allow SSO. 
D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO. 

Question # 11

Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers 

A. Disallow the use of single Sign-on for any users of the mobile app. 
B. Require high assurance sessions in order to use the connected App 
C. Use Google Authenticator as an additional part of the logical processes. 
D. Set login IP ranges to the internal network for all of the app users profiles.

Question # 12

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers? 

A. Customer Community license 
B. Identity license 
C. Customer Community Plus license 
D. External Identity license 

Question # 13

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers 

A. Users leaving laptops unattended and not logging out of Salesforce. 
B. Users accessing Salesforce from a public Wi-Fi access point. 
C. Users choosing passwords that are the same as their Facebook password. 
D. Users creating simple-to-guess password reset questions. 

Question # 14

Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app. The chief security officer is rolling out an org wide compliance policy to enforce re venfication of devices if an employee has not logged in from that device in the last week. Which connected app setting should be leveraged to comply with this policy change?

A. Scope - Deny refresh_token scope for this connected app. 
B. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days. 
C. Session Policy - Set timeout value of the connected app to 7 days. 
D. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date. 

Question # 15

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers 

A. The Federation ID must be a valid Salesforce Username
 B. The Federation ID must is case sensitive 
C. The Federation ID must be in the form of an email address. 
D. The Federation ID must be populated on the user record. 

Question # 16

Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

A. Check the Refresh Token policy defined in the Salesforce Connected App. 
B. Validate that the users are checking the box to remember their passwords. 
C. Verify that the Callback URL is correctly pointing to the new URI Scheme. 
D. Confirm that the access Token's Time-To-Live policy has been set appropriately. 

Question # 17

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account. NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud. What should an Identity architect do to fulfill the requirement? 

A. Configure an authentication provider for Social Login using Google and a custom registration handler. 
B. Implement a Just-in-Time handler class that has logic to create cases upon first login. 
C. Create an authentication provider for Social Login using Google and leverage standard registration handler. 
D. Implement a login flow with a record create component for Case. 

Related Exams

Our Clients Say About Salesforce Identity-and-Access-Management-Architect Exam