Salesforce Salesforce Certified Platform Identity and Access Management Architect 시험

Question No : 1

Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users? Choose 2 answers

• A.Select "Enable as a Canvas Personal App" in the connected app settings.
• B.Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
• C.Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
• D.Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

답을 확인하기

정답:

Question No : 2

Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to
post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce.
What recommendation should an architect make to meet this requirement?

• A.Use on-the-fly provisioning
• B.Use just-in-time provisioning
• C.Use salesforce APIs to create users on the fly
• D.Use Identity connect to sync users

답을 확인하기

정답:

Question No : 3

Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

• A.Salesforce Identity is not needed since NTO uses Microsoft A
• B.Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft A
• C.Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
• D.A Salesforce Identity can be included but NTO will require Identity Connect.

답을 확인하기

정답:

Question No : 4

Universal containers (UC) has implemented SAML -based single Sign-on for their salesforce application. UC is using pingfederate as the Identity provider.
To access salesforce, Users usually navigate to a bookmarked link to my domain URL.
What type of single Sign-on is this?

• A.Sp-Initiated
• B.IDP-initiated with deep linking
• C.IDP-initiated
• D.Web server flow.

답을 확인하기

정답:

Question No : 5

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record.
What item should an architect advise the identity team at UC to investigate first?

• A.My domain is configured and active within salesforce.
• B.The salesforce SSO settings are using http post
• C.The identity provider is correctly preserving the Relay state
• D.The users have the correct Federation ID within salesforce.

답을 확인하기

정답:

Question No : 6

Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website? Choose 2 answers

• A.Identity Connect
• B.Delegated Authentication
• C.Connected Apps
• D.Embedded Login

답을 확인하기

정답:

Question No : 7

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

• A.Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
• B.Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
• C.Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
• D.Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

답을 확인하기

정답:

Question No : 8

Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce? Choose 2 answers

• A.SAML Identity Provider
• B.OAuth Client
• C.OAuth Resource Server
• D.SAML Service Provider

답을 확인하기

정답:

Question No : 9

Universal Containers built a custom mobile app for their field reps to create orders in Salesforce. OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.
What should the logout function perform in this scenario, where user sessions are refreshed automatically?

• A.Invoke the revocation URL and pass the refresh token.
• B.Clear out the client Id to stop auto session refresh.
• C.Invoke the revocation URL and pass the access token.
• D.Clear out all the tokens to stop auto session refresh.

답을 확인하기

정답:

Question No : 10

An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community.
What portion of the authentication provider setup associates a Facebook user with a salesforce user?

• A.Consumer key and consumer secret
• B.Federation ID
• C.User info endpoint URL
• D.Apex registration handler

답을 확인하기

정답:

Question No : 11

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

• A.Create only a contact.
• B.Create a contactless user.
• C.Create a user and a related contact.
• D.Create a person account.

답을 확인하기

정답:

Question No : 12

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider? Choose 2 answers

• A.A custom registration handier can be set.
• B.A custom error URL can be set.
• C.The default login user can be set.
• D.The default authentication provider certificate can be set.

답을 확인하기

정답:

Question No : 13

The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.
The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.
Which two solutions should the IAM specialist recommend? Choose 2 answers

• A.Use Experience Builder to build branded Reset and Forgot Password pages.
• B.Build custom pages for branding requirements in Experience Cloud.
• C.Build custom site pages for reset and forgot password features.
• D.Login & Registration pages can be branded in the Community Administration settings.

답을 확인하기

정답:

Question No : 14

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

• A.Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
• B.Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
• C.Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
• D.Confirm performance considerations with Salesforce Customer Support due to high peaks.

답을 확인하기

정답:

Question No : 15

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory.
What is the role of Active Directory in this scenario?

• A.Identity store
• B.Authentication store
• C.Identity provider
• D.Service provider

답을 확인하기

정답: