Salesforce Certified Platform Identity and Access Management Architect - Certified Platform Identity and Access Management Architect Exam
Page: 1 / 12
Total 58 questions
Question #1 (Topic: Topic 1, Identity Management Concepts
)
A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice.
Which authentication mechanism should an identity architect recommend to meet the requirements?
Which authentication mechanism should an identity architect recommend to meet the requirements?
A. OAuth Web-Server Flow
B. Just-in-Time Provisioning
C. Security Assertion Markup Language (SAML) Single Sign On
D. Delegated Authentication
Answer: D
Question #2 (Topic: Topic 1, Identity Management Concepts
)
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?
Which authentication mechanism should an identity architect recommend to meet the requirements?
A. OpenID Connect
B. JWT Bearer Token Flow
C. Web Server Flow
D. User Agent Flow
Answer: A
Question #3 (Topic: Topic 1, Identity Management Concepts
)
Universal Containers is designing an identity architecture that involves integrating Salesforce with an external directory service. The external directory service will act as the central repository for user authentication and authorization across multiple systems within the organization.
Which approach should be evaluated to establish trust between Salesforce and the external directory service?
Which approach should be evaluated to establish trust between Salesforce and the external directory service?
A. Implementing a federated identity solution based on SAML (Security Assertion Markup Language).
B. Using a shared database table to synchronize user credentials between the two systems.
C. Utilizing email-based verification for user authentication across the systems.
D. Enforcing IP-based access restrictions for Salesforce and the external directory service.
Answer: A
Question #4 (Topic: Topic 1, Identity Management Concepts
)
An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:
1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioning in the integrated cloud applications.
2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).
Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?
A. Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
B. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
C. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
D. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
Answer: A
Question #5 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce
)
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming all social sign-on providers support OpenID Connect?
How should this functionality be enabled for UC, assuming all social sign-on providers support OpenID Connect?
A. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
B. Configure a single sign-on setting and a JIT handler for each social sign-on provider.
C. Configure an authentication provider and a registration handler for each social sign-on provider.
D. Configure a single sign-on setting and a registration handler for each social sign-on provider.
Answer: C
