Certified Platform Identity and Access Management Architect Exam - Free Salesforce Questions and Answers

Question #6 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce )

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Facebook and Twitter credentials.
What should an identity architect recommend to meet these requirements?

A. Configure a predefined authentication provider for Facebook and Twitter. B. Setup login icon for Facebook and Twitter. C. Create a custom external authentication provider for Facebook. D. Create a custom external authentication provider for Twitter.

Answer: A

Question #7 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce )

Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement? (Choose two.)

A. Active Directory Password Sync Plugin B. Salesforce Trigger & Field on Contact Object C. Salesforce Identity Connect D. Configure Cloud Provider Load Balancer

Answer: AC

Question #8 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce )

Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisioning of users in Salesforce.
What role does identity Connect play in the outlined requirements?

A. Service Provider B. Identity Provider C. Single Sign-On D. User Management

Answer: D

Question #9 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce )

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (IdP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

A. Define a process where administrators manually create new users in Salesforce. B. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login. C. Build an integration that queries LDAP periodically and creates new active users in Salesforce. D. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

Answer: D

Question #10 (Topic: Topic 2, Accepting Third-Party Identity in Salesforce )

A Salesforce Administrator is tasked with setting up Just-in-Time (JIT) provisioning for SAML to enable Single Sign-On (SSO) for your organization. They have already configured the SAML settings for SSO in Salesforce.
What should be their next steps to enable JIT provisioning?

A. Create a new Apex class to handle JIT provisioning, implement the required methods, and assign the class to the appropriate user profiles. B. Modify the organization-wide sharing settings to allow JIT provisioning, update the sharing rules for the user object. C. Enable Just-in-Time User Provisioning in the SAML Single Sign-On Setting, configure the User Provisioning Type, and provide the SAML JIT Handler. D. Create a new permission set with JIT provisioning enabled, configure the necessary permissions, and assign the permission set to relevant users.

Answer: C

Salesforce Certified Platform Identity and Access Management Architect - Certified Platform Identity and Access Management Architect Exam