Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Identity and Access Management Designer Identity-and-Access-Management-Architect Syllabus Exam Questions Answers

Salesforce Certified Identity andAccess Management Architect (SU24) Questions and Answers

Question 33

Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users.

How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?

Options:

A.

Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.

B.

Use a login flow to query the helpdesk to validate user status.

C.

Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.

D.

Use Salesforce Connect to integrate with the helpdesk application.

Question 34

A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.

Which OAuth flow should the architect recommend?

Options:

A.

OAuth 2.0 Asset Token Flow

B.

OAuth 2.0 Device Authentication Row

C.

OAuth 2.0 JWT Bearer Token Flow

D.

OAuth 2.0 SAML Bearer Assertion Flow

Question 35

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

Options:

A.

Query using OpenID Connect discovery endpoint.

B.

A Leverage OpenID Connect Token Introspection.

C.

Create a custom OAuth scope.

D.

Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Question 36

Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

Options:

A.

Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.

B.

Use the custom 2fa system for on-premise applications and native 2fa for salesforce.

C.

Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.

D.

Use custom login flows to connect to the existing custom 2fa system for use in salesforce.