11.11 Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Sure Pass Exam Identity-and-Access-Management-Architect PDF

Salesforce Certified Identity andAccess Management Architect (SU24) Questions and Answers

Question 5

Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

Options:

A.

The self-registration process will produce an error to the user.

B.

The self-registration page will ask user to select an account.

C.

The self-registration process will create a person Account record.

D.

The self-registration page will create a new account record.

Question 6

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.

NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.

What should an Identity architect do to fulfill the requirement?

Options:

A.

Configure an authentication provider for Social Login using Google and a custom registration handler.

B.

Implement a Just-in-Time handler class that has logic to create cases upon first login.

C.

Create an authentication provider for Social Login using Google and leverage standard registration handler.

D.

Implement a login flow with a record create component for Case.

Question 7

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

Options:

A.

Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

B.

Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

C.

Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

D.

Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Question 8

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.

What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

Options:

A.

Ensure that there is an HTTPS connection between IDP and SP.

B.

Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

C.

Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D.

Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.