CertsTopics Logo

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Identity and Access Management Designer Identity-and-Access-Management-Architect Exam Dumps

Page: 14 / 18
Total 243 questions
Get Identity-and-Access-Management-Architect Full Access Download Identity-and-Access-Management-Architect PDF

Salesforce Certified Identity andAccess Management Architect (SP25) Questions and Answers

Question 53

A multinational industrial products manufacturer is planning to implement Salesforce CRMto manage their business. They have the following requirements:

1. They plan to implement Partner communities to provide access to their partner network .

2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.

3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.

4. They would like to provide a single login for their partners.

How should an Identity Architect solution this requirement with limited custom development?

Options:

A.

Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.

B.

Consolidate Partner related information in a single org and provide access through Salesforce community.

C.

Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.

D.

Register partners in one org and access information from other orgs using APIs.

Question 54

Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and wouldlike to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

Options:

A.

Use Active Directory with Reverse Proxy as the Identity Provider.

B.

Use Microsoft Access control Service as the Authentication provider.

C.

Use Active Directory Federation Service (ADFS) as the Identity Provider.

D.

Use Salesforce Identity Connect as the Identity Provider.

Question 55

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments, and manage their accounts. UC decides tobuild a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is theService Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

Options:

A.

Configure SAML SSO settings.

B.

Create a Connected App.

C.

Configure Delegated Authentication.

D.

Set up My Domain.

Question 56

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory ActProtocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

Options:

A.

Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled inLDAP.

B.

Configure an authentication provider to delegate authentication to the LDAP directory.

C.

use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D.

Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Page: 14 / 18
Total 243 questions
Get Identity-and-Access-Management-Architect Full Access Download Identity-and-Access-Management-Architect PDF