Identity-and-Access-Management-Architect Exam Dumps - Salesforce Certified Identity andAccess Management Architect (SU24)

Go to page:

Question # 4

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled â€œUser Provisioningâ€ on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

User Provisioning for Connected Apps does not support role sync.

Required operation(s) was not mapped in User Provisioning Settings.

The Approval queue for User Provisioning Requests is unmonitored.

Salesforce roles have more than three levels in the role hierarchy.

Full Access

Question # 5

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

Use the same SAML Identity location as the first org.

Use a different Entity ID than the first org.

Use the same request bindings as the first org.

Use the Salesforce Username as the SAML Identity Type.

Full Access

Question # 6

What item should an Architect consider when designing a Delegated Authentication implementation?

The Web service should be secured with TLS using Salesforce trusted certificates.

The Web service should be able to accept one to four input method parameters.

The web service should use the Salesforce Federation ID to identify the user.

The Web service should implement a custom password decryption method.

Full Access

Question # 7

Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.

what should an identity architect do to fulfill the above requirements?

For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.

Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.

Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.

Full Access

Question # 8

A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

Which three functions meet the Salesforce criteria for secure mfa?

Choose 3 answers

username and password + SMS passcode

Username and password + secunty key

Third-party single sign-on with Mobile Authenticator app

Certificate-based Authentication

Lightning Login

Full Access

Go to page: