Question # 1 Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce. A. Service ProviderB. Single Sign-OnC. Identity ProviderD. User Management
Click for Answer
D. User Management
Question # 2 Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record. A. My DomainB. External IdentityC. Identity ProviderD. Multi-Factor Authentication
Click for Answer
A. My DomainQuestion # 3 An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For security purposes, administrators will need to authorize the applications that will be consuming the APIs. A. OAuth 2-0 SAML Bearer Assertion FlowB. OAuth 2.0 JWT Bearer FlowC. SAML Assertion FlowD. OAuth 2.0 User-Agent Flow
Click for Answer
C. SAML Assertion Flow
Answer Description Explanation: OAuth 2.0 SAML Bearer Assertion Flow is a protocol that allows a client app to obtain an access token from Salesforce by using a SAML assertion instead of an authorization code. The SAML assertion contains information about the client app and the user who wants to access Salesforce APIs. To use this flow, the client app needs to have a connected app configured in Salesforce with the Use Digital Signature option enabled and the “api” OAuth scope assigned. The administrators can authorize the applications that will be consuming the APIs by setting the Permitted Users policy of the connected app to Admin approved users are pre-authorized and assigning profiles or permission sets to the connected app. References: OAuth 2.0 SAML Bearer Assertion Flow, Connected
Apps, OAuth Scopes
Question # 4 Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend? A. IdB. WebC. ApiD. Custom_permissions
Click for Answer
D. Custom_permissionsQuestion # 5 Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record? A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
B. Create an apex scheduled job in one org that will synchronize the other orgs profile.C. Implement Delegated Authentication that will update the user profiles as necessary.D. Implement an Oauth jwt flow to pass the profile credentials between systems.
Click for Answer
A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
Answer Description Explanation
Option B is not a good choice because creating an Apex scheduled job in one org that will synchronize the other orgs profile may not be scalable, reliable, or secure.
Option C is not a good choice because implementing Delegated Authentication that will update the user profiles as necessary may not be feasible, as Delegated Authentication only verifies the user’s credentials against an external service, but does not pass any other information to Salesforce.
Option D is not a good choice because implementing an OAuth JWT flow to pass the profile credentials between systems may not be suitable, as OAuth JWTflow is used for server-to-server integration, not for user authentication.
References : Authorize Apps with OAuth, [Identity Management Concepts], [User Authentication]
Question # 6 universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users? A. Use a custom attribute on the user object to control access to the mobile appB. Use connected apps Oauth policies to restrict mobile app access to authorized users.C. Use the permission set license to assign the mobile app permission to sales usersD. Add a new identity provider to authenticate and authorize mobile users.
Click for Answer
B. Use connected apps Oauth policies to restrict mobile app access to authorized users.
Answer Description Explanation: The recommended solution to grant mobile app access to sales users is to use connected apps OAuth policies to restrict mobile app access to authorized users. A connected app is a configuration in Salesforce that allows an external application, such as a mobile app, to connect to Salesforce using OAuth. OAuth is a protocol that allows the mobile app to obtain an access token from Salesforce after the user grants permission. The access token can then be used by the mobile app to access Salesforce data and features. OAuth policies are settings that control how users can access a connected app, such as who can use the app, how long the access token is valid, and what level of access the app requests. By configuring OAuth policies in the connected app settings, Universal Containers can restrict the mobile app access to only the sales team and protect against unauthorized or excessive access.
Question # 7 Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers A. Users leaving laptops unattended and not logging out of Salesforce.B. Users accessing Salesforce from a public Wi-Fi access point.C. Users choosing passwords that are the same as their Facebook password.D. Users creating simple-to-guess password reset questions.
Click for Answer
B. Users accessing Salesforce from a public Wi-Fi access point.C. Users choosing passwords that are the same as their Facebook password.
Answer Description Explanation: Enabling Two-Factor Authentication (2FA) in Salesforce can mitigate the security risks of users accessing Salesforce from a public Wi-Fi access point or choosing passwords that are the same as their Facebook password. 2FA is an additional layer of protection beyond your password that requires users to verify their identity with another factor, such as a mobile app, a security key, or a verification code. This can prevent unauthorized access even if the user’s password is compromised or guessed by a malicious actor. The other options are not directly related to 2FA, but rather to user behavior or password policies.
Question # 8 Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about? A. Identity Connect will not support user provisioning in UC's current environment.B. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.C. Identity Connect will only support SP-initiated SAML flows in UC's current environment.D. Identity connect is not compatible with UC's current identity environment.
Click for Answer
A. Identity Connect will not support user provisioning in UC's current environment.
Answer Description Explanation: Identity Connect will not support user provisioning in UC’s current environment. Identity Connect is a tool that synchronizes user data between Active Directory and Salesforce, but it does not work with other identity sources such as a Custom Database5. Therefore, if UC wants to use Identity Connect as an Idp, they will not be able to provision users from their Custom Database to Salesforce.
Up-to-Date
We always provide up-to-date Identity-and-Access-Management-Architect exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Salesforce Certified Identity andAccess Management Architect (SU24) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the Identity-and-Access-Management-Architect exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Identity and Access Management Designer Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
Identity-and-Access-Management-Architect Dumps
We have recently updated Salesforce Identity-and-Access-Management-Architect dumps study guide. You can use our Identity and Access Management Designer braindumps and pass your exam in just 24 hours. Our Salesforce Certified Identity andAccess Management Architect (SU24) real exam contains latest questions. We are providing Salesforce Identity-and-Access-Management-Architect dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Salesforce update Salesforce Certified Identity andAccess Management Architect (SU24) exam, we also update our file with new questions. Passin1day is here to provide real Identity-and-Access-Management-Architect exam questions to people who find it difficult to pass exam
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Salesforce exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your Identity-and-Access-Management-Architect exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Salesforce Certified Identity andAccess Management Architect (SU24) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.
