Question # 1 Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers A. Use the existing SAML SSO flow along with user agent flow.B. Configure the embedded Web browser to use my domain URL.C. Use the existing SAML SSO flow along withWeb server flowD. Configure the salesforce1 app to use the my domain URL
Click for Answer
B. Configure the embedded Web browser to use my domain URL.D. Configure the salesforce1 app to use the my domain URL
Answer Description Explanation:
Question # 2 Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site. Which two options should be utilized in creating an authentication provider?
Choose 2 answers A. A custom registration handier can be set. B. A custom error URL can be set. C. The default login user can be set. D. The default authentication provider certificate can be set.
Click for Answer
A. A custom registration handier can be set. B. A custom error URL can be set. Question # 3 Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature? A. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.C. Contactless user feature is available only with the External Identity license, which can restrict the ExperienceCloud functionality available to the user.D. Passwordless authentication cannot be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
Click for Answer
B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
Answer Description Explanation:
Question # 4 A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce. Which OAuth flow should the architect recommend? A. OAuth 2.0 Asset Token Flow B. OAuth 2.0 Device Authentication Row C. OAuth 2.0 JWT Bearer Token Flow D. OAuth 2.0 SAML Bearer Assertion Flow
Click for Answer
A. OAuth 2.0 Asset Token Flow Question # 5 An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows: A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.B. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.C. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.D. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
Click for Answer
A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
Answer Description Explanation:
Question # 6 Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate andplace orders, view the status of orders, etc. UC allows guest checkout.
Mow can a guest register using data previously collected during order placement? A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order detailsto retrieve customer data.B. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.C. Use a Connected App Handler Apex Plugin class to collect only order details to retrievecustomer data.D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
Click for Answer
D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
Answer Description Explanation:
Question # 7 Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit? A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload. B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices. C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload. D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.
Click for Answer
A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload. C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload. Question # 8 Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers A. The Use Digital Signature option in the connected app.B. The "web" OAuth scope in theconnected app,C. The "api" OAuth scope in the connected app.D. The "edair_api" OAuth scope m the connected app.
Click for Answer
A. The Use Digital Signature option in the connected app.C. The "api" OAuth scope in the connected app.
Answer Description Explanation:
Up-to-Date
We always provide up-to-date Identity-and-Access-Management-Architect exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Salesforce Certified Identity andAccess Management Architect (SU24) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the Identity-and-Access-Management-Architect exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Identity and Access Management Designer Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
Identity-and-Access-Management-Architect Dumps
We have recently updated Salesforce Identity-and-Access-Management-Architect dumps study guide. You can use our Identity and Access Management Designer braindumps and pass your exam in just 24 hours. Our Salesforce Certified Identity andAccess Management Architect (SU24) real exam contains latest questions. We are providing Salesforce Identity-and-Access-Management-Architect dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Salesforce update Salesforce Certified Identity andAccess Management Architect (SU24) exam, we also update our file with new questions. Passin1day is here to provide real Identity-and-Access-Management-Architect exam questions to people who find it difficult to pass exam
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Salesforce exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your Identity-and-Access-Management-Architect exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Salesforce Certified Identity andAccess Management Architect (SU24) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.
