Question # 1 Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users. A. Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.B. Use a login flow to query the helpdesk to validate user status.C. Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.D. Use Salesforce Connect to integrate with the helpdesk application.
Click for Answer
A. Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.
Answer Description Explanation: Building an integration that performs a remote call-in to the Salesforce SOAP or REST API is the best way to provision Salesforce users as soon as they are approved in the helpdesk application. The API allows creating and updating user records with the approved profiles and permission sets. The other options are either not suitable or not sufficient for this use case. References: User SOAP API Developer Guide, User REST API Developer Guide
Question # 2 Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers A. Modify the communitiesselfregcontroller to assign the profile and account.B. Modify the selfregistration trigger to assign profile and account.C. Configure registration for communities to use a custom visualforce page.D. Configure registration for communities to use a custom apex controller.
Click for Answer
A. Modify the communitiesselfregcontroller to assign the profile and account.C. Configure registration for communities to use a custom visualforce page.
Answer Description Explanation: To enable self-registration for their Salesforce partner community users, UC should modify the communities’ self-registration controller to assign the profile and account based on the custom data elements from the partner user1. UC should also configure registration for communities to use a custom Visualforce page to capture the custom data elements from the partner user2. Therefore, option A and C are the correct answers.
Question # 3 A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue? A. The use of high assurance sections are required for the connected App. B. The users do not have the correct permission set assigned to them. C. The connected App setting "All users may self-authorize" is enabled. D. The salesforce administrators gave revoked the Oauth authorization.
Click for Answer
B. The users do not have the correct permission set assigned to them. Question # 4 Universal containers (UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met? A. Use the updateuser() method on the registration handler class.B. Use SAML just-in-time provisioning between Facebook and SalesforceC. Use information in the signed request that is received from Facebook.D. Develop a schedule job that calls out to Facebook on a nightly basis.
Click for Answer
C. Use information in the signed request that is received from Facebook.
Answer Description Explanation: Using information in the signed request that is received from Facebook is how this requirement can be met. A signed request is a parameter that contains information about the user who is logging in with Facebook credentials. The signed request can include information such as the user ID, name, email, and profile picture. You can use this information to update the corresponding customer community user in Salesforce by implementing a registration handler class. The registration handler class is an Apex class that defines how Salesforce handles user registration and authentication when using an auth provider. You can use the updateUser() method in the registration handler class to update the user record with the information from the signed request. Using the updateUser() method on the registration handler class is not how this requirement can be met because it is only part of the solution. You also need to use information from the signed request as the source of the updates. Using SAML just-in-time provisioning between Facebook and Salesforce is not how this requirement can be met because Facebook does not support SAML as an identity provider protocol. Developing a scheduled job that calls out to Facebook on a nightly basis is not how this requirement can be met because it is inefficient and unnecessary. You can update the user record in real time using the signed request instead of waiting for a nightly batch process.
Question # 5 In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication? A. RedirectURLB. RelayStateC. DisplayStateD. StartURL
Click for Answer
B. RelayState
Answer Description Explanation: The HTTP parameter that should be used when submitting a SAML request to the IdP to ensure the user is returned to the intended resource after authentication is RelayState. RelayState is an optional parameter that can be used to preserve some state information across the SSO process. For example, RelayState can be used to specify the URL of the resource that the user originally requested on the SP before being redirected to the IdP for authentication. After the IdP validates the user’s identity and sends back a SAML response, it also sends back the RelayState parameter with the same value as it received from the SP. The SP then uses the RelayState value to redirect the user to the intended resource after validating the SAML response. The other options are not valid HTTP parameters for this purpose. RedirectURL, DisplayState, and StartURL are not standard SAML parameters and they are not supported by Salesforce as SP or IdP.
Question # 6 Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third-party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behavior? A. User Provisioning for Connected Apps does not support role sync.B. Required operation(s) was not mapped in User Provisioning Settings.C. The Approval queue for User Provisioning Requests is unmonitored.D. Salesforce roles have more than three levels in the role hierarchy.
Click for Answer
B. Required operation(s) was not mapped in User Provisioning Settings.Question # 7 Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce. A. Require the use of Salesforce security tokens on passwords.B. Enforce mutual authentication between systems using SSL.C. Include Client Id and Client Secret in the login header callout.D. Set up a proxy service for the login service in the DMZ.
Click for Answer
B. Enforce mutual authentication between systems using SSL.
Answer Description Explanation: To enable a trusted connection between the login service and Salesforce, an architect should enforce mutual authentication between systems using SSL. Mutual authentication, also known as two-way SSL or client certificate authentication, is a process in which both parties in a communication exchange certificates to verify their
identities7. This mechanism ensures that only authorized systems can access each other’s resources and prevents unauthorized access or spoofing attacks8. To use mutual authentication with delegated authentication, you need to do the following steps9:
Question # 8 A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements: A. Select "Enable as a Canvas Personal App" in the connected app settings.B. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.C. Configure the Canvas app as a connected app and set Admin-approved users as pre- authorized.D. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
Click for Answer
C. Configure the Canvas app as a connected app and set Admin-approved users as pre- authorized.D. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
Up-to-Date
We always provide up-to-date Identity-and-Access-Management-Architect exam dumps to our clients. Keep checking website for updates and download.
Excellence
Quality and excellence of our Salesforce Certified Identity andAccess Management Architect (SU24) practice questions are above customers expectations. Contact live chat to know more.
Success
Your SUCCESS is assured with the Identity-and-Access-Management-Architect exam questions of passin1day.com. Just Buy, Prepare and PASS!
Quality
All our braindumps are verified with their correct answers. Download Identity and Access Management Designer Practice tests in a printable PDF format.
Basic
$80
Any 3 Exams of Your Choice
3 Exams PDF + Online Test Engine
Buy Now
Premium
$100
Any 4 Exams of Your Choice
4 Exams PDF + Online Test Engine
Buy Now
Gold
$125
Any 5 Exams of Your Choice
5 Exams PDF + Online Test Engine
Buy Now
Passin1Day has a big success story in last 12 years with a long list of satisfied customers.
Identity-and-Access-Management-Architect Dumps
We have recently updated Salesforce Identity-and-Access-Management-Architect dumps study guide. You can use our Identity and Access Management Designer braindumps and pass your exam in just 24 hours. Our Salesforce Certified Identity andAccess Management Architect (SU24) real exam contains latest questions. We are providing Salesforce Identity-and-Access-Management-Architect dumps with updates for 3 months. You can purchase in advance and start studying. Whenever Salesforce update Salesforce Certified Identity andAccess Management Architect (SU24) exam, we also update our file with new questions. Passin1day is here to provide real Identity-and-Access-Management-Architect exam questions to people who find it difficult to pass exam
What Our Customers Say
Jeff Brown
Thanks you so much passin1day.com team for all the help that you have provided me in my Salesforce exam. I will use your dumps for next certification as well.
Mareena Frederick
You guys are awesome. Even 1 day is too much. I prepared my exam in just 3 hours with your Identity-and-Access-Management-Architect exam dumps and passed it in first attempt :)
Ralph Donald
I am the fully satisfied customer of passin1day.com. I have passed my exam using your Salesforce Certified Identity andAccess Management Architect (SU24) braindumps in first attempt. You guys are the secret behind my success ;)
Lilly Solomon
I was so depressed when I get failed in my Cisco exam but thanks GOD you guys exist and helped me in passing my exams. I am nothing without you.
