Salesforce Certified Identity and Access Management Architect (Identity-and-Access-Management-Architect) Free Practice Test

Question 1

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.
What should be done to fulfill the requirement?
Choose 2 answers

A. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.

B. Setup Salesforce as an identity provider (IdP) for Order Tracking.

C. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking.

D. Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A global company ' s Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) " Replay Detected " and " Assertion Invalid " login errors.
Which two issues would cause these errors?
Choose 2 answers

A. The subject element is missing from the assertion sent to Salesforce.

B. The current time setting of the company ' s identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

C. The certificate loaded into SSO configuration does not match the certificate used by the IdP.

D. The assertion sent to Salesforce contains an assertion ID previously used.

Correct Answer: A,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

A. Configure a predefined authentication provider for Amazon.

B. Configure Amazon as & connected app.

C. Configure an OpenlD Connect Authentication Provider for Amazon.

D. Create a custom external authentication provider for Amazon.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups.
The CRM_SuperUser and CRM_Reporting_SuperUser groups should respectively give the user the SuperUser and Reporting_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
How should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.

B. Use a login flow to query standard SAML attributes and set permission sets.

C. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.

D. Use a login flow to query custom SAML attributes and set permission sets.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.
Which two page types are valid login page types for the site?
Choose 2 answers

A. Lightning Experience Page

B. Embedded Login Page

C. Experience Builder Page

D. Login Discovery Page

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social- media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers

A. Use declarative registration handler process builder/flow to create, update users and contacts.

B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.

C. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just- In-Time provisioning (JIT) and OAuth 2.0.

D. Apex coding skills are needed for registration handler to create and update users.

Correct Answer: B,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

Northern Trail Outfitters want to allow its consumer to self-register on it business-to consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.
Which three steps need to be configured to enable self-registration using person accounts?
Choose 3 answers

A. Set organization-wide default sharing for Contact to Public Read Only.

B. Enable business accounts in the Setup page.

C. Enable person accounts in the Setup page.

D. Enable access to person and business account record types under Public Access Settings.

E. Under Login and Registration settings, ensure that the default account field is empty.

Correct Answer: C,D,E

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Salesforce Certified Identity and Access Management Architect (Identity-and-Access-Management-Architect) Free Practice Test