CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Salesforce
  5. Certified Identity and Access Management Architect

Free Certified Identity and Access Management Architect Exam Braindumps (page: 25)

Page 24 of 62
PDF with 248 Questions

An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

  1. The administrator forgot to reset the new user's salesforce password.
  2. The Federation ID field on the new user records is not correctly set
  3. The my domain capability is not enabled on the new user's profile.
  4. The new users do not have the SSO permission enabled on their profiles.

Answer(s): B



Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access
the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically
allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the
recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?

  1. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
  2. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
  3. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
  4. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.

Answer(s): A



A group of users try to access one of universal containers connected apps and receive the following error message: "Failed: Not approved for access". what is most likely to cause of the issue?

  1. The use of high assurance sections are required for the connected App.
  2. The users do not have the correct permission set assigned to them.
  3. The connected App setting "All users may self-authorize" is enabled.
  4. The salesforce administrators gave revoked the Oauth authorization.

Answer(s): B



Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

  1. The web application should be hosted on a secure server.
  2. The web server must be able to protect consumer privacy
  3. The flow involves passing the user credentials back and forth.
  4. The flow will not provide an Oauth refresh token back to the server.

Answer(s): A,B






Post your Comments and Discuss Salesforce Certified Identity and Access Management Architect exam with other Community members:

Certified Identity and Access Management Architect Discussions & Posts