Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Salesforce
  5. Certified Identity and Access Management Architect

Salesforce Certified Identity and Access Management Architect Exam Questions
Salesforce Certified Identity and Access Management Architect (Page 3 )

Updated On: 8-Mar-2026
Page 3 of 51
PDF with 248 Questions

Which three types of attacks would a 2-Factor Authentication solution help garden against?

  1. Key logging attacks
  2. Network perimeter attacks
  3. Phishing attacks
  4. Dictionary attacks
  5. Man-in-the-middle attacks

Answer(s): A,B,D



Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

  1. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
  2. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
  3. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
  4. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer(s): D



Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

  1. Web Server flow
  2. JWT Bearer Token flow
  3. Username-Password flow
  4. User Agent flow

Answer(s): B



Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

  1. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  2. Use information in the Signed Request that is received from Facebook.
  3. Develop a scheduled job that calls out to Facebook on a nightly basis.
  4. Use the updateUser() method on the Registration Handler class.

Answer(s): D



Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  1. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  2. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  3. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  4. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Answer(s): B



Viewing page 3 of 51
Viewing questions 11 - 15 out of 248 questions



Post your Comments and Discuss Salesforce Certified Identity and Access Management Architect exam dumps with other Community members:

Certified Identity and Access Management Architect Exam Discussions & Posts

AI Tutor