Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Become Salesforce Certified with updated Identity-and-Access-Management-Architect exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Sep 09, 2025

Add To Cart

Question 1

An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

A : Ensure the Callback URL is correctly set in the Connected Apps settings.

B : Use a browser that has an add-on/extension that can inspect SAML.

C : Paste the SAML Assertion Validator in Salesforce.

D : Use the browser-s Development tools to view the Salesforce page-s markup.

Answer: B,C

Question 2

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce

Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize

Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated

administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.

How should a partner identity be provisioned in Salesforce for this solution?

A : Create only a contact.

B : Create a contactless user.

C : Create a user and a related contact.

D : Create a person account.

Answer: C

Question 3

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has

implemented the Oauth web-server Authentication flow for authentication process. Which two considerations

should an architect point out to UC? Choose 2 answers

A : The web application should be hosted on a secure server.

B : The web server must be able to protect consumer privacy

C : The flow involves passing the user credentials back and forth.

D : The flow will not provide an Oauth refresh token back to the server.

Answer: A,B

Question 4

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs. Which two Salesforce license types does UC need for its employees' Choose 2 answers

A : Company Community and Identity licenses

B : Identity and Identity Connect licenses

C : Chatter Only and Identity licenses

D : Salesforce and Identity Connect licenses

Answer: B,D

Question 5

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like

to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to

achieve the goal?

A : Access Tokens

B : Mobile pins

C : Refresh Tokens

D : Scopes

Answer: D

Page: 1 / 50

Total 250 Questions | Updated On: Sep 09, 2025

Add To Cart