Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Question 1

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal,which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user willneed to do the following:1. Enter a phone number and/or email address2. Enter a verification code that is to be sent via email or text.What is the recommended approach to fulfill this requirement?

A : Create a Login Discovery page and provide a Login Discovery Handler Apex class.

B : Create a custom login page with an Apex controller. The controller has logic to send and verify theidentity.

C : Create an Authentication provider and implement a self-registration handler class.

D : Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Answer: A

Question 2

A technology enterprise is setting up an identity solution with an external vendors wellness application for its

employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A : OpenID Connect

B : User Agent Flow

C : JWT Bearer Token Flow

D : Web Server Flow

Answer: D

Question 3

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal,which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user willneed to do the following:1. Enter a phone number and/or email address2. Enter a verification code that is to be sent via email or text.What is the recommended approach to fulfill this requirement?

A : Create a Login Discovery page and provide a Login Discovery Handler Apex class.

B : Create a custom login page with an Apex controller. The controller has logic to send and verify theidentity.

C : Create an Authentication provider and implement a self-registration handler class.

D : Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Answer: A

Question 4

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the serviceprovider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security AssertionMarkup Language (SAML) request content will be altered.What should the identity architect recommend to make sure that there is additional trust between the SP andthe IdP?

A : Ensure that there is an HTTPS connection between IDP and SP.

B : Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

C : Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D : Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer: D

Question 5

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the serviceprovider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security AssertionMarkup Language (SAML) request content will be altered.What should the identity architect recommend to make sure that there is additional trust between the SP andthe IdP?

A : Ensure that there is an HTTPS connection between IDP and SP.

B : Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

C : Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D : Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer: D