Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Become Salesforce Certified with updated Identity-and-Access-Management-Architect exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Dec 16, 2025

Add To Cart

Question 1

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A : Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

B : Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

C : Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

D : Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

Question 2

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.

Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes

should UC configure in the connected App? Choose 2 answers

A : Refresh token

B : API

C : full

D : Web

Answer: A,B

Question 3

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in

the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application

support teams to finish user deactivations. A terminated employee recently was able to login to NTO's

Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP

directory.

What should an identity architect recommend to prevent this from happening in the future?

A : Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

B : Configure an authentication provider to delegate authentication to the LDAP directory.

C : use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D : Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: B

Question 4

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

A : IdP-initiated SSO will NOT work.

B : Neither SP- nor IdP-initiated SSO will work.

C : Either SP- or IdP-initiated SSO will work.

D : SP-initiated SSO will NOT work

Answer: B

Question 5

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected

App to control where the app is visible. Which two options are correct in regards to where the app can be

made visible under the Connected App setting for the Canvas app? Choose 2 answers

A : As part of the body of a Salesforce Knowledge article.

B : In the mobile navigation menu on Salesforce for Android.

C : The sidebar of a Salesforce Console as a console component.

D : Included in the Call Control Tool that-s part of Open CTI.

Answer: A,C

Page: 1 / 50

Total 250 Questions | Updated On: Dec 16, 2025

Add To Cart