Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Become Salesforce Certified with updated Identity-and-Access-Management-Architect exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Mar 11, 2026

Add To Cart

Question 1

Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal

that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.

Which three steps need to be configured to enable self-registration using person accounts?

Choose 3 answers

A : Enable access to person and business account record types under Public Access Settings.

B : Contact Salesforce Support to enable business accounts.

C : Under Login and Registration settings, ensure that the default account field is empty.

D : Contact Salesforce Support to enable person accounts.

E : Set organization-wide default sharing for Contact to Public Read Only.

Answer: A,C,D

Question 2

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in

the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application

support teams to finish user deactivations. A terminated employee recently was able to login to NTO's

Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP

directory.

What should an identity architect recommend to prevent this from happening in the future?

A : Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

B : Configure an authentication provider to delegate authentication to the LDAP directory.

C : use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D : Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: B

Question 3

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A : Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

B : Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

C : Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

D : Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

Question 4

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.

Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes

should UC configure in the connected App? Choose 2 answers

A : Refresh token

B : API

C : full

D : Web

Answer: A,B

Question 5

Universal containers (UC) would like to enable self - registration for their salesforce partner community users.

UC wants to capture some custom data elements from the partner user, and based on these data elements,

wants to assign the appropriate profile and account values. Which two actions should the architect recommend

to UC? Choose 2 answers

A : Modify the communitiesselfregcontroller to assign the profile and account.

B : Modify the selfregistration trigger to assign profile and account.

C : Configure registration for communities to use a custom visualforce page.

D : Configure registration for communities to use a custom apex controller.

Answer: A,C

Page: 1 / 50

Total 250 Questions | Updated On: Mar 11, 2026

Add To Cart