Free Salesforce Identity-and-Access-Management-Architect Exam Questions

Become Salesforce Certified with updated Identity-and-Access-Management-Architect exam questions and correct answers

Page: 1 / 50

Total 250 Questions | Updated On: Jan 29, 2026

Add To Cart

Question 1

A technology enterprise is setting up an identity solution with an external vendors wellness application for its

employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

A : OpenID Connect

B : User Agent Flow

C : JWT Bearer Token Flow

D : Web Server Flow

Answer: D

Question 2

A large consumer company is planning to create a community and will requ.re login through the customers

social identity. The following requirements must be met:

1. The customer should be able to login with any of their social identities, however salesforce should only

have one user per customer.

2. Once the customer has been identified with a social identity, they should not be required to authonze

Salesforce.

3. The customers personal details from the social sign on need to be captured when the customer logs into

Salesforce using their social Identity.

3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce

Which two options allow the Identity Architect to fulfill the requirements?

Choose 2 answers

A : Use Login Flows to call an authentication registration handler to provision the user before logging theuser into the community.

B : Use authentication providers for social sign-on and use the custom registration handler to insert orupdate personal details.

C : Redirect the user to a custom page that allows the user to select an existing social identity for login

D : Use the custom registration handler to link social identities to Salesforce identities.

Answer: B,D

Question 3

Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their

ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users

on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides

to use an API user using Oauth Username - password flow for the connection. How can the connection to

salesforce be restricted only to the employee portal server?

A : Add the Employee portals IP address to the Trusted IP range for the connected App

B : Use a digital certificate signed by the employee portal Server.

C : Add the employee portals IP address to the login IP range on the user profile.

D : Use a dedicated profile for the user the Employee portal uses.

Answer: A

Question 4

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the

OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not

be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

A : Set Permitted Users to "Admin approved users are pre-authorized".

B : Set Permitted Users to "All users may self-authorize".

C : Set the Session Timeout value to 3 months.

D : Set the Refresh Token Policy to expire refresh token after 3 months.

Answer: B,D

Question 5

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like

to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to

achieve the goal?

A : Access Tokens

B : Mobile pins

C : Refresh Tokens

D : Scopes

Answer: D

Page: 1 / 50

Total 250 Questions | Updated On: Jan 29, 2026

Add To Cart