Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

Identity-and-Access-Management-Architect Exam Dumps - Salesforce Identity-and-Access-Management-Architect Questions and Answers

Question # 4

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

Which two issues would cause these errors?

Choose 2 answers

Options:

A.

The subject element ismissing from the assertion sent to salesforce.

B.

The certificate loaded into SSO configuration does not match the certificate used by the IdP.

C.

The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

D.

The assertion sent to 5alesforce contains an assertion ID previously used.

Buy Now
Question # 5

Universal containers (UC) has built a custom based Two-factorAuthentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

Options:

A.

Replace thecustom 2fa system with salesforce 2fa for on-premise application and salesforce.

B.

Use the custom 2fa system for on-premise applications and native 2fa for salesforce.

C.

Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.

D.

Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Buy Now
Question # 6

Universal Containers (UC) has a mobile application for its employees that usesdata from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. Theapplication has been live for a little over 6 months, and all of the users who werepart of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile applicationfor its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

Options:

A.

Check the Refresh Token policy defined in the Salesforce Connected App.

B.

Validate that the users are checking the box to remember their passwords.

C.

Verify that the Callback URL is correctly pointing to the new URI Scheme.

D.

Confirm that the access Token's Time-To-Livepolicy has been set appropriately.

Buy Now
Question # 7

A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.

Which feature should an identity architect recommend to meet therequirements?

Options:

A.

Integrate with social websites (Facebook, Linkedin. Twitter)

B.

Use an external Identity Provider

C.

Create a custom Lightning Web Component

D.

Use Login Discovery

Buy Now
Question # 8

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using theirGoogle account.

NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.

What should an Identity architect do to fulfill the requirement?

Options:

A.

Configure an authentication provider for Social Login using Google and a custom registration handler.

B.

Implement a Just-in-Time handler class that has logic to create cases upon first login.

C.

Create an authentication provider for Social Login using Google and leverage standard registration handler.

D.

Implement a login flow with a record create component for Case.

Buy Now
Question # 9

An architect needs to advise the team that manages the identity provider howto differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

Options:

A.

Entity id

B.

Issuer

C.

Identity provider login URL

D.

SAML identity location

Buy Now
Question # 10

Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log into their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:

1. Enter a phone number and/or email address

2. Enter a verification code that is to be sent via email or text.

What is the recommended approach to fulfill this requirement?

Options:

A.

Create a Login Discovery page and provide a Login Discovery Handler Apex class.

B.

Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.

C.

Create an authentication provider and implement a self-registration handler class.

D.

Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Buy Now
Question # 11

Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.

How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

Options:

A.

Configure an authentication provider and a registration handler for each social sign-on provider.

B.

Configure a single sign-on settingand a registration handler for each social sign-on provider.

C.

Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.

D.

Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Buy Now
Question # 12

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

Options:

A.

Client ID

B.

Refresh Token

C.

Authorization Code

D.

Verification Code

E.

Scopes

Buy Now
Question # 13

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.

At a minimum, which Salesforce license is required to support this requirement?

Options:

A.

Identity Verification

B.

Identity Connect

C.

Identity Only

D.

External Identity

Buy Now
Exam Name: Salesforce Certified Identity andAccess Management Architect (SP25)
Last Update: Jul 2, 2025
Questions: 243
Identity-and-Access-Management-Architect pdf

Identity-and-Access-Management-Architect PDF

$34  $84.99
Identity-and-Access-Management-Architect Engine

Identity-and-Access-Management-Architect Testing Engine

$38  $94.99
Identity-and-Access-Management-Architect PDF + Engine

Identity-and-Access-Management-Architect PDF + Testing Engine

$54  $134.99