Free Salesforce Certified Identity and Access Management Architect (SU22) Exam Identity-and-Access-Management-Architect Exam Practice Test

Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.Which two recommendations should an identity architect make to fulfill this requirement?Choose 2 answers

• Add customers as contacts and add them to Experience Cloud site.
• Enable Welcome emails while configuring the Experience Cloud site.
• Allow Password reset using the API to update Experience Cloud site membership.
• Use Login Flows to allow users to reset password in Experience Cloud site.

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).Which three OAuth concepts apply to this flow?Choose 3 answers

• Client ID
• Refresh Token
• Authorization Code
• Verification Code
• Scopes

Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.How should an identity architect configure AWS to authenticate and authorize Salesforce users?

• Configure the custom employee app as a connected app.
• Configure AWS as an OpenID Connect Provider.
• Create a custom external authentication provider.
• Develop a custom Auth server in AWS.

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:1. Users should not have to login every time they use the app.2. The app should be able to make calls to the Salesforce REST API.3. End users should NOT see the OAuth approval page.How should the identity architect configure the Salesforce connected app to meet the requirements?

• Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to 'Admin Pre-Approved'.
• Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved'.
• Enable the Full Access Scope and then set the connected app access settings to 'Admin Pre-Approved'.
• Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to 'User may self authorize'.

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.What should be done to fulfill the requirement?Choose 2 answers

• Setup Salesforce as an identity provider (IdP) for order Tracking.
• Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
• Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
• Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.

Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

• Add each connected App to the App Launcher with a Start URL.
• Set up an Auth Provider for each External Application.
• Set up Salesforce as a SAML Idp with My Domain.
• Set up Identity Connect to Synchronize user data.
• Create a Connected App for each external application.

Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

• Add the Employee portals IP address to the Trusted IP range for the connected App
• Use a digital certificate signed by the employee portal Server.
• Add the employee portals IP address to the login IP range on the user profile.
• Use a dedicated profile for the user the Employee portal uses.

Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

• Service Provider, because Salesforce is the application for managing ideas.
• Connected App, because Salesforce is connected with Employee portal via API.
• Identity Provider, because the API calls are authenticated by Salesforce.
• An independent system, because Salesforce is not part of the SSO setup.

Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.Which Salesforce license is required to fulfill this requirement?

• External Identity
• Identity Verification
• Identity Connect
• Identity Only

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.Which two options should the identity architect recommend to support dynamic branding for the site?Choose 2 answers

• To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
• To use dynamic branding, the community must be built with the Customer Account Portal template.
• An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
• An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.