Login
Login

Identity-and-Access-Management-Architect Exam Questions

Total 255 Questions


Last Updated On : 17-Feb-2025



Preparing with Identity-and-Access-Management-Architect practice test is essential to ensure success on the exam. This Salesforce test allows you to familiarize yourself with the Identity-and-Access-Management-Architect exam questions format and identify your strengths and weaknesses. By practicing thoroughly, you can maximize your chances of passing the Salesforce certification exam on your first attempt.

A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal. Which two features should be utilized to provide users with login and identity services for the third-party application? Choose 2 answers


A. Use the App Launcher with single sign-on (SSO).


B. External a Data source with Named Principal identity type.


C. Use a connected app.


D. Use Delegated Authentication.





A.   Use the App Launcher with single sign-on (SSO).


C.   Use a connected app.


Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?


A. Add the Employee portals IP address to the Trusted IP range for the connected App


B. Use a digital certificate signed by the employee portal Server.


C. Add the employee portals IP address to the login IP range on the user profile.


D. Use a dedicated profile for the user the Employee portal uses.





A.   Add the Employee portals IP address to the Trusted IP range for the connected App


Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?


A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.


B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.


C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.


D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.





A.   Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.


C.   Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.


In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?


A. RedirectURL


B. RelayState


C. DisplayState


D. StartURL





B.   RelayState


A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce. Which OAuth flow should the architect recommend?


A. OAuth 2.0 Asset Token Flow


B. OAuth 2.0 Device Authentication Row


C. OAuth 2.0 JWT Bearer Token Flow


D. OAuth 2.0 SAML Bearer Assertion Flow





A.   OAuth 2.0 Asset Token Flow


Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site. Which two options should be utilized in creating an authentication provider? Choose 2 answers


A. A custom registration handier can be set.


B. A custom error URL can be set.


C. The default login user can be set.


D. The default authentication provider certificate can be set.





A.   A custom registration handier can be set.


B.   A custom error URL can be set.


Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?


A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.


B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.


C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.


D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.





C.   Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.


A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?


A. The use of high assurance sections are required for the connected App.


B. The users do not have the correct permission set assigned to them.


C. The connected App setting "All users may self-authorize" is enabled.


D. The salesforce administrators gave revoked the Oauth authorization.





B.   The users do not have the correct permission set assigned to them.


Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce. What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?


A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.


B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.


C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.


D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.





C.   Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.


Which three are features of federated Single sign-on solutions? Choose 3 Answers


A. It establishes trust between Identity Store and Service Provider.


B. It federates credentials control to authorized applications.


C. It solves all identity and access management problems.


D. It improves affiliated applications adoption rates.


E. It enables quick and easy provisioning and deactivating of users.





A.   It establishes trust between Identity Store and Service Provider.


D.   It improves affiliated applications adoption rates.


E.   It enables quick and easy provisioning and deactivating of users.



Page 1 out of 26 Pages

About Salesforce Identity and Access Management Architect Exam


Salesforce Identity and Access Management (IAM) Architect certification is a prestigious credential designed for professionals specializing in implementing secure, scalable identity solutions for the Salesforce platform. There are no formal prerequisites but a solid understanding of core Salesforce concepts and practical experience in implementing identity solutions will be beneficial.

Key Facts:

Exam Questions: 60
Type of Questions: MCQs
Exam Time: 120 minutes
Exam Price: $400
Passing Score: 67%

Course Weighting:

1. Identity Management Concepts: 28% of exam
2. Salesforce Identity Features: 25% of exam
3. Access Management: 22% of exam
4. Salesforce Security Features: 15% of exam
5. Communities and Experience Cloud: 10% of exam

Salesforce provides an Identity and Access Management Architect Exam Guide outlining the domains, key topics, and exam structure. Salesforce Identity and Access Management Architect Practice exam simulate the real test environment and help identify knowledge gaps. Focus on improving weaker areas with additional study. Attempt full-length mock tests under exam conditions to gauge your readiness. Salesforce Identity and Access Management Architect practice exam questions build confidence, enhance problem-solving skills, and ensure that you are well-prepared to tackle real-world Salesforce scenarios.
  • SalesForceExams.com is an independent platform and is not affiliated with Salesforce company. It is designed solely to provide practice questions for Salesforce certification exams.

Copyright © - All Rights Reserved