Free Access Salesforce.Identity-and-Access-Management-Architect.v2023-02-25.q77 Practice Test (Page 10)

Question 41

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

A.For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

B.Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

C.Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.

D.Create and assign a permission set to all employees that includes "MFA for User Interface Logins."

Question 42

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

A.Either SP- or IdP-initiated SSO will work.

B.SP-initiated SSO will NOT work

C.IdP-initiated SSO will NOT work.

D.Neither SP- nor IdP-initiated SSO will work.

Question 43

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?

A.Use the updateUser method on the registration Handler Class.

B.Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

C.Use information in the signed Request that is received from facebook.

D.Develop a scheduled job that calls out to Facebook on a nightly basis.

Question 44

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

A.OpenID Connect

B.Web Server Flow

C.User Agent Flow

D.JWT Bearer Token Flow

Question 45

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

A.Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

B.Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

C.Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

D.Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

Other Version: 1239Salesforce.Identity-and-Access-Management-Architect.v2024-03-01.q145

Latest Upload: 107Oracle.1z0-1196-25.v2025-09-12.q18; 106NetworkAppliance.NS0-162.v2025-09-12.q86; 145OCEG.GRCP.v2025-09-11.q211; 107HP.HPE0-V27.v2025-09-11.q78; 123Oracle.1Z0-1057-23.v2025-09-10.q47; 157Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 137SAP.C-S4EWM-2023.v2025-09-08.q83; 181TheSecOpsGroup.CNSP.v2025-09-08.q20; 260CFAInstitute.ESG-Investing.v2025-09-08.q173; 248PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132

Question 41

Question 42

Question 43

Question 44

Question 45

Download PDF File