Quiz Summary
0 of 60 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 60 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Average score |
|
Your score |
|
Categories
- Accepting Third-Party Identity in Salesforce 0%
- Access Management Best Practices 0%
- Community (Partner and Customer) 0%
- Identity Management Concepts 0%
- Salesforce as an Identity Provider 0%
- Salesforce Identity 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 60
1. Question
CloudVista Solutions recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined company’s employees collaborate in a single Salesforce org yet authenticate to the appropriate IdP?
CorrectIncorrect -
Question 2 of 60
2. Question
CloudVista Solutions uses Salesforce for sales opportunity management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate CloudVista users to applications. Salesforce users also use Okta to authorize a forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce? (Choose 2)
CorrectIncorrect -
Question 3 of 60
3. Question
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times, and who logged in during non-business hours?
CorrectIncorrect -
Question 4 of 60
4. Question
CloudVista Solutions would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or LinkedIn credentials for ease of use.
Which three steps should an identity architect take to implement social sign-on? (Choose 3)
CorrectIncorrect -
Question 5 of 60
5. Question
An identity architect’s client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during an SP-initiated single-sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?
CorrectIncorrect -
Question 6 of 60
6. Question
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?
CorrectIncorrect -
Question 7 of 60
7. Question
A government agency is setting up an identity solution for its citizens using a community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?
CorrectIncorrect -
Question 8 of 60
8. Question
CloudVista Solutions recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud. CloudVista Solutions has asked an identity architect to identify which Salesforce security configurations can map to AD permissions.
Which Salesforce permissions are available to map to AD permissions? (Choose 3)
CorrectIncorrect -
Question 9 of 60
9. Question
CloudVista Solutions wants users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement? (Choose 2)
CorrectIncorrect -
Question 10 of 60
10. Question
CloudVista Solutions wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, CloudVista Solutions establishes a single customer view, including their buying behaviors, channel preferences, and purchasing history.
All of this information exists but is spread across different systems and formats. CloudVista Solutions has decided to use Salesforce as the platform to build a 360-degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an identity architect do to provision, de-provision, and authenticate users?
CorrectIncorrect -
Question 11 of 60
11. Question
CloudVista Solutions has built a custom web app for its employees. CloudVista Solutions wants to leverage Salesforce Identity to control access to the custom app.
At a minimum, which Salesforce license is required to support this requirement?
CorrectIncorrect -
Question 12 of 60
12. Question
The CIO of CloudVista Solutions is planning to implement a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The user’s email or mobile phone number should be supported as a username.
As an identity architect, which two licenses would you recommend to meet this requirement? (Choose 2)
CorrectIncorrect -
Question 13 of 60
13. Question
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, de-provisioning, and single-sign-on (SSO).
Which feature of Identity Connect is applicable to this scenario?
CorrectIncorrect -
Question 14 of 60
14. Question
CloudVista Solutions is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML-based sign sign-on to log in to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.
Which mechanisms are used to provision agents with the appropriate permissions? (Choose 2)
CorrectIncorrect -
Question 15 of 60
15. Question
A financial enterprise is planning to set up a user authentication mechanism to log in to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP web service.
Which authentication mechanism should an identity architect recommend to meet the requirements?
CorrectIncorrect -
Question 16 of 60
16. Question
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times, and who logged in during non-business hours?
CorrectIncorrect -
Question 17 of 60
17. Question
CloudVista Solutions is rolling out its new customer identity and access management solution built on top of its existing Salesforce instance. UC wants to allow customers to log in using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for them, assuming all social sign-on providers support OpenID Connect?
CorrectIncorrect -
Question 18 of 60
18. Question
CloudVista Solutions wants to give customers the ability to submit and manage issues with their purchases. CloudVista Solutions needs to give its customers the ability to log in with their Facebook and Twitter credentials.
Which actions should an identity architect recommend to meet these requirements? (Choose 2)
CorrectIncorrect -
Question 19 of 60
19. Question
CloudVista Solutions uses the Customer 360 platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact on the architecture if CloudVista Solutions decides to implement this feature?
CorrectIncorrect -
Question 20 of 60
20. Question
A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?
CorrectIncorrect -
Question 21 of 60
21. Question
CloudVista Solutions manages functional group permissions in a custom security application supported by a relational database and a REST service layer. Group permissions are mapped as permission sets in Salesforce.
Which action should an identity architect use to ensure functional group permissions are reflected as permission set assignments?
CorrectIncorrect -
Question 22 of 60
22. Question
Elliot recently joined CloudVista Solutions as a Salesforce Admin. He has been getting complaints from users who are unable to log in to Salesforce. The company recently implemented SSO using an external tool.
What would you recommend the admin do first to validate user login issues?
CorrectIncorrect -
Question 23 of 60
23. Question
CloudVista Solutions manages application functional permissions centrally as Active Directory groups. The CRM SuperUser and CRM_Reporting SuperUser groups should respectively give the user the Super User and Reporting Super User permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
How should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?
CorrectIncorrect -
Question 24 of 60
24. Question
A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple identity providers (IdP) in place and the architect is considering how the Authentication Method Reference field (AMR) in the Login History can help.
Which considerations should the architect keep in mind? (Choose 2)
CorrectIncorrect -
Question 25 of 60
25. Question
A healthcare company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?
CorrectIncorrect -
Question 26 of 60
26. Question
CloudVista Solutions believes a specific user account may have been compromised. The CISO wants to inactivate the user account ASAP and needs to perform a forensic analysis and identify signals that could indicate a breach has occurred.
What should CloudVista Solutions’ first step be in gathering signals that could indicate account compromise?
CorrectIncorrect -
Question 27 of 60
27. Question
CloudVista Solutions employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users.
How should CloudVista Solutions provision Salesforce users as soon as they are approved in the help desk application with the approved profiles and permission sets?
CorrectIncorrect -
Question 28 of 60
28. Question
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to be able to authenticate to Salesforce and then make API calls against the REST API.
One of the requirements is that the solution needs to ensure the third-party service providers connected app in Salesforce minimize the need for end-user interaction and maximize security.
Which OAuth flow should be used to fulfill the requirement?
CorrectIncorrect -
Question 29 of 60
29. Question
CloudVista Solutions allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses mobile software development kits (SDK), leverages refresh tokens to regenerate access tokens when required and is distributed as a private app.
The Chief Security Officer is rolling out an org-wide compliance policy to enforce the re-verification of devices if an employee has not logged in from that device in the last week.
Which connected app setting should be leveraged to comply with this policy change?
CorrectIncorrect -
Question 30 of 60
30. Question
CloudVista Solutions is planning to add Wi-Fi-enabled GPS tracking devices to its shipping containers so that the GPS coordinate data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?
CorrectIncorrect -
Question 31 of 60
31. Question
A web service is developed that allows secure access to customer order status on the Salesforce platform. The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
- User authenticates and authorizes access.
- Request an access token.
- Salesforce grants an access token.
- Request an authorization code.
- Salesforce grants authorization code.
What is the correct sequence for the authorization flow?
CorrectIncorrect -
Question 32 of 60
32. Question
CloudVista Solutions is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 web server flow (this flow uses the OAuth 2.0 authorization code grant type).
Which OAuth concepts apply to this flow? (Choose 3)
CorrectIncorrect -
Question 33 of 60
33. Question
An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:
1. Users should not have to log in every time they use the app.
2. The app should be able to make calls to the Salesforce REST API.
3. End users should NOT see the OAuth approval page.How should the identity architect configure the Salesforce connected app to meet the requirements?
CorrectIncorrect -
Question 34 of 60
34. Question
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?
CorrectIncorrect -
Question 35 of 60
35. Question
A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from the corporate intranet on their mobile device.
The app allows flexibility to access other non-Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?
CorrectIncorrect -
Question 36 of 60
36. Question
CloudVista Solutions is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using a username and password. They should not be forced to approve API access in the mobile app or reauthenticate for three months.
Which connected app options need to be configured to fulfill this use case? (Choose 2)
CorrectIncorrect -
Question 37 of 60
37. Question
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to be able to authenticate to Salesforce and then make API calls against the REST API. One of the requirements is that the solution needs to ensure the third-party service provider’s connected app in Salesforce minimizes the need for end-user interaction and maximizes security.
Which OAuth flow should be used to fulfill the requirement?
CorrectIncorrect -
Question 38 of 60
38. Question
CloudVista Solutions wants to allow its consumers to self-register on its business-to-consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended the use of person accounts.
Which steps need to be configured to enable self-registration using person accounts? (Choose 3)
CorrectIncorrect -
Question 39 of 60
39. Question
CloudVista Solutions utilizes a third-party cloud solution for an employee portal. CloudVista Solutions also owns Salesforce Service Cloud and would like employees to be able to log in to Salesforce with their third-party portal credentials for a seamless experience. The third-party employee portal only supports OAuth.
What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?
CorrectIncorrect -
Question 40 of 60
40. Question
CloudVista Solutions is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable CloudVista Solutions branded page.
The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.
Which approach should the identity architect recommend?
CorrectIncorrect -
Question 41 of 60
41. Question
A global company is using the Salesforce platform as an identity provider and needs to integrate a third-party application with its Experience Cloud customer portal.
Which features should be utilized to provide users with login and identity services for the third-party application? (Choose 2)
CorrectIncorrect -
Question 42 of 60
42. Question
CloudVista Solutions wants to implement a partner community. Active community users will need to review and accept the community rules and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?
CorrectIncorrect -
Question 43 of 60
43. Question
When designing a multi-branded customer identity and access management solution on the Salesforce platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?
CorrectIncorrect -
Question 44 of 60
44. Question
CloudVista Solutions is planning to implement a community for its customers using Salesforce Experience Cloud. Customers are not able to self-register. CloudVista Solutions would like to have customers set their own passwords when provided access to the community.
Which recommendations should an identity architect make to fulfill this requirement? (Choose 2)
CorrectIncorrect -
Question 45 of 60
45. Question
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to log in with their Facebook or LinkedIn credentials.
Once enabled, what role will Salesforce play?
CorrectIncorrect -
Question 46 of 60
46. Question
CloudVista Solutions would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal should be able to self-register but be unable to automatically be assigned to a contact record until verified. External Identity licenses have been purchased for the project. After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which steps should an identity architect follow to implement the outlined requirements? (Choose 3)
CorrectIncorrect -
Question 47 of 60
47. Question
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement partner communities to provide access to their partner network.
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.How should an identity architect solution this requirement with limited custom development?
CorrectIncorrect -
Question 48 of 60
48. Question
CloudVista Solutions has an Experience Cloud site (customer community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.
How can a guest register use data previously collected during order placement?
CorrectIncorrect -
Question 49 of 60
49. Question
CloudVista Solutions is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.
Which page types are valid login page types for the site? (Choose 2)
CorrectIncorrect -
Question 50 of 60
50. Question
CloudVista Solutions has several employees who do NOT need access to Salesforce objects. The employees should sign in to a custom benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
CorrectIncorrect -
Question 51 of 60
51. Question
CloudVista Solutions recently acquired a company. Each company will retain its identity provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined company’s employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?
CorrectIncorrect -
Question 52 of 60
52. Question
An enterprise is using a Lightweight Directory Access Protocol (LDAP) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
How can end users change their passwords?
CorrectIncorrect -
Question 53 of 60
53. Question
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on, and Salesforce will be the system of record. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?
CorrectIncorrect -
Question 54 of 60
54. Question
CloudVista Solutions is setting up Salesforce to authenticate users with an external identity provider. The CloudVista Solutions Salesforce Administrator is having trouble getting things set up.
What should an identity architect use to show which part of the login assertion is failing?
CorrectIncorrect -
Question 55 of 60
55. Question
An administrator created a connected app for a custom web application in Salesforce, which needs to be visible as a tile in App Launcher. The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.
Which reasons are the source of the issue? (Choose 2)
CorrectIncorrect -
Question 56 of 60
56. Question
CloudVista Solutions would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory department.
How should an identity architect implement this requirement?
CorrectIncorrect -
Question 57 of 60
57. Question
Users logging into Salesforce are frequently prompted to verify their identity. The identity architect is required to provide recommendations so that the frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?
CorrectIncorrect -
Question 58 of 60
58. Question
CloudVista Solutions has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?
CorrectIncorrect -
Question 59 of 60
59. Question
CloudVista Solutions is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third-party applications using SAML.
What role does Salesforce Identity play in its relationship with the enterprise SSO system?
CorrectIncorrect -
Question 60 of 60
60. Question
CloudVista Solutions wants to give customers the ability to submit and manage issues with their purchases. CloudVista Solutions needs to give its customers the ability to log in with their Amazon credentials.
What should an identity architect recommend to meet these requirements?
CorrectIncorrect