Question 1

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an

appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?

Options :

A :

Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the

appropriate profile.

B :

Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the

appropriate profile.

C :

Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate

profile during Just-In-Time

(JIT) provisioning.

D :

Make a callout during the login flow to query department from Active Directory to assign the

appropriate profile.

Answer: B

Question 2

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like

to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to

achieve the goal?

Options :

A :

Access Tokens

B :

Mobile pins

C : Refresh Tokens

D : Scopes

Answer: D

Question 3

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs. Which two Salesforce license types does UC need for its employees' Choose 2 answers

Options :

A : Company Community and Identity licenses

B : Identity and Identity Connect licenses

C : Chatter Only and Identity licenses

D : Salesforce and Identity Connect licenses

Answer: B,D

Question 4

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

Options :

A : Use the updateUser method on the registration Handler Class.

B : Develop a scheduled job that calls out to Facebook on a nightly basis.

C : Use information in the signed Request that is received from facebook.

D : Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Answer: A

Question 5

Identity-and-Access-Management-Architect-page101-image4

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication

and user management, which must be utilized by all applications as follows:

1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the

integrated cloud applications.

2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users

authenticated at identity provider (Central IAM Service).

Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

Options :

A :

A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain

Identity Management) for provisioning and deprovisioning of users.

B :

Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and

deprovisioning of users

C :

Configure central IAM Service as an authentication provider and extend registration handler to manage

provisioning and deprovisioning of users.

D :

Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as

well as SAML-based SSO.

Answer: A