Most Recent Salesforce Identity-and-Access-Management-Architect Exam Dumps

Prepare for the Salesforce Certified Platform Identity and Access Management Architect exam with our extensive collection of questions and answers. These practice Q&A are updated according to the latest syllabus, providing you with the tools needed to review and test your knowledge.

QA4Exam focus on the latest syllabus and exam objectives, our practice Q&A are designed to help you identify key topics and solidify your understanding. By focusing on the core curriculum, These Questions & Answers helps you cover all the essential topics, ensuring you're well-prepared for every section of the exam. Each question comes with a detailed explanation, offering valuable insights and helping you to learn from your mistakes. Whether you're looking to assess your progress or dive deeper into complex topics, our updated Q&A will provide the support you need to confidently approach the Salesforce Identity-and-Access-Management-Architect exam and achieve success.

The questions for Identity-and-Access-Management-Architect were last updated on Apr 21, 2026.

Viewing page 1 out of 50 pages.
Viewing questions 1-5 out of 248 questions

Get All 248 Questions & Answers

Question No. 1

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

AUse SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

BUse SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

CUse SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

DUse SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Show Answer

Correct Answer: C

Question No. 2

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

What should be enabled in Salesforce as a prerequisite?

AMy Domain

BExternal Identity

CIdentity Provider

DMulti-Factor Authentication

Show Answer

Correct Answer: A

Question No. 3

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

AUse Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.

BAdd the list of company's network IP addresses to the Login Range list under 2FA Setup.

CUse an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.

DApply the 'Two-factor Authentication for User Interface Logins' permission and Login IP Ranges for all Profiles.

Show Answer

Correct Answer: A

Question No. 4

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.

Which two connected app options need to be configured to fulfill this use case?

Choose 2 answers

ASet Permitted Users to 'Admin approved users are pre-authorized'.

BSet Permitted Users to 'All users may self-authorize'.

CSet the Session Timeout value to 3 months.

DSet the Refresh Token Policy to expire refresh token after 3 months.

Show Answer

Correct Answer: B, D

Question No. 5

Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

AResource deep linking

BApp launcher

CSSO from salesforce1 mobile app.

DLogin forensics

Show Answer

Correct Answer: A, C

Unlock All Questions for Salesforce Identity-and-Access-Management-Architect Exam

Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits

Get All 248 Questions & Answers