Free Identity-and-Access-Management-Architect Actual Exam Questions
The questions for this exam were last updated on January 7, 2026
Dumps Box (DumpsBox) offers up-to-date practice exam questions for Identity-and-Access-Management-Architect certification exam which are developed and validated by Salesforce subject domain experts certified in Identity-and-Access-Management-Architect . These practice questions are update regularly as we keep an eye on any recent changes in Identity-and-Access-Management-Architect syllabus, and when there is update our team quickly adjusts the questions. This commitment to providing the best quality exam prep material to certification aspirants is what makes DumpsBox.com the best certification exam prep website. On top of that, our strong, yet strictly moderated, community based feedback keeps the content clean and current. Each question has helpful community discussion that provides it extra perspective and introduces helpful resources for better exam preparation. This also saves students from other outdated practice questions or illicit exam dumps that can have adverse affects on career. Browse through our Identity-and-Access-Management-Architect exam questions and pass your exam on first try.
Question No. 1
Refer to the exhibit.
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The
application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail
Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app
then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand
preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The
application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail
Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app
then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand
preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?
Select one option, then reveal solution.
Question No. 2
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-
signatures from its customers on their mobile devices. The mobile app connects to Salesforce to
upload the e-signature as a file attachment and uses OAuth protocol for both authentication and
authorization. What is the most recommended and secure OAuth scope setting that an Architect
should recommend?
signatures from its customers on their mobile devices. The mobile app connects to Salesforce to
upload the e-signature as a file attachment and uses OAuth protocol for both authentication and
authorization. What is the most recommended and secure OAuth scope setting that an Architect
should recommend?
Select one option, then reveal solution.
Question No. 3
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using
their corporate credentials. UC's security team is concerned about the risk of exposing the corporate
login service on the Internet and has asked that a reliable trust mechanism be put in place between
the login service and salesforce. What mechanism should an architect put in place to enable a
trusted connection between the login services and salesforce?
their corporate credentials. UC's security team is concerned about the risk of exposing the corporate
login service on the Internet and has asked that a reliable trust mechanism be put in place between
the login service and salesforce. What mechanism should an architect put in place to enable a
trusted connection between the login services and salesforce?
Select one option, then reveal solution.
Question No. 4
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order
fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they
are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth
flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they
are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth
flow should be considered that doesn't require storing credentials, client secret or refresh tokens?
Select one option, then reveal solution.
Question No. 5
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users.
The service supporting Delegated Authentication is written in Jav
a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.
Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers
The service supporting Delegated Authentication is written in Jav
a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET.
Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers
Select all that apply, then reveal solution.
Question No. 6
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce
Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to
access protected resources, including links to Salesforce resources. What would be the
recommended way to configure the IdP so that seamless access can be achieved in this scenario?
Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to
access protected resources, including links to Salesforce resources. What would be the
recommended way to configure the IdP so that seamless access can be achieved in this scenario?
Select one option, then reveal solution.
Question No. 7
Universal Containers (UC) would like its community users to be able to register and log in with
Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they
register and login. What are the two recommended actions UC can take to achieve this Functionality?
Choose 2 answers
Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they
register and login. What are the two recommended actions UC can take to achieve this Functionality?
Choose 2 answers
Select all that apply, then reveal solution.
Question No. 8
Universal containers (UC) has an e-commerce website while customers can buy products, make
payments, and manage their accounts. UC decides to build a customer Community on Salesforce and
wants to allow the customers to access the community for their accounts without logging in again.
UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario
where salesforce is the service provider, which two activities must be performed in salesforce to
make sp-Initiated SSO work? Choose 2 answers
payments, and manage their accounts. UC decides to build a customer Community on Salesforce and
wants to allow the customers to access the community for their accounts without logging in again.
UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario
where salesforce is the service provider, which two activities must be performed in salesforce to
make sp-Initiated SSO work? Choose 2 answers
Select all that apply, then reveal solution.
Question No. 9
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?
Select one option, then reveal solution.
Question No. 10
Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org
Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is
reporting that they can log in to the Identity Provider org but get a generic SAML error message
when accessing the other orgs. Which two considerations should the architect review to
troubleshoot the issue? Choose 2 answers
Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is
reporting that they can log in to the Identity Provider org but get a generic SAML error message
when accessing the other orgs. Which two considerations should the architect review to
troubleshoot the issue? Choose 2 answers
Select all that apply, then reveal solution.
Question No. 11
Universal Containers (UC) is using a custom application that will act as the Identity Provider and will
generate SAML assertions used to log in to Salesforce. UC is considering including custom
parameters in the SAML assertion. These attributes contain sensitive data and are needed to
authenticate the users. The assertions are submitted to salesforce via a browser form post. The
majority of the users will only be able to access Salesforce via UC's corporate network, but a subset
of admins and executives would be allowed access from outside the corporate network on their
mobile devices. Which two methods should an Architect consider to ensure that the sensitive data
cannot be tampered with, nor accessible to anyone while in transit?
generate SAML assertions used to log in to Salesforce. UC is considering including custom
parameters in the SAML assertion. These attributes contain sensitive data and are needed to
authenticate the users. The assertions are submitted to salesforce via a browser form post. The
majority of the users will only be able to access Salesforce via UC's corporate network, but a subset
of admins and executives would be allowed access from outside the corporate network on their
mobile devices. Which two methods should an Architect consider to ensure that the sensitive data
cannot be tampered with, nor accessible to anyone while in transit?
Select all that apply, then reveal solution.
Question No. 12
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect
against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible
from any location. Which two options should an architect recommend? Choose 2 answers
against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible
from any location. Which two options should an architect recommend? Choose 2 answers
Select all that apply, then reveal solution.
Question No. 13
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC
would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate
Customer Community user. How can this requirement be met?
would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate
Customer Community user. How can this requirement be met?
Select one option, then reveal solution.
Question No. 14
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale
business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers
business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers
Select all that apply, then reveal solution.
Question No. 15
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with
their purchases. It is important for to give its customers the ability to login with their Facebook and
Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers
their purchases. It is important for to give its customers the ability to login with their Facebook and
Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers
Select all that apply, then reveal solution.