Free Platform Identity and Access Management ArchitectPractice Test

A global enterprise with 500,000 customer portal users needs to implement identity management for their Salesforce Community. The company wants to reduce authentication overhead and improve user experience by allowing users to authenticate once across multiple applications. Which identity architecture should an Identity Architect recommend?

An organization wants to enable Social Sign-On for their Experience Cloud site using Facebook, Google, and LinkedIn. After configuration, users report that authentication works but no user records are being created in Salesforce. What is the most likely cause?

A company needs to provide temporary access to external auditors who require read-only access to specific objects for 30 days. The auditors should not count against the organization's user licenses. What is the best solution?

An Identity Architect is designing a solution where Salesforce will act as a Service Provider in a SAML SSO implementation. The Identity Provider uses SHA-256 for signing SAML assertions. After configuration, authentication fails with a signature validation error. What should the architect verify first?

A company wants to implement Just-in-Time (JIT) provisioning for their SAML SSO integration. Users should be created automatically on first login, but existing users should have their attributes updated. Which component is responsible for this functionality?

An organization has implemented My Domain and wants to prevent users from accessing Salesforce using the generic login.salesforce.com URL for security reasons. What configuration should be applied?

A healthcare organization needs to implement a solution where patient portal users can grant temporary access to their records to family members or caregivers. The solution must support revocation and audit trails. Which identity pattern best addresses this requirement?

A company's external users are complaining that they must log in multiple times per day to access their Community. The session timeout is set to 2 hours. What should an architect investigate as the most likely cause?

An enterprise is implementing a mobile application that needs to access Salesforce APIs. The application should access data on behalf of users without storing credentials. Which OAuth 2.0 flow should be implemented?

What is the primary purpose of implementing an Identity Connect solution in a Salesforce identity architecture?

A financial services company must comply with regulations requiring step-up authentication for sensitive transactions. Users accessing standard features should have normal authentication, but viewing account balances requires additional verification. How should this be architected?

An organization uses multiple Salesforce orgs (Production, UAT, Development) and wants users to have consistent access across all environments. What is the best practice for managing Federation IDs?

A company has implemented SAML SSO with Salesforce as the Service Provider. Users report that login works correctly from the company network but fails when working remotely. What is the most likely configuration issue?

An architect needs to design a solution for a mobile app that will make API calls to Salesforce on behalf of thousands of users. The app should minimize authentication overhead and support offline capabilities. What combination of OAuth configurations is most appropriate?

A company wants to implement user provisioning where user accounts are created in Salesforce when they're added to the corporate Identity Provider, and deactivated when removed. What is the recommended approach?

An organization requires that all API integrations use OAuth 2.0 with certificate-based authentication for enhanced security. The integration will run as a specific service account without user interaction. Which OAuth flow is most appropriate?

A global company needs to implement identity governance across multiple Salesforce orgs, external applications, and cloud services. They need centralized visibility into user access, automated access reviews, and compliance reporting. What should an Identity Architect recommend?

A company's Experience Cloud site experiences intermittent authentication failures during peak hours. The site uses SAML SSO with an external Identity Provider. Log analysis shows no errors in Salesforce. What should be investigated?

What is a key consideration when implementing Single Logout (SLO) in a SAML SSO environment with Salesforce?

An organization wants to track and audit all authentication events, including successful logins, failed attempts, and logout events across all channels (web, mobile, API). What should be configured?