
[Mar-2026] Salesforce Plat-Arch-203 DUMPS WITH REAL EXAM QUESTIONS
2026 New DumpExam Plat-Arch-203 PDF Recently Updated Questions
NEW QUESTION # 103
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The default client Certificate or the Certificate and Key Management menu.
- B. The default client Certificate from the Develop--> API menu.
- C. The Self-signed Certificates from the Certificate & Key Management menu.
- D. The CA-signed Certificate from the Certificate and Key Management Menu.
Answer: B
NEW QUESTION # 104
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?
- A. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
- B. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
- C. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
- D. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
Answer: D
NEW QUESTION # 105
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers
- A. Build a custom Web service that is supported by Delegated Authentication.
- B. Build a custom web page that uses the identity store and calls frontdoor.jsp
- C. Implement the Openid protocol and configure an Authentication provider
- D. Use a professional social media such as LinkedIn as an Authentication provider
Answer: A,C
NEW QUESTION # 106
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?
- A. Validate that the users are checking the box to remember their passwords.
- B. Confirm that the access Token's Time-To-Live policy has been set appropriately.
- C. Verify that the Callback URL is correctly pointing to the new URI Scheme.
- D. Check the Refresh Token policy defined in the Salesforce Connected App.
Answer: D
NEW QUESTION # 107
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?
- A. Just-in-Time (JIT) provisioning
- B. Custom login flow and Apex handler
- C. Third-party AppExchange solution
- D. Custom middleware and web services
Answer: A
NEW QUESTION # 108
Northern Trail Outfitters (NTO) employees use a custom on-premise helpdesk application to request, approve, notify, and track access granted to various on-premises and cloud applications, including Salesforce. Salesforce is currently used to authenticate users.
How should NTO provision Salesforce users as soon as they are approved in the helpdesk application with the approved profiles and permission sets?
- A. Build an integration that performs a remote call-in to the Salesforce SOAP or REST API.
- B. Use Salesforce Connect to integrate with the helpdesk application.
- C. Use a login flow to query the helpdesk to validate user status.
- D. Have the helpdesk initiate an IdP-initiated Just-m-Time provisioning Security Assertion Markup Language flow.
Answer: C
NEW QUESTION # 109
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?
- A. The salesforce SSO settings are using http post
- B. My domain is configured and active within salesforce.
- C. The users have the correct Federation ID within salesforce.
- D. The identity provider is correctly preserving the Relay state
Answer: D
NEW QUESTION # 110
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
- A. OAuth SAML Bearer Assertion FLow
- B. OAuth Username-Password Flow
- C. OAuth Refresh Token FLow
- D. OAuth JWT Bearer Token FLow
Answer: A,D
NEW QUESTION # 111
An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.
Which two reasons are the source of the issue?
Choose 2 answers
- A. OAuth scope does not include "openid*.
- B. Session Policy is set as 'High Assurance Session required' for this connected app.
- C. StartURL for the connected app is not set in Connected App settings.
- D. The connected app is not set in the App menu as 'Visible in App Launcher".
Answer: B,C
NEW QUESTION # 112
Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?
- A. Configure the web application as an item in the Salesforce App Launcher.
- B. Create a Canvas app and use Signed Requests to authenticate the users.
- C. Add the web application as a ConnectedApp using OAuth User-Agent flow.
- D. Rewrite the web application as a set of Visualforce pages and Apex code.
Answer: B
NEW QUESTION # 113
An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
Mow can end users change their password?
- A. Users once logged In, can go to the Change Password screen in Salesforce.
- B. Users can click on the "Forgot your Password" link on the Salesforce.com login page.
- C. Users can change it on the enterprise LDAP authentication portal.
- D. Users can request the Salesforce Admin to reset their password.
Answer: D
NEW QUESTION # 114
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers
- A. Activate My Domain to Brand each org to the specific business use case.
- B. Implement SP-Initiated Single Sign-on flows to allow deep linking.
- C. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
- D. Implement Delegated Authentication from each org to the LDAP provider.
Answer: A,B
NEW QUESTION # 115
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.
One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.
Which OAuth flow should be used to fulfill the requirement?
- A. JWT Bearer Flow
- B. Web Server Flow
- C. User Agent Flow
- D. Username-Password Flow
Answer: A
NEW QUESTION # 116
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?
- A. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
- B. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
- C. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
- D. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
Answer: D
NEW QUESTION # 117
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?
- A. Develop a scheduled job that calls out to Facebook on a nightly basis.
- B. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
- C. Use the updateUser method on the registration Handler Class.
- D. Use information in the signed Request that is received from facebook.
Answer: C
NEW QUESTION # 118
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?
- A. Salesforce Platform Licence.
- B. External Identity Licence.
- C. Salesforce Licence.
- D. Identity Licence.
Answer: A
NEW QUESTION # 119
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?
- A. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
- B. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
- C. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
- D. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing
Answer: C
NEW QUESTION # 120
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?
- A. Use just-in-time provisioning
- B. Use salesforce APIs to create users on the fly
- C. Use on-the-fly provisioning
- D. Use Identity connect to sync users
Answer: A
NEW QUESTION # 121
Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?
- A. My Domain
- B. Identity Provider
- C. Multi-Factor Authentication
- D. External Identity
Answer: A
NEW QUESTION # 122
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?
- A. Integrate with social websites (Facebook, Linkedin. Twitter)
- B. Use Login Discovery
- C. Use an external Identity Provider
- D. Create a custom Lightning Web Component
Answer: B
NEW QUESTION # 123
Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?
- A. Add a banner to the community Home page asking users to update their profile and accept the new community rules.
- B. Create a custom landing page and email campaign asking all community members to login and verify their data.
- C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
- D. Create tasks for users who need to update their data or accept the new community rules.
Answer: C
NEW QUESTION # 124
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?
- A. Allow partners to register through the IdP and create partner users in Salesforce through an API.
- B. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
- C. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
- D. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
Answer: C
NEW QUESTION # 125
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
- A. Require high assurance sessions in order to use the connected App
- B. Set login IP ranges to the internal network for all of the app users profiles.
- C. Use Google Authenticator as an additional part of the logical processes.
- D. Disallow the use of single Sign-on for any users of the mobile app.
Answer: A,C
NEW QUESTION # 126
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.
Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?
- A. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
- B. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
- C. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
- D. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
Answer: D
NEW QUESTION # 127
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?
- A. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
- B. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
- C. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
- D. Remove the Login page from the list of Authentication Services on the My Domain configuration.
Answer: D
NEW QUESTION # 128
......
Latest Plat-Arch-203 Pass Guaranteed Exam Dumps Certification Sample Questions: https://www.dumpexam.com/Plat-Arch-203-valid-torrent.html
Plat-Arch-203 Exam with Guarantee Updated 246 Questions: https://drive.google.com/open?id=1RDS9SB4phEJcviqj0z-0mPAJhnRO8JOq
