Salesforce Exam Identity and Access Management Architect Topic 1 Question 50 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam

Question #: 50
Topic #: 1

[All Identity and Access Management Architect Questions]

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

AReview the User record and evaluate the login and transaction history.

BDownload the Setup Audit Trail and review all recent activities performed by the user.

CDownload the Identity Provider Event Log and evaluate the details of activities performed by the user.

DDownload the Login History and evaluate the details of logins performed by the user.

Show Suggested Answer

Suggested Answer: D

by Cherilyn at Sep 18, 2024, 05:02 PM

Limited Time Offer

25%

Off

Get Premium Identity and Access Management Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Van

6 months ago

I think downloading the Setup Audit Trail and reviewing all recent activities performed by the user could also provide valuable information.

upvoted 0 times

...

Janine

6 months ago

I agree with Raina. That would be the best first step to gather signals of account compromise.

upvoted 0 times

...

Raina

6 months ago

I think NTO should review the User record and evaluate the login and transaction history.

upvoted 0 times

...

Caren

6 months ago

You know, I've seen some pretty wild stuff in my day, but this is just getting ridiculous. Whoever compromised this account must have been feeling a little 'identity crisis'!

upvoted 0 times

...

Ezekiel

7 months ago

Option C looks promising. The Identity Provider Event Log could give us some juicy details on those shady activities.

upvoted 0 times

Cristy

5 months ago

C) Download the Identity Provider Event Log and evaluate the details of activities performed by the user.

upvoted 0 times

...

Mozell

6 months ago

B) Download the Setup Audit Trail and review all recent activities performed by the user.

upvoted 0 times

...

Justine

6 months ago

A) Review the User record and evaluate the login and transaction history.

upvoted 0 times

...

Tegan

7 months ago

I'd go with Option D. The login history is where the real clues are hiding, I bet.

upvoted 0 times

...

Olive

7 months ago

Option A seems like the obvious choice. I bet the login and transaction history will give us a good idea of what's been going on.

upvoted 0 times

Erinn

6 months ago

Let's go ahead and review the User record then.

upvoted 0 times

...

Wava

6 months ago

I agree, checking the login and transaction history will give us important information.

upvoted 0 times

...

Chery

6 months ago

Yeah, that sounds like a good first step to gather signals of account compromise.

upvoted 0 times

...

Gwen

7 months ago

I think we should review the User record and evaluate the login and transaction history.

upvoted 0 times

...