Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Exam Identity and Access Management Architect Topic 1 Question 51 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam
Question #: 51
Topic #: 1
[All Identity and Access Management Architect Questions]

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Margart at Sep 18, 2024, 11:43 AM

Limited Time Offer

25%

Off

Get Premium Identity and Access Management Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Venita
2 months ago
I see both points, but I think option C could also work. Making a callout to the LDAP directory before authenticating the user seems like a good additional security measure.
upvoted 0 times
...
Angelo
2 months ago
I disagree, I believe option D is the way to go. Setting up an identity provider with single sign-on to Salesforce will prevent unauthorized access.
upvoted 0 times
...
Jimmie
2 months ago
Haha, imagine if the terminated employee just changed their LDAP password and waltzed right back in! Option D is definitely the way to go to avoid that.
upvoted 0 times
Peter
2 months ago
I agree, using an identity provider for authentication is crucial in situations like this.
upvoted 0 times
...
Royce
2 months ago
Yeah, setting up single sign-on with LDAP would definitely add an extra layer of security.
upvoted 0 times
...
Aliza
2 months ago
Option D is a good choice, it would prevent any unauthorized access.
upvoted 0 times
...
...
Desiree
3 months ago
C is a good idea, but it might add extra latency to the login process. I'd prefer a more seamless solution like Option D.
upvoted 0 times
...
Vallie
3 months ago
Option A seems like the best solution. Syncing the LDAP directory with Salesforce in real-time is crucial to prevent unauthorized access.
upvoted 0 times
Cecil
2 months ago
Creating a Just-in-Time provisioning registration handler sounds like a good idea.
upvoted 0 times
...
Paris
2 months ago
It's definitely important to ensure users are deactivated in Salesforce as soon as they are disabled in LDAP.
upvoted 0 times
...
Barney
2 months ago
I agree, real-time syncing is important to prevent unauthorized access.
upvoted 0 times
...
Lynna
2 months ago
Option A seems like the best solution.
upvoted 0 times
...
...
Herman
3 months ago
I think option A is the best choice. It ensures users are deactivated in Salesforce as soon as they are disabled in LDAP.
upvoted 0 times
...

Save Cancel