Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Exam Identity-and-Access-Management-Architect Topic 2 Question 44 Discussion

Actual exam question for Salesforce's Salesforce Certified Identity and Access Management Architect exam
Question #: 44
Topic #: 2
[All Salesforce Certified Identity and Access Management Architect Questions]

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Malcom at Jul 16, 2024, 07:28 PM

Limited Time Offer

25%

Off

Get Premium Identity-and-Access-Management-Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dorinda
7 days ago
Haha, maybe the terminated employee was just really persistent. Or maybe they have a future as a professional hacker. Option A is still the safest bet, though.
upvoted 0 times
...
Kaitlyn
12 days ago
I'm just wondering how the terminated employee managed to log in to Salesforce in the first place. Someone needs a refresher on security policies!
upvoted 0 times
...
Kimbery
13 days ago
Option D is overkill for this situation. Setting up an IdP is a lot of work when a simpler solution like A or C could do the trick.
upvoted 0 times
...
Eleonora
21 days ago
I agree with Alysa. A just-in-time provisioning solution is the best way to ensure users are properly deactivated across all systems.
upvoted 0 times
Chan
3 days ago
User 2: That sounds like a good idea to prevent this from happening again.
upvoted 0 times
...
Gracia
12 days ago
User 1: I think we should create a Just-in-Time provisioning registration handler.
upvoted 0 times
...
...
Alysa
30 days ago
Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
Nydia
7 days ago
User 1: Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
...
Eladia
14 days ago
Agreed, it's important to have a seamless process to prevent any security breaches like the one that happened with the terminated employee.
upvoted 0 times
...
Eileen
20 days ago
Definitely, having a Just-in-Time provisioning registration handler would ensure that users are deactivated in Salesforce as soon as they are disabled in LDAP.
upvoted 0 times
...
Phil
24 days ago
Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
...
...
Sol
1 months ago
I'm not sure, but option D also seems like a strong recommendation.
upvoted 0 times
...
Georgene
2 months ago
I agree with Adelaide, Just-in-Time provisioning sounds like a good solution.
upvoted 0 times
...
Adelaide
2 months ago
I think option A is the best choice to prevent this from happening again.
upvoted 0 times
...

Save Cancel