BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Exam Identity and Access Management Architect Topic 2 Question 44 Discussion

Actual exam question for Salesforce's Identity and Access Management Architect exam
Question #: 44
Topic #: 2
[All Identity and Access Management Architect Questions]

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Malcom at Jul 16, 2024, 07:28 PM

Limited Time Offer

25%

Off

Get Premium Identity and Access Management Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Dorinda
3 months ago
Haha, maybe the terminated employee was just really persistent. Or maybe they have a future as a professional hacker. Option A is still the safest bet, though.
upvoted 0 times
Magdalene
2 months ago
Absolutely, better to be safe than sorry when it comes to user deactivations.
upvoted 0 times
...
Hobert
2 months ago
It's important to have a solid process in place to avoid security risks like this.
upvoted 0 times
...
Carole
2 months ago
Yeah, having a Just-in-Time provisioning registration handler would ensure users are deactivated in Salesforce right away.
upvoted 0 times
...
Roslyn
2 months ago
Option A is definitely the way to go to prevent this from happening again.
upvoted 0 times
...
...
Kaitlyn
3 months ago
I'm just wondering how the terminated employee managed to log in to Salesforce in the first place. Someone needs a refresher on security policies!
upvoted 0 times
...
Kimbery
3 months ago
Option D is overkill for this situation. Setting up an IdP is a lot of work when a simpler solution like A or C could do the trick.
upvoted 0 times
Avery
2 months ago
I agree, Option A seems like a more straightforward approach compared to setting up an IdP.
upvoted 0 times
...
Francine
2 months ago
Option A sounds like the best solution to prevent this from happening again.
upvoted 0 times
...
...
Eleonora
3 months ago
I agree with Alysa. A just-in-time provisioning solution is the best way to ensure users are properly deactivated across all systems.
upvoted 0 times
Carisa
2 months ago
I agree, it's important to make sure users are deactivated in all systems.
upvoted 0 times
...
Chan
3 months ago
That sounds like a good idea to prevent this from happening again.
upvoted 0 times
...
Gracia
3 months ago
I think we should create a Just-in-Time provisioning registration handler.
upvoted 0 times
...
...
Alysa
4 months ago
Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
Vivienne
2 months ago
It's important to have a seamless process to protect company data and systems.
upvoted 0 times
...
Blair
2 months ago
That sounds like a solid solution to prevent unauthorized access after termination.
upvoted 0 times
...
Adell
2 months ago
I agree, having a Just-in-Time provisioning registration handler would ensure immediate deactivation in Salesforce.
upvoted 0 times
...
Nydia
3 months ago
Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
...
Eladia
3 months ago
Agreed, it's important to have a seamless process to prevent any security breaches like the one that happened with the terminated employee.
upvoted 0 times
...
Eileen
3 months ago
Definitely, having a Just-in-Time provisioning registration handler would ensure that users are deactivated in Salesforce as soon as they are disabled in LDAP.
upvoted 0 times
...
Phil
3 months ago
Option A seems like the way to go. Deactivating the user in LDAP and Salesforce at the same time is a must-have for security.
upvoted 0 times
...
...
Sol
4 months ago
I'm not sure, but option D also seems like a strong recommendation.
upvoted 0 times
...
Georgene
4 months ago
I agree with Adelaide, Just-in-Time provisioning sounds like a good solution.
upvoted 0 times
...
Adelaide
4 months ago
I think option A is the best choice to prevent this from happening again.
upvoted 0 times
...

Save Cancel