Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 2 Question 65 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam

Question #: 65
Topic #: 2

[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

Which configuration will meet this requirement?

ACreate and assign a permission set to all employees that includes 'MFA for User Interface Logins.'

BCreate a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

CEnable 'MFA for User Interface Logins' for your organization from Setup -> Identity Verification.

DFor all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

Show Suggested Answer

Suggested Answer: C

by Aja at Jul 08, 2025, 05:40 PM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Donette

3 months ago

A is definitely not enough, we need something stronger!

upvoted 0 times

...

Erin

4 months ago

I think C is too simple for the requirement.

upvoted 0 times

...

Joanne

4 months ago

D sounds complicated, not sure if it's necessary.

upvoted 0 times

...

Brett

4 months ago

Wait, can we really enforce MFA just with a permission set?

upvoted 0 times

...

Vanesa

4 months ago

Option B seems like the best choice for enforcing MFA.

upvoted 0 times

...

Lennie

4 months ago

Option D seems like it could work, but I’m not clear on how the High Assurance setting interacts with MFA requirements.

upvoted 0 times

...

Ben

5 months ago

I feel like option A might be too simple for the requirement since it doesn't explicitly enforce MFA for all logins.

upvoted 0 times

...

Jacinta

5 months ago

I remember that enabling MFA from Setup is a common practice, but I wonder if it applies to both login methods in this scenario.

upvoted 0 times

...

Colette

5 months ago

I think option B sounds familiar because we practiced creating custom login flows in class, but I'm not entirely sure if it's the best choice here.

upvoted 0 times

...

Lynda

5 months ago

Alright, I've got a strategy here. I'm going to eliminate the options that don't directly address the requirement, and then choose the one that seems to best meet the criteria.

upvoted 0 times

...

Delsie

5 months ago

I'm a little unsure about this one. The wording of the question and the options seems a bit technical. I'll need to re-read it a few times to make sure I understand what they're asking.

upvoted 0 times

...

Alva

6 months ago

Okay, let's see here. The question is asking about the best configuration to meet the MFA requirement. I think I have a good handle on the options, so I'll give this a shot.

upvoted 0 times

...

Olive

6 months ago

Hmm, this one seems a bit tricky. I'll need to carefully read through the options and think about how each one addresses the requirement.

upvoted 0 times

...