Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 4 Question 75 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam

Question #: 75
Topic #: 4

[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

Which configuration will meet this requirement?

ACreate and assign a permission set to all employees that includes 'MFA for User Interface Logins.'

BCreate a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

CEnable 'MFA for User Interface Logins' for your organization from Setup -> Identity Verification.

DFor all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

Show Suggested Answer

Suggested Answer: C

by Marshall at Apr 10, 2026, 12:10 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Janey

10 hours ago

I’m leaning towards option A since it seems straightforward to assign a permission set, but I wonder if it really enforces MFA for all login methods as required.

upvoted 0 times

...

Laticia

6 days ago

I feel like option D could be a solution too, especially since it mentions session security levels, but I’m not clear on how that ties into MFA specifically.

upvoted 0 times

...

Pansy

11 days ago

I remember discussing option C in class, but I’m a bit confused about whether enabling it from Setup alone would meet the requirement without additional configurations.

upvoted 0 times

...

Johnson

16 days ago

I think option B sounds familiar because we practiced creating custom login flows in our last session, but I'm not entirely sure if it’s the only way to enforce MFA.

upvoted 0 times

...