New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 5 Question 29 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam
Question #: 29
Topic #: 5
[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

Show Suggested Answer Hide Answer
Suggested Answer: B

by France at Dec 09, 2023, 10:18 AM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Johnna
3 months ago
Isn't it risky to rely solely on LDAP for authentication?
upvoted 0 times
...
Leota
3 months ago
Agree with Lajuana, C is the way to go!
upvoted 0 times
...
Tiffiny
3 months ago
Wait, how did the employee even log in after being disabled?
upvoted 0 times
...
Lajuana
4 months ago
I think option C makes the most sense here.
upvoted 0 times
...
Xenia
4 months ago
Sounds like they need real-time deactivation in Salesforce!
upvoted 0 times
...
Shawna
4 months ago
I feel like setting up an IdP could be a solid solution, but I’m not entirely clear on how that would work with Salesforce specifically.
upvoted 0 times
...
Alona
4 months ago
I’m a bit confused about whether delegating authentication to LDAP would actually prevent access if the user is already disabled in Salesforce.
upvoted 0 times
...
Bernardo
4 months ago
I think option C sounds familiar; it might be similar to a practice question we did about checking user status before login.
upvoted 0 times
...
Nina
5 months ago
I remember we discussed the importance of real-time deactivation in our last study session, but I'm not sure which option directly addresses that.
upvoted 0 times
...
Louvenia
5 months ago
This is a great question that really tests our understanding of identity management best practices. I feel confident I can analyze the options and recommend the most effective solution.
upvoted 0 times
...
Peter
5 months ago
I think setting up an identity provider to handle the LDAP authentication and SSO to Salesforce is probably the most robust long-term solution, even if it's a bit more complex to implement.
upvoted 0 times
...
Sharika
5 months ago
Okay, let's think this through step-by-step. The key seems to be ensuring the Salesforce deactivation happens immediately after the LDAP disable, so option A looks promising.
upvoted 0 times
...
Tran
5 months ago
Hmm, this is a tricky one. I'll need to carefully consider the different options to ensure the terminated employee can't access Salesforce after being disabled in LDAP.
upvoted 0 times
...
Olga
5 months ago
I'm a bit confused by the different authentication options here. I'll need to review the details of each approach to understand the pros and cons before deciding.
upvoted 0 times
...
Willodean
5 months ago
I'm a bit unsure about this one. I'll need to review my notes on China Mobile's frequency spectrum to make sure I have the right information before selecting an answer.
upvoted 0 times
...
Lanie
5 months ago
Okay, I've got this. Step-therapy is about using less expensive meds first, and only moving to more expensive ones if needed. The question is asking when that approach is appropriate, and the answer is clearly A - both conditions are met.
upvoted 0 times
...
Ludivina
5 months ago
Hmm, I'm a bit unsure about this one. I know the 3 Pillars have to do with banking regulations, but I can't remember the exact components. I'll have to think this through carefully.
upvoted 0 times
...
Vicki
5 months ago
Hmm, I'm a bit confused on this one. I know we need to rebuild the indexes, but I'm not sure which command is the right one. I'll have to think this through carefully.
upvoted 0 times
...

Save Cancel