Free Practice Questions for Salesforce Identity-and-Access-Management-Architect Exam

For guest checkout scenarios that later convert a shopper into a registered customer, Salesforce self-registration is the natural starting point because it gives the site a controlled way to create an external user account. The self-registration experience can be customized so that the user enters just enough order information for the site to locate the previously collected guest data and then complete the registration. SAML and social login don’t solve the core problem, which is linking an existing guest transaction to a newly created community identity. A Connected App Handler is also not the standard Experience Cloud tool for this registration pattern. The right design is to keep registration in Salesforce and tailor the page to reconcile the new user with the known order record. This is why option A is the best answer in Salesforce terms.

Identity Connect can synchronize several Salesforce security constructs from Active Directory-driven administration, particularly the identity and authorization artifacts attached to users. Profiles and permission sets are directly relevant because they define user capabilities in Salesforce. Roles also matter because they shape record access and hierarchy behavior. Public groups can participate in permission design and assignment patterns as well. By contrast, sharing rules and permission set licenses are not the core mapping focus in the same way. The main architectural takeaway is that Identity Connect is about translating directory-based user management into Salesforce access structures, especially those that determine who a user is, what they can do, and where they sit in the org’s access model. This is why option D is the best answer in Salesforce terms.