Identity-and-Access-Management-Architect Exam Dumps - Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203)

In OAuth-based Salesforce integrations, intermittent logout behavior is often tied to token lifecycle rather than to general platform permissions. Salesforce documentation distinguishes clearly between authentication, authorization, and token validity. Even if the initial login succeeds, the user can appear to be “randomly logged out” when an access token expires, is revoked, or can no longer be refreshed according to policy. That is why token status and refresh behavior should be checked early in troubleshooting. Browser version, network delay, or missing Salesforce permissions can cause other access problems, but they do not typically explain an established SSO session ending intermittently in an OAuth flow. The first architectural checkpoint is whether the token issued by the identity provider remains valid for the expected duration. This is why option A is the best answer in Salesforce terms.

A native mobile app that must call Salesforce APIs, keep users signed in, and avoid the approval screen needs two things from the connected app configuration: the right scopes and administrator-controlled authorization. The API scope allows REST access, and the offline_access scope allows the app to obtain a refresh token so it can continue working without repeated interactive sign-in. To suppress the approval page for end users, the connected app should be set to Admin Pre-Approved rather than allowing self-authorization. JWT bearer flow is not necessary when the scenario already states a native app user flow. Salesforce guidance for mobile apps consistently focuses on choosing the appropriate OAuth scopes first and then pairing them with the correct connected app access policy. This is why option C is the best answer in Salesforce terms.

External Identity is the Salesforce license intended for business-to-consumer and other external audience identity scenarios. When the requirement is to provide single sign-on or authentication services for customers rather than internal employees, this is the licensing model architects evaluate first. Identity Only is typically used for internal workforce users who need identity services without broad CRM access, while partner licenses address collaboration models tied to partner accounts. The design driver here is audience type: the users are external consumers of a B2C-style application. Salesforce separates those audiences in licensing because the underlying access model, scale expectations, and Experience Cloud use cases differ from workforce identity. That is why External Identity is the appropriate license choice. This is why option C is the best answer in Salesforce terms.

For large-scale analysis of suspicious login behavior, the feature often referred to as login forensics or forensic login analysis depends on the deeper telemetry available through Salesforce Shield and related monitoring capabilities. The goal is to identify patterns such as average login volume, off-hours behavior, unusual spikes, and outlier users. Basic Login History shows individual events, but forensic analysis is about aggregating and investigating behavior at scale. That is why the organization needs the analytics-oriented login forensics capability rather than a simple list of logins. The architectural point is that fraud detection usually requires richer monitoring and analysis than the standard admin screens provide, especially in a 15,000-user environment. This is why option B is the best answer in Salesforce terms.

For real-time visibility into login events and other security-relevant user activity, Salesforce Event Monitoring is the purpose-built monitoring feature. Event Monitoring and Event Log Files give security and identity teams access to detailed telemetry about login behavior, session activity, API usage, and other actions that matter for threat detection and investigation. Profiles and encryption settings do not provide operational monitoring, and Data Loader is unrelated. The architectural distinction is between preventive controls and detective controls. Event Monitoring is a detective control: it helps the organization observe behavior, identify anomalies, and react quickly. When the requirement mentions unusual login patterns, security incidents, or real-time monitoring, Salesforce documentation points architects toward Event Monitoring rather than ordinary administrative setup screens. This is why option A is the best answer in Salesforce terms.