Free Salesforce Identity-and-Access-Management-Architect Practice Exam with Questions & Answers | Set: 6

For large-scale analysis of suspicious login behavior, the feature often referred to as login forensics or forensic login analysis depends on the deeper telemetry available through Salesforce Shield and related monitoring capabilities. The goal is to identify patterns such as average login volume, off-hours behavior, unusual spikes, and outlier users. Basic Login History shows individual events, but forensic analysis is about aggregating and investigating behavior at scale. That is why the organization needs the analytics-oriented login forensics capability rather than a simple list of logins. The architectural point is that fraud detection usually requires richer monitoring and analysis than the standard admin screens provide, especially in a 15,000-user environment. This is why option B is the best answer in Salesforce terms.

My Domain is a prerequisite for many modern Salesforce identity capabilities because it gives the org a unique and predictable login domain. In multi-org environments, that matters when users click record links from emails and must be routed into the correct instance and authentication path. Without My Domain, identity routing and branded login behavior become harder to control, especially when multiple orgs and external identity providers are involved. MFA and Identity Provider settings address other aspects of security, but they do not provide the unique domain-level entry point required here. The architectural role of My Domain is both technical and user-facing: it standardizes the login endpoint and helps ensure that generated links take users to the proper org context. This is why option B is the best answer in Salesforce terms.