The Secret Of Salesforce Identity-and-Access-Management-Designer Free Practice Questions

2022 Salesforce Official New Released Identity-and-Access-Management-Designer ♥♥

Proper study guides for Update Salesforce Salesforce Certified Identity and Access Management Designer (SP19) certified begins with Salesforce Identity-and-Access-Management-Designer preparation products which designed to deliver the Precise Identity-and-Access-Management-Designer questions by making you pass the Identity-and-Access-Management-Designer test at your first time. Try the free Identity-and-Access-Management-Designer demo right now.

Free Identity-and-Access-Management-Designer Demo Online For Salesforce Certifitcation:

Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

  • A. Identity Only License
  • B. External Identity License
  • C. Identity Verification Credits Add-on License
  • D. Identity Connect License

Answer: A

A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The use of high assurance sections are required for the connected App.
  • B. The users do not have the correct permission set assigned to them.
  • C. The connected App setting "All users may self-authorize" is enabled.
  • D. The salesforce administrators gave revoked the Oauth authorization.

Answer: B

Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

  • A. Web Server flow with a Refresh Token.
  • B. Mobile Agent flow with a Bearer Token.
  • C. User Agent flow with a Refresh Token.
  • D. SAML Assertion flow with a Bearer Token.

Answer: C

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

  • A. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
  • B. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
  • C. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
  • D. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

Answer: D

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

  • A. Use the updateUser method on the registration Handler Class.
  • B. Develop a scheduled job that calls out to Facebook on a nightly basis.
  • C. Use information in the signed Request that is received from facebook.
  • D. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Answer: A

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

  • A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
  • B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
  • C. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
  • D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

Answer: C

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

  • A. Disallow the use of Single Sign-on for any users of the mobile app.
  • B. Require High Assurance sessions in order to use the Connected App.
  • C. Set Login IP Ranges to the internal network for all of the app users Profiles.
  • D. Use Google Authenticator as an additional part of the login process

Answer: BD

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

  • A. The Oauth authorizations are being revoked by a nightly batch job.
  • B. The refresh token expiration policy is set incorrectly in salesforce
  • C. The app is requesting too many access Tokens in a 24-hour period
  • D. The users forget to check the box to remember their credentials.

Answer: B

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

  • A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
  • B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
  • C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
  • D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: D

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement? Choose 2 answers

  • A. External Identity Licenses
  • B. Identity Connect Licenses
  • C. Email Verification Credits
  • D. SMS verification Credits

Answer: AD

Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

  • A. Enable My Domain and select "Prevent login from".
  • B. Request Salesforce Support to enable delegated authentication.
  • C. Once SSO is enabled, users are only able to login using Salesforce credentials.
  • D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.

Answer: AD

Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

  • A. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
  • B. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
  • C. Use a self-signed certificate for salesforce and a self-signed cert for the external system
  • D. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

Answer: CD

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  • A. Authentication Token
  • B. Session ID
  • C. Refresh Token
  • D. Access Token

Answer: CD

A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 Asset Token Flow
  • B. OAuth 2.0 Device Authentication Row
  • C. OAuth 2.0 JWT Bearer Token Flow
  • D. OAuth 2.0 SAML Bearer Assertion Flow

Answer: A

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

  • A. Require the use of Salesforce security tokens on passwords.
  • B. Enforce mutual authentication between systems using SSL.
  • C. Include Client Id and Client Secret in the login header callout.
  • D. Set up a proxy service for the login service in the DMZ.

Answer: A

An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers. What SAML SSO setting in Salesforce provides this capability?

  • A. Identity Provider Login URL.
  • B. Issuer.
  • C. Entity Id
  • D. SAML Identity Location.

Answer: C

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

  • A. Configure SAML SSO settings.
  • B. Create a Connected App.
  • C. Configure Delegated Authentication.
  • D. Set up My Domain.

Answer: AD

Universal containers (UC) built a customer Community for customers to buy products, review orders, and
manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

  • A. Google is the service provider and Facebook is the identity provider
  • B. Salesforce is the service provider and Google is the identity provider
  • C. Facebook is the service provider and salesforce is the identity provider
  • D. Salesforce is the service provider and Facebook is the identity provider

Answer: BD

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider? Choose 2 answers

  • A. A custom registration handier can be set.
  • B. A custom error URL can be set.
  • C. The default login user can be set.
  • D. The default authentication provider certificate can be set.

Answer: AB


P.S. now are offering 100% pass ensure Identity-and-Access-Management-Designer dumps! All Identity-and-Access-Management-Designer exam questions have been updated with correct answers: (196 New Questions)