The Secret Of Salesforce Identity-and-Access-Management-Designer Sample Question

2022 Salesforce Official New Released Identity-and-Access-Management-Designer ♥♥

Proper study guides for Avant-garde Salesforce Salesforce Certified Identity and Access Management Designer (SP19) certified begins with Salesforce Identity-and-Access-Management-Designer preparation products which designed to deliver the Practical Identity-and-Access-Management-Designer questions by making you pass the Identity-and-Access-Management-Designer test at your first time. Try the free Identity-and-Access-Management-Designer demo right now.

Free demo questions for Salesforce Identity-and-Access-Management-Designer Exam Dumps Below:

Universal Containers (UC) has a Desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and salesforce should be seamless. What Authorization flow should the Architect recommend?

  • A. JWT Bearer Token flow
  • B. Web Server Authentication Flow
  • C. User Agent Flow
  • D. Username and Password Flow

Answer: C

Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use on-the-fly provisioning
  • B. Use just-in-time provisioning
  • C. Use salesforce APIs to create users on the fly
  • D. Use Identity connect to sync users

Answer: B

Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location. Which two options should an architect recommend? Choose 2 answers

  • A. Relax the ip restriction in the connect app settings for the salesforce1 mobile app
  • B. Use login flow to bypass ip range restriction for the mobile app.
  • C. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
  • D. Remove existing restrictions on ip ranges for all types of user access.

Answer: AB

Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

  • A. Just-in-Time (JIT) provisioning
  • B. Custom middleware and web services
  • C. Custom login flow and Apex handler
  • D. Third-party AppExchange solution

Answer: A

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

  • A. The web service needs to include Source IP as a method parameter.
  • B. UC should whitelist all salesforce ip ranges on their corporate firewall.
  • C. The web service can be written using either the soap or rest protocol.
  • D. Delegated Authentication is enabled for the system administrator profile.
  • E. The return type of the Web service method should be a Boolean value

Answer: ABE

Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Custom_permissions
  • B. Api
  • C. Refresh_token
  • D. Full

Answer: BC

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

  • A. Configure a predefined authentication provider for Amazon.
  • B. Create a custom external authentication provider for Amazon.
  • C. Configure an OpenID Connect Authentication Provider for Amazon.
  • D. Configure Amazon as a connected app.

Answer: C

Which three are features of federated Single sign-on solutions? Choose 3 Answers

  • A. It establishes trust between Identity Store and Service Provider.
  • B. It federates credentials control to authorized applications.
  • C. It solves all identity and access management problems.
  • D. It improves affiliated applications adoption rates.
  • E. It enables quick and easy provisioning and deactivating of users.

Answer: ADE

Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC1 Choose 2 answers

  • A. Configure Registration for Communities to use a custom Visualforce Page.
  • B. Modify the SelfRegistration trigger to assign Profile and Account.
  • C. Modify the CommunitiesSelfRegController to assign the Profile and Account.
  • D. Configure Registration for Communities to use a custom Apex Controller.

Answer: AC

Which two considerations should be made when implementing Delegated Authentication? Choose 2 answers

  • A. The authentication web service can include custom attributes.
  • B. It can be used to authenticate API clients and mobile apps.
  • C. It requires trusted IP ranges at the User Profile level.
  • D. Salesforce servers receive but do not validate a user’s credentials.
  • E. Just-in-time Provisioning can be configured for new users.

Answer: BE

Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  • A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
  • B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
  • C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  • D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Answer: C

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

  • A. Require users to provide their RSA token along with their credentials.
  • B. Require users to supply their email and phone number, which gets validated.
  • C. Require users to enter a second password after the first Authentication
  • D. Require users to use a biometric reader as well as their password

Answer: AD

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

  • A. Validate token
  • B. Create token
  • C. Consume token
  • D. Revoke token

Answer: B

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

  • A. Identity store
  • B. Authentication store
  • C. Identity provider
  • D. Service provider

Answer: C

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

  • A. Identity Connect will not support user provisioning in UC's current environment.
  • B. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
  • C. Identity Connect will only support SP-initiated SAML flows in UC's current environment.
  • D. Identity connect is not compatible with UC's current identity environment.

Answer: A

Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  • A. As part of the body of a Salesforce Knowledge article.
  • B. In the mobile navigation menu on Salesforce for Android.
  • C. The sidebar of a Salesforce Console as a console component.
  • D. Included in the Call Control Tool that's part of Open CTI.

Answer: AC

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • A. The Identity Provider is also used to SSO into five other applications.
  • B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • C. The Issuer Certificate from the Identity Provider expired two weeks ago.
  • D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC

Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

  • A. The self-registration process will produce an error to the user.
  • B. The self-registration page will ask user to select an account.
  • C. The self-registration process will create a person Account record.
  • D. The self-registration page will create a new account record.

Answer: A

Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

  • A. Identity Licence.
  • B. Salesforce Licence.
  • C. External Identity Licence.
  • D. Salesforce Platform Licence.

Answer: D


Recommend!! Get the Full Identity-and-Access-Management-Designer dumps in VCE and PDF From Certleader, Welcome to Download: (New 196 Q&As Version)