Most Recent Identity-and-Access-Management-Designer Free Exam Questions For Salesforce Certified Identity And Access Management Designer (SP19) Certification

2022 Salesforce Official New Released Identity-and-Access-Management-Designer ♥♥
https://www.certleader.com/Identity-and-Access-Management-Designer-dumps.html


Testking offers free demo for Identity-and-Access-Management-Designer exam. "Salesforce Certified Identity and Access Management Designer (SP19)", also known as Identity-and-Access-Management-Designer exam, is a Salesforce Certification. This set of posts, Passing the Salesforce Identity-and-Access-Management-Designer exam, will help you answer those questions. The Identity-and-Access-Management-Designer Questions & Answers covers all the knowledge points of the real exam. 100% real Salesforce Identity-and-Access-Management-Designer exams and revised by experts!

Salesforce Identity-and-Access-Management-Designer Free Dumps Questions Online, Read and Test Now.

NEW QUESTION 1
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Answer: C

NEW QUESTION 2
Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

  • A. Identity Connect
  • B. Delegated Authentication
  • C. Connected Apps
  • D. Embedded Login

Answer: BD

NEW QUESTION 3
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

  • A. Use Active Directory with Reverse Proxy as the Identity Provider.
  • B. Use Microsoft Access control Service as the Authentication provider.
  • C. Use Active Directory Federation Service (ADFS) as the Identity Provider.
  • D. Use Salesforce Identity Connect as the Identity Provider.

Answer: D

NEW QUESTION 4
Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?

  • A. OpenID Connect Web Server Flo
  • B. Determine if the service provider is secure enough to store the client secret on.
  • C. Embedded Logi
  • D. Identify what level of UI customization will be required to make it match the service providers look and feel.
  • E. Salesforce REST api
  • F. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
  • G. Embedded Logi
  • H. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.

Answer: C

NEW QUESTION 5
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

  • A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
  • B. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
  • C. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
  • D. Use custom login flows with callouts to a third-party fingerprint scanning application.

Answer: D

NEW QUESTION 6
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

  • A. Trust relationships between Identity Provider and Service Provider are required.
  • B. SAML tokens can be in XML or JSON format and can be used interchangeably.
  • C. Web applications with no passwords are more secure and stronger against attacks.
  • D. Access tokens are used to access resources on the server once the user is authenticated.
  • E. Centralized federation provides single point of access, control and auditing.

Answer: ADE

NEW QUESTION 7
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. SP-initiated SSO will not work.
  • B. Neither SP- nor IdP-initiated SSO will work.
  • C. Either SP- or IdP-initiated SSO will work.
  • D. IdP-initiated SSO will not work.

Answer: B

NEW QUESTION 8
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. IdP-initiated SSO will NOT work.
  • B. Neither SP- nor IdP-initiated SSO will work.
  • C. Either SP- or IdP-initiated SSO will work.
  • D. SP-initiated SSO will NOT work

Answer: B

NEW QUESTION 9
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

  • A. Use a professional social media such as LinkedIn as an Authentication provider
  • B. Build a custom web page that uses the identity store and calls frontdoor.jsp
  • C. Build a custom Web service that is supported by Delegated Authentication.
  • D. Implement the Openid protocol and configure an Authentication provider

Answer: CD

NEW QUESTION 10
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
* 1. Enter a phone number and/or email address
* 2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?

  • A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
  • B. Create a custom login page with an Apex controlle
  • C. The controller has logic to send and verify the identity.
  • D. Create an Authentication provider and implement a self-registration handler class.
  • E. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

Answer: D

NEW QUESTION 11
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  • D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.

Answer: B

NEW QUESTION 12
Refer to the exhibit.
Identity-and-Access-Management-Designer dumps exhibit
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

  • A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
  • B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
  • C. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
  • D. Authorize third-party service by sending authorization requests to thecommunity-url/services/oauth2/authonze/expid_value.

Answer: D

NEW QUESTION 13
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

  • A. Delegated Authentication will not work with a.net service.
  • B. Delegated Authentication will continue to work with rest services.
  • C. Delegated Authentication will continue to work with a.net service.
  • D. Delegated Authentication will not work with rest services.

Answer: CD

NEW QUESTION 14
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

  • A. Modify the communitiesselfregcontroller to assign the profile and account.
  • B. Modify the selfregistration trigger to assign profile and account.
  • C. Configure registration for communities to use a custom visualforce page.
  • D. Configure registration for communities to use a custom apex controller.

Answer: AC

NEW QUESTION 15
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

  • A. Login Forensics
  • B. Login Report
  • C. Login Inspector
  • D. Login History

Answer: A

NEW QUESTION 16
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement? Choose 2 answers

  • A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
  • B. Assign the connected app to the customer community, and enable the users profile in the Community settings.
  • C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
  • D. Set each of the Connected App access settings to Admin Pre-Approved.

Answer: CD

NEW QUESTION 17
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user atfirst login.

Answer: C

NEW QUESTION 18
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

  • A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
  • B. Create separate login flows corresponding to the different community user personas.
  • C. Modify the Community pages to utilize specific fields on the User and Contact records.
  • D. Modify the existing Communities registration controller to assign different profiles.

Answer: C

NEW QUESTION 19
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the identity provider.
  • B. Reference to a URL redirect parameter at the service provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to the login address URL of the identity Provider.

Answer: B

NEW QUESTION 20
......

100% Valid and Newest Version Identity-and-Access-Management-Designer Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/Identity-and-Access-Management-Designer/ (New 196 Q&As)