Try Before You Buy

Download a free sample of any of our exam questions and answers

  • 24/7 customer support, Secure shopping site
  • Free One year updates to match real exam scenarios
  • If you failed your exam after buying our products we will refund the full amount back to you.

Latest Salesforce Identity-and-Access-Management-Designer Free Certification Exam Material with 229 Q&As [Q29-Q53]

Share

Latest Salesforce Identity-and-Access-Management-Designer Free Certification Exam Material with 229 Q&As 

UPDATED Identity-and-Access-Management-Designer Exam Questions Certification Test Engine to PDF

NEW QUESTION 29
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Custom_permissions
  • B. Full
  • C. Api
  • D. Refresh_token

Answer: C,D

 

NEW QUESTION 30
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the Community.
Which two actions should an Architect recommend UC to take? (Choose two.)

  • A. Configure SSO settings for Facebook to serve as a SAML Identity Provider.
  • B. Use Delegated Authentication to call the Twitter login API to authenticate users.
  • C. Create a custom Apex Registration Handler to handle new and existing users.
  • D. Configure an Authentication Provider for LinkedIn social media accounts.

Answer: C,D

 

NEW QUESTION 31
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • B. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • C. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
  • D. To use dynamic branding, the community must be built with the Customer Account Portal template.

Answer: B,D

 

NEW QUESTION 32
Universal Containers wants to set up SSO for a selected group of users to access external applications from Salesforce through App Launcher.
Which three steps must be completed in Salesforce to accomplish the goal? (Choose three.)

  • A. Create Named Credentials for each external system.
  • B. Associate User profiles with the Connected Apps.
  • C. Complete Single Sign-on Settings in Security Controls.
  • D. Create Connected Apps for the external applications.
  • E. Complete My Domain and Identity Provider setup.

Answer: B,C,E

Explanation:
Explanation/Reference:

 

NEW QUESTION 33
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. OpenID Connect
  • B. User Agent Flow
  • C. Web Server Flow
  • D. JWT Bearer Token Flow

Answer: C

 

NEW QUESTION 34
Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

  • A. SAML Assertion flow with a Bearer Token.
  • B. Mobile Agent flow with a Bearer Token.
  • C. User Agent flow with a Refresh Token.
  • D. Web Server flow with a Refresh Token.

Answer: C

 

NEW QUESTION 35
universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

  • A. Scopes
  • B. Mobile PINS
  • C. Access Tokens
  • D. Refresh Tokens

Answer: C

 

NEW QUESTION 36
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow the employees to post ideas from the Employee portal. When clicking some links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with relevant pages.
What scope should be requested when using the OAuth token to meet this requirement?

  • A. api
  • B. full
  • C. web
  • D. Visualforce

Answer: C

 

NEW QUESTION 37
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.
The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

  • A. Identity license
  • B. Customer Community Plus license
  • C. Customer Community license
  • D. External Identity license

Answer: D

 

NEW QUESTION 38
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers

  • A. The default authentication provider certificate can be set.
  • B. The default login user can be set.
  • C. A custom registration handier can be set.
  • D. A custom error URL can be set.

Answer: C,D

 

NEW QUESTION 39
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

  • A. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
  • B. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
  • C. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
  • D. Use a self-signed certificate for salesforce and a self-signed cert for the external system

Answer: A

 

NEW QUESTION 40
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

  • A. Delegated Authentication will continue to work with a.net service.
  • B. Delegated Authentication will not work with a.net service.
  • C. Delegated Authentication will continue to work with rest services.
  • D. Delegated Authentication will not work with rest services.

Answer: A,D

 

NEW QUESTION 41
Universal containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to salesforce to upload the e-signatures as a file attachment and uses Oauth protocol for both Authentication and authorization. What is the most recommended and secure Oauth scope setting that an architect should recommend?

  • A. Custom_permissions
  • B. Id
  • C. API
  • D. Web

Answer: C

 

NEW QUESTION 42
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  • A. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  • B. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
  • C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  • D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer: C

 

NEW QUESTION 43
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • B. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Answer: C

 

NEW QUESTION 44
The security team at Universal Containers has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other uses of Salesforce, users should be allowed to use AD credentials or Salesforce credentials.
What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • B. Use SAML Federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports permission.
  • C. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically add or remove a Permission Set that grants the Export Reports permission.
  • D. Use SAML Federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

Answer: D

 

NEW QUESTION 45
An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

  • A. Use the browser's Development tools to view the Salesforce page's markup.
  • B. Paste the SAML Assertion Validator in Salesforce.
  • C. Use a browser that has an add-on/extension that can inspect SAML.
  • D. Ensure the Callback URL is correctly set in the Connected Apps settings.

Answer: B,C

 

NEW QUESTION 46
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

  • A. Login Inspector
  • B. Login Forensics
  • C. Login Report
  • D. Login History

Answer: B

 

NEW QUESTION 47
Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty data. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose
2 answers

  • A. Require a captcha at the end of the self-registration process.
  • B. Use open-ended security questions and complex password requirements
  • C. Use hidden fields populated via java script events in the self-registration page.
  • D. Primarily use lookup and picklist fields on the self registration page.

Answer: A,C

 

NEW QUESTION 48
The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • D. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Answer: A

 

NEW QUESTION 49
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the service provider.
  • B. Reference to the login address URL of the identity Provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to a URL redirect parameter at the identity provider.

Answer: D

 

NEW QUESTION 50
Under which scenario Web Server flow will be used?

  • A. Used for server-side components when page needs to be rendered.
  • B. Used for web applications when server-side code needs to interact with APIS.
  • C. Used for mobile applications and testing legacy Integrations.
  • D. Used for verifying Access protected resources.

Answer: B

 

NEW QUESTION 51
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauthjwt bearer token flow
  • B. Oauth SAML bearer assertion flow
  • C. Oauth refresh token flow
  • D. Oauth Username-password flow

Answer: A,B

 

NEW QUESTION 52
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?
Choose 2 answers

  • A. Users choosing passwords that are the same as their Facebook password.
  • B. Users leaving laptops unattended and not logging out of Salesforce.
  • C. Users creating simple-to-guess password reset questions.
  • D. Users accessing Salesforce from a public Wi-Fi access point.

Answer: A,D

 

NEW QUESTION 53
......

Get The Important Preparation Guide With Identity-and-Access-Management-Designer Dumps: https://www.examstorrent.com/Identity-and-Access-Management-Designer-exam-dumps-torrent.html

Get Totally Free Updates on Identity-and-Access-Management-Designer Dumps PDF Questions: https://drive.google.com/open?id=1T1mDCvZrByTgpP2MoHcUWrzsNeWWCegD