• Home
  • Articles
  • [Jan 13, 2024] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question [Q131-Q154]

[Jan 13, 2024] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question [Q131-Q154]

Share

[Jan 13, 2024] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question

Identity-and-Access-Management-Designer dumps & Salesforce Identity and Access Management Designer sure practice dumps


Salesforce Identity and Access Management Designer certification exam is a comprehensive test that evaluates the candidate's knowledge of Salesforce's security model, authentication protocols, and authorization methods. Identity-and-Access-Management-Designer exam also assesses the candidate's expertise in designing and implementing custom security solutions that meet the specific needs of an organization. Individuals who have passed this certification exam are recognized as experts in designing and implementing secure identity and access management solutions in Salesforce.


Salesforce Certified Identity and Access Management Designer certification exam consists of 60 multiple-choice questions, and candidates have 120 minutes to complete the exam. Identity-and-Access-Management-Designer exam covers a wide range of topics, including Salesforce security architecture, user authentication and authorization, identity and access management, and integration with external systems.

 

NEW QUESTION # 131
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

  • A. Set up a proxy server for the login service in the DMZ.
  • B. Include client ID and client secret in the login header callout.
  • C. Enforce mutual Authentication between systems using SSL.
  • D. Require the use of Salesforce security Tokens on password.

Answer: D


NEW QUESTION # 132
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

  • A. Refresh Tokens
  • B. Scopes
  • C. Mobile pins
  • D. Access Tokens

Answer: B


NEW QUESTION # 133
The security team at Universal Containers has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other uses of Salesforce, users should be allowed to use AD credentials or Salesforce credentials.
What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically add or remove a Permission Set that grants the Export Reports permission.
  • C. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • D. Use SAML Federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports permission.

Answer: A


NEW QUESTION # 134
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. Web
  • B. Refresh token
  • C. full
  • D. API

Answer: B,D


NEW QUESTION # 135
Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

  • A. Create a custom external authentication provider.
  • B. Configure AWS as an OpenID Connect Provider.
  • C. Develop a custom Auth server in AWS.
  • D. Configure the custom employee app as a connected app.

Answer: B


NEW QUESTION # 136
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

  • A. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
  • B. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
  • C. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
  • D. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.

Answer: D


NEW QUESTION # 137
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • B. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • C. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • D. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

Answer: D


NEW QUESTION # 138
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

  • A. The salesforce SSO settings are using http post
  • B. My domain is configured and active within salesforce.
  • C. The identity provider is correctly preserving the Relay state
  • D. The users have the correct Federation ID within salesforce.

Answer: C


NEW QUESTION # 139
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grants an Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?

  • A. 1, 4, 5, 2, 3
  • B. 4,5,2, 3, 1
  • C. 4, 1, 5, 2, 3
  • D. 2, 1, 3, 4, 5

Answer: B


NEW QUESTION # 140
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

  • A. Canvas App Integration
  • B. Connected App and OAuth scopes
  • C. Authentication Providers
  • D. OAuth Tokens

Answer: B


NEW QUESTION # 141
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  • B. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • C. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • D. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.

Answer: B


NEW QUESTION # 142
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. Web Server Flow
  • B. JWT Bearer Token Flow
  • C. OpenID Connect
  • D. User Agent Flow

Answer: A


NEW QUESTION # 143
A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers

  • A. Apex coding skills are needed for registration handler to create and update users.
  • B. Use declarative registration handler process builder/flow to create, update users and contacts.
  • C. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
  • D. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.

Answer: A,D


NEW QUESTION # 144
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location.
Which two options should an architect recommend? Choose 2 answers

  • A. Relax the ip restriction in the connect app settings for the salesforce1 mobile app
  • B. Remove existing restrictions on ip ranges for all types of user access.
  • C. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
  • D. Use login flow to bypass ip range restriction for the mobile app.

Answer: A,D


NEW QUESTION # 145
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?

  • A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
  • B. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-
  • C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
  • D. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.

Answer: D


NEW QUESTION # 146
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

  • A. The administrator forgot to reset the new user's salesforce password.
  • B. The my domain capability is not enabled on the new user's profile.
  • C. The Federation ID field on the new user records is not correctly set
  • D. The new users do not have the SSO permission enabled on their profiles.

Answer: C


NEW QUESTION # 147
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Facebook.
  • B. Create a custom external authentication provider for Facebook.
  • C. Create a custom external authentication provider for Twitter.
  • D. Configure a predefined authentication provider for Twitter.

Answer: A,D


NEW QUESTION # 148
Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

  • A. Implement Delegated Authentication that will update the user profiles as necessary.
  • B. Implement an OAuth JWT flow to pass the profile credentials between systems.
  • C. Create an Apex scheduled job in one org that will synchronize the other org's profiles.
  • D. Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.

Answer: D


NEW QUESTION # 149
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the service provider.
  • B. Reference to the login address URL of the identity Provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to a URL redirect parameter at the identity provider.

Answer: D


NEW QUESTION # 150
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

  • A. User-Agent Oauth flow
  • B. User-Token Oauth flow
  • C. Web server Oauth flow
  • D. SAML assertion Oauth flow

Answer: D


NEW QUESTION # 151
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

  • A. User Full Name
  • B. User Email Address
  • C. Federation ID
  • D. Salesforce User ID
  • E. Salesforce Username

Answer: A,B,C


NEW QUESTION # 152
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

  • A. Login Forensics
  • B. SSO from Salesforce Mobile App
  • C. Resource deep linking
  • D. App Launcher

Answer: B


NEW QUESTION # 153
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use on-the-fly provisioning
  • B. Use salesforce APIs to create users on the fly
  • C. Use just-in-time provisioning
  • D. Use Identity connect to sync users

Answer: C


NEW QUESTION # 154
......


Salesforce Identity-and-Access-Management-Designer certification is an excellent choice for professionals who want to advance their careers in the field of identity and access management. By earning this certification, individuals can demonstrate their expertise in designing and implementing solutions that meet the complex needs of modern organizations, and position themselves as leaders in this rapidly growing field.

 

Salesforce Identity-and-Access-Management-Designer Actual Questions and Braindumps: https://www.examslabs.com/Salesforce/Salesforce-Identity-and-Access-Management-Designer/best-Identity-and-Access-Management-Designer-exam-dumps.html

Pass Identity-and-Access-Management-Designer Exam with Updated Identity-and-Access-Management-Designer Exam Dumps PDF 2024: https://drive.google.com/open?id=1hQ8nsaYzdBAPPFPaD-q_JMGCfabEPXwi

Related Articles

more
Go To Identity-and-Access-Management-Designer Questions