10 August, 2024

The Far Out Guide To Identity-and-Access-Management-Designer Questions

It is more faster and easier to pass the Salesforce Identity-and-Access-Management-Designer exam by using Vivid Salesforce Salesforce Certified Identity and Access Management Designer (SP19) questuins and answers. Immediate access to the Rebirth Identity-and-Access-Management-Designer Exam and find the same core area Identity-and-Access-Management-Designer questions with professionally verified answers, then PASS your exam with a high score now.

Page: 1 / 16

Total 196 questions Full Exam Access

Question 1

Universal Containers (UC) has a Desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and salesforce should be seamless. What Authorization flow should the Architect recommend?

JWT Bearer Token flow

Web Server Authentication Flow

User Agent Flow

Username and Password Flow

Question 2

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

Authentication Token

Session ID

Refresh Token

Access Token

Question 3

Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system

Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system

Use a self-signed certificate for salesforce and a self-signed cert for the external system

Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

Question 4

A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
* 1. The development team has decided to use a Canvas app to expose the pricing application to agents.
* 2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

Select "Enable as a Canvas Personal App" in the connected app settings.

Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.

Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

Question 5

Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.
NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.
What should an Identity architect do to fulfill the requirement?

Configure an authentication provider for Social Login using Google and a custom registration handler.

Implement a Just-in-Time handler class that has logic to create cases upon first login.

Create an authentication provider for Social Login using Google and leverage standard registration handler.

Implement a login flow with a record create component for Case.

Question 6

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

Entity id

Issuer

Identity provider login URL

SAML identity location

Question 7

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.

Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.

Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.

Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Question 8

An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

Consumer key and consumer secret

Federation ID

User info endpoint URL

Apex registration handler

Question 9

A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
* 1. User Authenticates and Authorizes Access
* 2. Request an Access Token
* 3. Salesforce Grants an Access Token
* 4. Request an Authorization Code
* 5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?

1, 4, 5, 2, 3

4, 1, 5, 2, 3

2, 1, 3, 4, 5

4,5,2, 3, 1

Question 10

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

Use the updateUser method on the registration Handler Class.

Develop a scheduled job that calls out to Facebook on a nightly basis.

Use information in the signed Request that is received from facebook.

Use SAML Just-In-Time Provisioning between Facebook and Salesforce.

Question 11

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.

Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.

Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Question 12

Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.

Use the custom 2fa system for on-premise applications and native 2fa for salesforce.

Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.

Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Question 13

Under which scenario Web Server flow will be used?

Used for web applications when server-side code needs to interact with APIS.

Used for server-side components when page needs to be rendered.

Used for mobile applications and testing legacy Integrations.

Used for verifying Access protected resources.

Question 14

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

Question 15

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

Trust relationships between Identity Provider and Service Provider are required.

SAML tokens can be in XML or JSON format and can be used interchangeably.

Web applications with no passwords are more secure and stronger against attacks.

Access tokens are used to access resources on the server once the user is authenticated.

Centralized federation provides single point of access, control and auditing.

Page: 1 / 16

Total 196 questions Full Exam Access