14 August, 2024

The Renew Guide To Identity-and-Access-Management-Designer Free Exam Questions

Master the Identity-and-Access-Management-Designer Salesforce Certified Identity and Access Management Designer (SP19) content and be ready for exam day success quickly with this Actualtests Identity-and-Access-Management-Designer free question. We guarantee it!We make it a reality and give you real Identity-and-Access-Management-Designer questions in our Salesforce Identity-and-Access-Management-Designer braindumps.Latest 100% VALID Salesforce Identity-and-Access-Management-Designer Exam Questions Dumps at below page. You can use our Salesforce Identity-and-Access-Management-Designer braindumps and pass your exam.

Page: 1 / 16

Total 196 questions Full Exam Access

Question 1

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

Configure SAML SSO settings.

Configure Delegated Authentication

Create a connected App

Set up my domain

Question 2

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

The Federation ID must be a valid Salesforce Username

The Federation ID must is case sensitive

The Federation ID must be in the form of an email address.

The Federation ID must be populated on the user record.

Question 3

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

Use the same SAML Identity location as the first org.

Use a different Entity ID than the first org.

Use the same request bindings as the first org.

Use the Salesforce Username as the SAML Identity Type.

Question 4

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.

Enable the "Enforce Ip restrictions" settings in the connected App.

Enable the "All users may self-authorize" setting in the Connected App.

Enable the "High Assurance session required" setting in the Connected App.

Question 5

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

Customer Community license

Identity license

Customer Community Plus license

External Identity license

Question 6

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

Require users to provide their RSA token along with their credentials.

Require users to supply their email and phone number, which gets validated.

Require users to enter a second password after the first Authentication

Require users to use a biometric reader as well as their password

Question 7

Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

Create an After Insert Apex trigger on the user object to assign specific custom permissions.

Create separate login flows corresponding to the different community user personas.

Modify the Community pages to utilize specific fields on the User and Contact records.

Modify the existing Communities registration controller to assign different profiles.

Question 8

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC’s middleware authenticate to Salesforce while adhering to this requirement?

Create a Connected App that supports the JWT Bearer Token OAuth Flow.

Create a Connected App that supports the Refresh Token OAuth Flow

Create a Connected App that supports the Web Server OAuth Flow.

Create a Connected App that supports the User-Agent OAuth Flow.

Question 9

Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

Identity Licence.

Salesforce Licence.

External Identity Licence.

Salesforce Platform Licence.

Question 10

Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

Include client ID and client secret in the login header callout.

Set up a proxy server for the login service in the DMZ.

Require the use of Salesforce security Tokens on password.

Enforce mutual Authentication between systems using SSL.

Question 11

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors? Choose 2 answers

The subject element is missing from the assertion sent to salesforce.

The certificate loaded into SSO configuration does not match the certificate used by the IdP.

The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

The assertion sent to 5alesforce contains an assertion ID previously used.

Question 12

How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

Call SOAP API upsertQ on user object.

Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Run registration handler on incoming OAuth responses.

Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

Question 13

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

Configure the main salesforce org as an Authentication provider.

Configure the main salesforce org as the Identity provider.

Configure the regional salesforce orgs as Identity Providers.

Configure the main Salesforce org as a service provider.

Question 14

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.

Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.

Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.

Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

Question 15

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

Identity Connect will not support user provisioning in UC's current environment.

Identity Connect will only support Idp-initiated SAML flows in UC's current environment.

Identity Connect will only support SP-initiated SAML flows in UC's current environment.

Identity connect is not compatible with UC's current identity environment.

Page: 1 / 16

Total 196 questions Full Exam Access