08 August, 2024

The Secret Of Salesforce Identity-and-Access-Management-Designer Answers

Actualtests Identity-and-Access-Management-Designer Questions are updated and all Identity-and-Access-Management-Designer answers are verified by experts. Once you have completely prepared with our Identity-and-Access-Management-Designer exam prep kits you will be ready for the real Identity-and-Access-Management-Designer exam without a problem. We have Improve Salesforce Identity-and-Access-Management-Designer dumps study guide. PASSED Identity-and-Access-Management-Designer First attempt! Here What I Did.

Page: 1 / 16

Total 196 questions Full Exam Access

Question 1

Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC1 Choose 2 answers

Configure Registration for Communities to use a custom Visualforce Page.

Modify the SelfRegistration trigger to assign Profile and Account.

Modify the CommunitiesSelfRegController to assign the Profile and Account.

Configure Registration for Communities to use a custom Apex Controller.

Question 2

Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

App Launcher

Resource deep linking

SSO from Salesforce Mobile App

Question 3

Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

SP-Initiated with Deep Linking

SP-Initiated

IdP-Initiated

User-Agent

Question 4

Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

Use the existing SAML SSO flow along with user agent flow.

Configure the embedded Web browser to use my domain URL.

Use the existing SAML SSO flow along with Web server flow

Configure the salesforce1 app to use the my domain URL

Question 5

Refer to the exhibit.
Identity-and-Access-Management-Designer dumps exhibit

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.

Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.

Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.

Authorize third-party service by sending authorization requests to thecommunity-url/services/oauth2/authonze/expid_value.

Question 6

Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?

Create a Canvas app and use Signed Requests to authenticate the users.

Rewrite the web application as a set of Visualforce pages and Apex code.

Configure the web application as an item in the Salesforce App Launcher.

Add the web application as a ConnectedApp using OAuth User-Agent flow.

Question 7

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

The web application should be hosted on a secure server.

The web server must be able to protect consumer privacy

The flow involves passing the user credentials back and forth.

The flow will not provide an Oauth refresh token back to the server.

Question 8

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

Create only a contact.

Create a contactless user.

Create a user and a related contact.

Create a person account.

Question 9

Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

Financial System

Pingfederate

Salesforce Org 2

Salesforce Org 1

Question 10

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow? Choose 3 answers

Client ID

Refresh Token

Authorization Code

Verification Code

Scopes

Question 11

Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

Enable My Domain and select "Prevent login from https://login.salesforce.com".

Request Salesforce Support to enable delegated authentication.

Once SSO is enabled, users are only able to login using Salesforce credentials.

Assign user "is Single Sign-on Enabled" permission via profile or permission set.

Question 12

Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

Configure the custom employee app as a connected app.

Configure AWS as an OpenID Connect Provider.

Create a custom external authentication provider.

Develop a custom Auth server in AWS.

Question 13

Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

Check the Refresh Token policy defined in the Salesforce Connected App.

Validate that the users are checking the box to remember their passwords.

Verify that the Callback URL is correctly pointing to the new URI Scheme.

Confirm that the access Token's Time-To-Live policy has been set appropriately.

Question 14

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement? Choose 2 answers

External Identity Licenses

Identity Connect Licenses

Email Verification Credits

SMS verification Credits

Question 15

An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.

Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.

Confirm performance considerations with Salesforce Customer Support due to high peaks.

Page: 1 / 16

Total 196 questions Full Exam Access