[Jan 29, 2024] Identity-and-Access-Management-Designer Exam Dumps - Try Best Identity-and-Access-Management-Designer Exam Questions - TestPassKing
Verified Identity-and-Access-Management-Designer exam dumps Q&As with Correct 245 Questions and Answers
Salesforce Identity-and-Access-Management-Designer Exam is a challenging certification exam that requires a solid understanding of Salesforce’s security model and best practices. However, passing the exam and earning the certification can help professionals advance their careers and demonstrate their expertise in identity and access management solutions using Salesforce.
NEW QUESTION # 31
Which three are features of federated Single sign-on solutions? Choose 3 Answers
- A. It enables quick and easy provisioning and deactivating of users.
- B. It solves all identity and access management problems.
- C. It improves affiliated applications adoption rates.
- D. It federates credentials control to authorized applications.
- E. It establishes trust between Identity Store and Service Provider.
Answer: A,C,E
NEW QUESTION # 32
Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty dat a. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers
- A. Use hidden fields populated via java script events in the self-registration page.
- B. Use open-ended security questions and complex password requirements
- C. Require a captcha at the end of the self-registration process.
- D. Primarily use lookup and picklist fields on the self registration page.
Answer: A,C
NEW QUESTION # 33
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers
- A. Custom permission assignment
- B. Granting report folder access
- C. Public Group Assignment
- D. Permission sets assignment
- E. Role Assignment
Answer: C,D,E
NEW QUESTION # 34
Which two statements are capable of Identity Connect? Choose 2 answers
- A. Support multiple orgs connecting to multiple Active Directory servers.
- B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
- C. Automated user synchronization and de-activation.
- D. Synchronization of Salesforce Permission Set Licence Assignments.
Answer: B,D
NEW QUESTION # 35
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?
- A. Use the permission set license to assign the mobile app permission to sales users
- B. Use connected apps Oauth policies to restrict mobile app access to authorized users.
- C. Add a new identity provider to authenticate and authorize mobile users.
- D. Use a custom attribute on the user object to control access to the mobile app
Answer: B
NEW QUESTION # 36
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?
- A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
- B. Create custom scopes and assign to the connected app.
- C. Define a permission set that grants access to the app and assign to authorized users.
- D. Leverage external objects and data classification policies.
Answer: B
NEW QUESTION # 37
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
- A. External Identity License
- B. Identity Connect License
- C. Identity Only License
- D. Identity Verification Credits Add-on License
Answer: C
NEW QUESTION # 38
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?
- A. Create a custom application on Heroku that manages the sign-on process from Facebook.
- B. Add an Apex callout in the registration handler of the authorization provider.
- C. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
- D. Use JIT Provisioning to automatically create the account in the accounting system.
Answer: B
NEW QUESTION # 39
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers
- A. Enable "Allow customers and partners to self-register".
- B. Customize me self-registration Apex handler to create only the user record.
- C. Set jp an external login page and call Salesforce APIs for user creation.
- D. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
- E. Select the "Configurable Self-Reg Page" option under Login & Registration.
Answer: A,B,E
NEW QUESTION # 40
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?
- A. Refresh Tokens
- B. Scopes
- C. Access Tokens
- D. Mobile pins
Answer: B
NEW QUESTION # 41
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?
- A. Develop a scheduled job that calls out to Facebook on a nightly basis.
- B. Use information in the signed Request that is received from facebook.
- C. Use the updateUser method on the registration Handler Class.
- D. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
Answer: C
NEW QUESTION # 42
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?
- A. IDP - initiated SSO will not work
- B. Either sp - or IDP - initiated SSO will work
- C. Neithersp - nor IDP - initiated SSO will work
- D. Sp-Initiated SSO will not work
Answer: D
NEW QUESTION # 43
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
- A. Authentication Token
- B. Access Token
- C. Refresh Token
- D. Session ID
Answer: A,B
NEW QUESTION # 44
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.
One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.
Which OAuth flow should be used to fulfill the requirement?
- A. JWT Bearer Flow
- B. Username-Password Flow
- C. Web Server Flow
- D. User Agent Flow
Answer: A
NEW QUESTION # 45
A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers
- A. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
- B. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
- C. Apex coding skills are needed for registration handler to create and update users.
- D. Use declarative registration handler process builder/flow to create, update users and contacts.
Answer: A,C
NEW QUESTION # 46
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers
- A. Salesforce Identity Connect
- B. Salesforce Trigger & Field on Contact Object
- C. Configure Cloud Provider Load Balancer
- D. Active Directory Password Sync Plugin
Answer: A,D
NEW QUESTION # 47
......
What is the duration of the Identity-and-Access-Management-Designer Exam
- Format: Multiple choices, multiple answers
- Number of Questions: 60
- Length of Examination: 120 minutes
- Passing Score: 65%
Salesforce Identity-and-Access-Management-Designer Test Engine PDF - All Free Dumps: https://www.testpassking.com/Identity-and-Access-Management-Designer-exam-testking-pass.html
Get New Identity-and-Access-Management-Designer Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1fJ2uGjehbOwVm2Mes66gQ3QjED2aw6z4