
Best Salesforce Identity-and-Access-Management-Designer 2024 Training With 245 QA's
Salesforce Identity-and-Access-Management-Designer Certification Exam Questions
Salesforce Identity-and-Access-Management-Designer Exam is a proctored, multiple-choice exam, which consists of 60 questions that must be completed within 105 minutes. Identity-and-Access-Management-Designer exam is designed to test the candidate's knowledge and understanding of the core IAM concepts and principles, such as authentication, authorization, user provisioning, and identity federation. Identity-and-Access-Management-Designer exam also covers advanced topics, such as multi-factor authentication, single sign-on, and identity governance.
Difficulty in writing Identity-and-Access-Management-Designer Exam
This is exam is very difficult for those candidates who don't practice during preparation and candidates need a lab for practicing. Then practical exposure is much required to understand the contents of the exam. So, if anyone is associated with some kinds of an organization where he has opportunities to practice but if you can't afford the lab and don't have time to practice. So, Fast2test is the solution to this problem. We provide the best Salesforce Identity-and-Access-Management-Designer exam dumps and practice test for your preparation. Salesforce Identity-and-Access-Management-Designer exam dumps to ensure your success in the Salesforce Identity-and-Access-Management-Designer Certification Exam at first attempt. Our Salesforce Identity-and-Access-Management-Designer exam dumps are updated on regular basis. Fast2test has given option to download some test papers questions in PDF format, alongwith, this candidates can practice test papers online using our test engine. Fast2test provides verified questions with answers which you can expect in the exam. So, it makes easier for candidates to clear it in the first attempt itself..
NEW QUESTION # 125
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?
- A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
- B. Modify the Community pages to utilize specific fields on the User and Contact records.
- C. Modify the existing Communities registration controller to assign different profiles.
- D. Create separate login flows corresponding to the different community user personas.
Answer: C
NEW QUESTION # 126
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.
Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?
- A. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
- B. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
- C. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
- D. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
Answer: D
NEW QUESTION # 127
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?
- A. My domain is configured and active within salesforce.
- B. The identity provider is correctly preserving the Relay state
- C. The users have the correct Federation ID within salesforce.
- D. The salesforce SSO settings are using http post
Answer: B
NEW QUESTION # 128
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers
- A. Salesforce license for sales users and External Identity license for Marketing users
- B. Salesforce license for sales users and Identity license for Marketing users
- C. Salesforce license for sales users and platform license for Marketing users.
- D. Identity license for sales users and Identity connect license for Marketing users
Answer: B,C
NEW QUESTION # 129
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.
The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?
- A. Customer Community license
- B. Identity license
- C. Customer Community Plus license
- D. External Identity license
Answer: D
NEW QUESTION # 130
Which three capabilities does SAML-based Federated authentication provide? (Choose three.)
- A. Centralized federation provides single point of access, control and auditing.
- B. Web applications with no passwords are more secure and stronger against hacks.
- C. Access tokens are used to access resources on the server once the user is authenticated.
- D. SAML tokens can be in XML or JSON format and can be used interchangeably.
- E. Trust relationships between Identity Provider and Service Provider are required.
Answer: A,C,E
NEW QUESTION # 131
A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).
When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?
- A. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
- B. OIDC is more secure than SAML and therefore is the obvious choice.
- C. They are equivalent protocols and there is no real reason to choose one over the other.
- D. If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.
Answer: A
NEW QUESTION # 132
Universal Containers is setting up their Customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default Account record.
What will happen when customers self-register in the Community?
- A. The self-registration page will create a new Account record.
- B. The self-registration process will produce an error to the user.
- C. The self-registration page will ask users to select an Account.
- D. The self-registration process will create a Person Account record.
Answer: B
NEW QUESTION # 133
Universal containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to salesforce to upload the e-signatures as a file attachment and uses Oauth protocol for both Authentication and authorization. What is the most recommended and secure Oauth scope setting that an architect should recommend?
- A. Custom_permissions
- B. Id
- C. Web
- D. API
Answer: D
NEW QUESTION # 134
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?
- A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
- B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
- C. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
- D. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
Answer: D
NEW QUESTION # 135
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?
- A. View Setup Audit Trail
- B. Login History
- C. Debug Logs
- D. Apex Exception Email
Answer: B
NEW QUESTION # 136
Universal Containers (UC) has implemented SAML-based Single Sign-on for their Salesforce application and is planning to use the Salesforce mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce mobile app.
Which two recommendations should the Architect make? (Choose two.)
- A. Configure the Salesforce App to use the My Domain URL.
- B. Use the existing SAML SSO flow along with User Agent Flow.
- C. Use the existing SAML SSO flow along with Web Server Flow.
- D. Configure the Embedded Web Browser to use My Domain URL.
Answer: A,B
NEW QUESTION # 137
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?
- A. Require the use of Salesforce security tokens on passwords.
- B. Set up a proxy service for the login service in the DMZ.
- C. Include Client Id and Client Secret in the login header callout.
- D. Enforce mutual authentication between systems using SSL.
Answer: A
NEW QUESTION # 138
Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?
- A. Security Assertion Markup Language Validator
- B. SAML Metadata file importer
- C. Identity Provider Metadata download
- D. Connected App Manager
Answer: A
NEW QUESTION # 139
An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
Mow can end users change their password?
- A. Users can click on the "Forgot your Password" link on the Salesforce.com login page.
- B. Users can request the Salesforce Admin to reset their password.
- C. Users can change it on the enterprise LDAP authentication portal.
- D. Users once logged In, can go to the Change Password screen in Salesforce.
Answer: B
NEW QUESTION # 140
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers
- A. The web service must reside on a public cloud service, such as Heroku.
- B. Salesforce users will be locked out of Salesforce if the web service goes down.
- C. Delegated Authentication is enabled or disabled for the entire Salesforce org.
- D. UC will be required to develop and support a custom SOAP web service.
Answer: A,C
NEW QUESTION # 141
Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?
- A. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
- B. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
- C. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
- D. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
Answer: B
NEW QUESTION # 142
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The default client Certificate from the Develop--> API menu.
- B. The CA-signed Certificate from the Certificate and Key Management Menu.
- C. The default client Certificate or the Certificate and Key Management menu.
- D. The Self-signed Certificates from the Certificate & Key Management menu.
Answer: A
NEW QUESTION # 143
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
- A. The default Client Certificate or a Certificate from Certificate and Key Management menu.
- B. The CA-Signed Certificate from the Certificate and Key Management menu.
- C. The default Client Certificate from the Develop--> API Menu.
- D. The Self-Signed Certificates from the Certificate & Key Management menu.
Answer: C
NEW QUESTION # 144
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
- A. Set login IP ranges to the internal network for all of the app users profiles.
- B. Use Google Authenticator as an additional part of the logical processes.
- C. Disallow the use of single Sign-on for any users of the mobile app.
- D. Require high assurance sessions in order to use the connected App
Answer: B,D
NEW QUESTION # 145
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow the employees to post ideas from the Employee portal. When clicking some links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with relevant pages.
What scope should be requested when using the OAuth token to meet this requirement?
- A. full
- B. api
- C. web
- D. Visualforce
Answer: C
Explanation:
Explanation
NEW QUESTION # 146
Which three are features of federated Single Sign-on solutions? (Choose three.)
- A. It enables quick and easy provisioning and deactivating of users.
- B. It federates credentials control to authorized applications.
- C. It establishes trust between Identity Store and Service Provider.
- D. It improves affiliated applications adoption rates.
- E. It solves all identity and access management problems.
Answer: A,C,D
NEW QUESTION # 147
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?
Choose 2 answers
- A. Users choosing passwords that are the same as their Facebook password.
- B. Users accessing Salesforce from a public Wi-Fi access point.
- C. Users creating simple-to-guess password reset questions.
- D. Users leaving laptops unattended and not logging out of Salesforce.
Answer: A,B
NEW QUESTION # 148
A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers
- A. Apex coding skills are needed for registration handler to create and update users.
- B. Use declarative registration handler process builder/flow to create, update users and contacts.
- C. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
- D. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
Answer: A,C
NEW QUESTION # 149
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?
- A. Modify the existing Communities registration controller to assign different profiles.
- B. Modify the Community pages to utilize specific fields on the User and Contact records.
- C. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
- D. Create separate login flows corresponding to the different community user personas.
Answer: B
NEW QUESTION # 150
......
Quickly and Easily Pass Salesforce Exam with Identity-and-Access-Management-Designer real Dumps: https://www.fast2test.com/Identity-and-Access-Management-Designer-premium-file.html
Realistic Identity-and-Access-Management-Designer Dumps Questions To Gain Brilliant Result: https://drive.google.com/open?id=1tkiwCpwlhE5vhnicOCB12ACimAGZayr_