
Best Way To Study For Salesforce Identity-and-Access-Management-Designer Exam Brilliant Identity-and-Access-Management-Designer Exam Questions PDF
Updated Verified Pass Identity-and-Access-Management-Designer Exam - Real Questions & Answers
How to book the Identity-and-Access-Management-Designer Exam
These are following steps for registering the Identity-and-Access-Management-Designer Exam. Step 1: Visit to Webassessor Exam Registration Step 2: Signup/Login to Webassessor Step 3: Select the onsite proctored or online proctored delivery method of Certification Exam Step 4: Select Date, time and confirm with a payment method
For more information, please click here.
How much Identity-and-Access-Management-Designer Exam Cost
The price of the Salesforce Identity-and-Access-Management-Designer exam is $400 USD.
NEW QUESTION 16
A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?
- A. Setup Salesforce as an Authentication Provider to the existing IdP.
- B. Setup Salesforce as a Service Provider to the existing IdP.
- C. Use Salesforce connect to synchronize LDAP passwords to Salesforce.
- D. Setup Salesforce as an IdP to authenticate against the LDAP directory.
Answer: B
NEW QUESTION 17
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers
- A. The Identity Provider can centralize enterprise password policy.
- B. The Identity Provider can authenticate multiple social media accounts.
- C. The Identity Provider can authenticate multiple applications.
- D. The Identity provider can store credentials for multiple applications.
Answer: A,C
NEW QUESTION 18
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers
- A. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
- B. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
- C. The subject element is missing from the assertion sent to salesforce.
- D. The assertion sent to 5alesforce contains an assertion ID previously used.
Answer: C,D
NEW QUESTION 19
Universal Containers has built a custom token-based Two-Factor Authentication system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-Factor login process for it, as well.
What is the recommended solution an Architect should consider?
- A. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
- B. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
- C. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
- D. Replace the custom 2FA system with an AppExchange App that supports on-premise applications and Salesforce.
Answer: A
NEW QUESTION 20
Universal containers (UC) has decided to use salesforce as an identity provider for multiple external applications. UC wants to use the salesforce app launcher to control the apps that are available to individual users. Which three steps are required to make this happen?
- A. Add each connected App to the app launcher with a start URL
- B. Set up identity connect to synchronize user data.
- C. Create a connected App for each external application.
- D. Set up an Auth provider for each external application.
- E. Set up salesforce as a SAML IDP with my domain.
Answer: A,C,E
NEW QUESTION 21
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
- A. Use an app exchange product to sync users from Active Directory to salesforce.
- B. Use Active Directory Federation Services to sync users from active directory to salesforce.
- C. Use Identity connect to sync users from Active Directory to salesforce
- D. Use the salesforce REST API to sync users from active directory to salesforce
Answer: A,C
NEW QUESTION 22
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
- A. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
- B. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
- C. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
- D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
Answer: B
NEW QUESTION 23
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?
- A. Salesforce Licence.
- B. External Identity Licence.
- C. Identity Licence.
- D. Salesforce Platform Licence.
Answer: D
NEW QUESTION 24
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65 set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?
- A. SP-initiated SSO will NOT work
- B. Neither SP- nor IdP-initiated SSO will work.
- C. Either SP- or IdP-initiated SSO will work.
- D. IdP-initiated SSO will NOT work.
Answer: B
NEW QUESTION 25
Which three types of attacks would a 2-Factor Authentication solution help garden against?
- A. Man-in-the-middle attacks
- B. Key logging attacks
- C. Dictionary attacks
- D. Network perimeter attacks
- E. Phishing attacks
Answer: B,C,D
NEW QUESTION 26
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers
- A. Client ID
- B. Refresh Token
- C. Authorization Code
- D. Scopes
- E. Verification Code
Answer: A,B,D
NEW QUESTION 27
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers
- A. Select "Enable as a Canvas Personal App" in the connected app settings.
- B. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
- C. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
- D. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
Answer: C,D
NEW QUESTION 28
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?
- A. Develop a scheduled job that calls out to Facebook on a nightly basis.
- B. Use information in the signed Request that is received from facebook.
- C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
- D. Use the updateUser method on the registration Handler Class.
Answer: C
NEW QUESTION 29
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?
- A. The self-registration page will create a new account record.
- B. The self-registration page will ask user to select an account.
- C. The self-registration process will produce an error to the user.
- D. The self-registration process will create a person Account record.
Answer: C
NEW QUESTION 30
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?
- A. Customer Community Plus license
- B. Identity license
- C. Customer Community license
- D. External Identity license
Answer: B
NEW QUESTION 31
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers
- A. The "web" OAuth scope in the connected app,
- B. The "edair_api" OAuth scope m the connected app.
- C. The "api" OAuth scope in the connected app.
- D. The Use Digital Signature option in the connected app.
Answer: C,D
NEW QUESTION 32
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?
- A. Set trusted IP ranges for the organization.
- B. Implement 2FA authentication for the Salesforce org.
- C. Implement an single sign-on for Salesforce using an external identity provider.
- D. Implement multi-factor authentication for the Salesforce org.
Answer: A
NEW QUESTION 33
......
Updated PDF (New 2021) Actual Salesforce Identity-and-Access-Management-Designer Exam Questions: https://www.dumpstorrent.com/Identity-and-Access-Management-Designer-exam-dumps-torrent.html
Dumps Moneyack Guarantee - Identity-and-Access-Management-Designer Dumps Approved Dumps: https://drive.google.com/open?id=1AkKWNqJPGiiHKOBYIPwoU8_oAeTgOO9C