• Home
  • Articles
  • 2023 Valid Identity-and-Access-Management-Designer FREE EXAM DUMPS QUESTIONS & ANSWERS [Q64-Q86]

2023 Valid Identity-and-Access-Management-Designer FREE EXAM DUMPS QUESTIONS & ANSWERS [Q64-Q86]

Share

2023 Valid Identity-and-Access-Management-Designer FREE EXAM DUMPS QUESTIONS & ANSWERS

Free Identity-and-Access-Management-Designer Exam Braindumps Salesforce  Pratice Exam


Salesforce Identity-and-Access-Management-Designer Exam Syllabus Topics:

TopicDetails
Topic 1
  • Access Management Best Practices
  • Describe the Risks that Two-Factor Authentication Mechanisms Aim to Mitigate
Topic 2
  • Given a Scenario, Identify the Risks and Mitigation Strategies that Session Security and Two-Factor Authentication Enable
Topic 3
  • Accepting Third-Party Identity in Salesforce
  • Describe the Risks of Implementing Delegated Authentication, Components of a Delegated Authentication Solution
Topic 4
  • Salesforce as an Identity Provider
  • Describe the Role(s) Connected Apps Play When Salesforce Needs to Provide Identity to a Third-Party System
Topic 5
  • Describe the Components of an Identity Management Solution Where Salesforce is Accepting Identity from a Third Party
Topic 6
  • Describe the Various Implementation Concepts of OAuth
  • Given a Scenario, Recommend the Salesforce Technologies That Should be Used to Provide Identity to the Third-Party System
Topic 7
  • Describe the Risks to Enterprise Security that Federated Single Sign-on Solutions Aim to Address

 

NEW QUESTION 64
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

  • A. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
  • B. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
  • C. Use Login Flow to bypass IP range restriction for the mobile app.
  • D. Remove existing restrictions on IP ranges for all types of user access.

Answer: A,B

 

NEW QUESTION 65
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

  • A. OAuth JWT Bearer Token FLow
  • B. OAuth SAML Bearer Assertion FLow
  • C. OAuth Username-Password Flow
  • D. OAuth Refresh Token FLow

Answer: A,C

 

NEW QUESTION 66
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

  • A. Use connected apps Oauth policies to restrict mobile app access to authorized users.
  • B. Use the permission set license to assign the mobile app permission to sales users
  • C. Add a new identity provider to authenticate and authorize mobile users.
  • D. Use a custom attribute on the user object to control access to the mobile app

Answer: C

 

NEW QUESTION 67
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app.
Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? (Choose two.)

  • A. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • B. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • C. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • D. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

Answer: B,D

 

NEW QUESTION 68
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • B. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • C. To use dynamic branding, the community must be built with the Customer Account Portal template.
  • D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

Answer: A,C

 

NEW QUESTION 69
Which three types of attacks would a 2-Factor Authentication solution help garden against?

  • A. Network perimeter attacks
  • B. Phishing attacks
  • C. Man-in-the-middle attacks
  • D. Key logging attacks
  • E. Dictionary attacks

Answer: A,D,E

 

NEW QUESTION 70
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

  • A. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
  • B. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
  • C. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
  • D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Answer: A

 

NEW QUESTION 71
Universal Containers (UC) wants to integrate a web application with Salesforce. The UC team has implemented the OAuth Web-Server Authentication Flow for authentication purposes.
Which two considerations should an Architect point out to UC? (Choose two.)

  • A. The web server must be able to protect consumer secret.
  • B. The web application should be hosted on a secure server.
  • C. The flow will NOT provide an OAuth Refresh Token back to the server.
  • D. The flow involves passing the user credentials back and forth.

Answer: A,B

 

NEW QUESTION 72
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

  • A. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
  • B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • C. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • D. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

Answer: B

 

NEW QUESTION 73
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

  • A. Financial System
  • B. Pingfederate
  • C. Salesforce Org 2
  • D. Salesforce Org 1

Answer: B,D

 

NEW QUESTION 74
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

  • A. The default Client Certificate from the Develop--> API Menu.
  • B. The default Client Certificate or a Certificate from Certificate and Key Management menu.
  • C. The CA-Signed Certificate from the Certificate and Key Management menu.
  • D. The Self-Signed Certificates from the Certificate & Key Management menu.

Answer: A

 

NEW QUESTION 75
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

  • A. The Self-signed Certificates from the Certificate & Key Management menu.
  • B. The default client Certificate from the Develop--> API menu.
  • C. The default client Certificate or the Certificate and Key Management menu.
  • D. The CA-signed Certificate from the Certificate and Key Management Menu.

Answer: B

 

NEW QUESTION 76
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

  • A. The Identity provider can store credentials for multiple applications.
  • B. The Identity Provider can centralize enterprise password policy.
  • C. The Identity Provider can authenticate multiple applications.
  • D. The Identity Provider can authenticate multiple social media accounts.

Answer: B,C

 

NEW QUESTION 77
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were a part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app.
What should the Architect at UC first investigate?

  • A. Confirm that the Access Token's Time-To-Live policy has been set appropriately.
  • B. Verify that the Callback URL is correctly pointing to the new URI Scheme.
  • C. Validate that the users are checking the box to remember their passwords.
  • D. Check the Refresh Token Policy defined in the Salesforce Connected App.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 78
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

  • A. Create a custom OAuth scope.
  • B. A Leverage OpenID Connect Token Introspection.
  • C. Query using OpenID Connect discovery endpoint.
  • D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer: B

 

NEW QUESTION 79
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

  • A. The administrator forgot to reset the new user's salesforce password.
  • B. The Federation ID field on the new user records is not correctly set
  • C. The new users do not have the SSO permission enabled on their profiles.
  • D. The my domain capability is not enabled on the new user's profile.

Answer: B

 

NEW QUESTION 80
Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

  • A. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.
  • B. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."
  • C. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
  • D. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

Answer: C

 

NEW QUESTION 81
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints?
Choose 2 answers

  • A. Implement SP-Initiated Single Sign-on flows to allow deep linking.
  • B. Activate My Domain to Brand each org to the specific business use case.
  • C. Implement Delegated Authentication from each org to the LDAP provider.
  • D. Implement IdP-Initiated Single Sign-on flows to allow deep linking.

Answer: A,B

 

NEW QUESTION 82
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which twocapabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose
2 answers

  • A. The Identity provider can store credentials for multiple applications.
  • B. The Identity Provider can centralize enterprise password policy.
  • C. The Identity Provider can authenticate multiple applications.
  • D. The Identity Provider can authenticate multiple social media accounts.

Answer: B,C

 

NEW QUESTION 83
Containers (UC) has multiple Salesforce Orgs and would like to use a single Identity Provider to access all of their orgs. How should UC's Architect enable this behaviour?

  • A. Ensure that users have the same Email Value in their user records in all of UC's Salesforce orgs.
  • B. Ensure the same username is allowed in multiple orgs by contacting Salesforce Support.
  • C. Ensure that users have the same Alias value in their user records in all of UC's Salesforce orgs.
  • D. Ensure that users have the same Federation ID value in their User records in all of UC's Salesforce orgs

Answer: D

 

NEW QUESTION 84
Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?

  • A. Add the Employee portal's IP address to the Login IP range on the user profile.? May two answers
  • B. Add the Employee portal's IP Address to the trusted IP range for the Connected App.
  • C. Use a digital certificate signed by the Employee portal server.
  • D. Use a dedicated profile for the user the Employee portal user.

Answer: B

 

NEW QUESTION 85
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

  • A. Enforce mutual authentication between systems using SSL.
  • B. Include Client Id and Client Secret in the login header callout.
  • C. Set up a proxy service for the login service in the DMZ.
  • D. Require the use of Salesforce security tokens on passwords.

Answer: D

 

NEW QUESTION 86
......

Prepare For Realistic Identity-and-Access-Management-Designer Dumps PDF - 100% Passing Guarantee: https://www.validdumps.top/Identity-and-Access-Management-Designer-exam-torrent.html

Practice Test for Identity-and-Access-Management-Designer Certification Real 2023 Mock Exam: https://drive.google.com/open?id=1GJ_89BFkbldIpqvNtlrXBSG8q7ARE9mV

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam