• Home
  • Articles
  • [May 19, 2024] Valid Identity-and-Access-Management-Designer Test Answers & Identity-and-Access-Management-Designer Exam PDF [Q122-Q140]

[May 19, 2024] Valid Identity-and-Access-Management-Designer Test Answers & Identity-and-Access-Management-Designer Exam PDF [Q122-Q140]

Share

[May 19, 2024] Valid Identity-and-Access-Management-Designer Test Answers & Identity-and-Access-Management-Designer Exam PDF

Valid Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Dumps Ensure Your Passing

NEW QUESTION # 122
The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • D. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

Answer: D


NEW QUESTION # 123
An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to authenticate to Salesforce and then make API calls against the REST API.
One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce mini need for end user interaction and maximizes security.
Which OAuth flow should be used to fulfill the requirement?

  • A. JWT Bearer Flow
  • B. Web Server Flow
  • C. Username-Password Flow
  • D. User Agent Flow

Answer: A


NEW QUESTION # 124
A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 JWT Bearer Token Flow
  • B. OAuth 2.0 SAML Bearer Assertion Flow
  • C. OAuth 2.0 Asset Token Flow
  • D. OAuth 2.0 Device Authentication Row

Answer: C


NEW QUESTION # 125
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

  • A. External Identity Licence.
  • B. Identity Licence.
  • C. Salesforce Licence.
  • D. Salesforce Platform Licence.

Answer: D


NEW QUESTION # 126
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

  • A. Set trusted IP ranges for the organization.
  • B. Implement multi-factor authentication for the Salesforce org.
  • C. Implement 2FA authentication for the Salesforce org.
  • D. Implement an single sign-on for Salesforce using an external identity provider.

Answer: A


NEW QUESTION # 127
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
  • B. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Answer: C


NEW QUESTION # 128
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

  • A. Use the existing SAML-SSO flow along with User Agent Flow.
  • B. Configure the Embedded Web Browser to use My Domain URL.
  • C. Configure the Salesforce1 App to use the MY Domain URL.
  • D. Use the existing SAML SSO flow along with Web Server Flow.

Answer: A,C


NEW QUESTION # 129
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

  • A. Login Forensics
  • B. Login Report
  • C. Login Inspector
  • D. Login History

Answer: A


NEW QUESTION # 130
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

  • A. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
  • B. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
  • C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
  • D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Answer: B


NEW QUESTION # 131
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers

  • A. Client ID
  • B. Verification Code
  • C. Scopes
  • D. Refresh Token
  • E. Authorization Code

Answer: A,C,D


NEW QUESTION # 132
Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.
NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.
What should an Identity architect do to fulfill the requirement?

  • A. Configure an authentication provider for Social Login using Google and a custom registration handler.
  • B. Create an authentication provider for Social Login using Google and leverage standard registration handler.
  • C. Implement a Just-in-Time handler class that has logic to create cases upon first login.
  • D. Implement a login flow with a record create component for Case.

Answer: D


NEW QUESTION # 133
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

  • A. Create a user and a related contact.
  • B. Create a contactless user.
  • C. Create a person account.
  • D. Create only a contact.

Answer: A


NEW QUESTION # 134
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Twitter.
  • B. Create a custom external authentication provider for Twitter.
  • C. Create a custom external authentication provider for Facebook.
  • D. Configure a predefined authentication provider for Facebook.

Answer: A,D


NEW QUESTION # 135
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?

  • A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • B. Use the updateUser method on the registration Handler Class.
  • C. Use information in the signed Request that is received from facebook.
  • D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Answer: B


NEW QUESTION # 136
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

  • A. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
  • B. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
  • C. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
  • D. Use custom login flows with callouts to a third-party fingerprint scanning application.

Answer: D


NEW QUESTION # 137
Which three are features of federated Single sign-on solutions? Choose 3 Answers

  • A. It enables quick and easy provisioning and deactivating of users.
  • B. It solves all identity and access management problems.
  • C. It establishes trust between Identity Store and Service Provider.
  • D. It federates credentials control to authorized applications.
  • E. It improves affiliated applications adoption rates.

Answer: A,C,E


NEW QUESTION # 138
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. Either SP- or IdP-initiated SSO will work.
  • B. IdP-initiated SSO will not work.
  • C. SP-initiated SSO will not work.
  • D. Neither SP- nor IdP-initiated SSO will work.

Answer: D


NEW QUESTION # 139
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

  • A. Use the Salesforce Authenticator mobile app with two-step verification
  • B. Implement Single Sign-on using a corporate Identity store.
  • C. Lock sessions to the IP address from which they originated.
  • D. Increase Password complexity requirements in Salesforce.

Answer: A


NEW QUESTION # 140
......

Identity-and-Access-Management-Designer Dumps Real Exam Questions Test Engine Dumps Training: https://www.validdumps.top/Identity-and-Access-Management-Designer-exam-torrent.html

Identity-and-Access-Management-Designer exam dumps and online Test Engine: https://drive.google.com/open?id=1OGcHSdyUKfCqRgyFOzUUoaLsL_sc7qZM

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam