• Home
  • Articles
  • Best Preparations of Identity-and-Access-Management-Designer Exam 2023 Salesforce Identity and Access Management Designer Unlimited 245 Questions [Q140-Q163]

Best Preparations of Identity-and-Access-Management-Designer Exam 2023 Salesforce Identity and Access Management Designer Unlimited 245 Questions [Q140-Q163]

Share

Best Preparations of Identity-and-Access-Management-Designer Exam 2023 Salesforce Identity and Access Management Designer Unlimited 245 Questions

Focus on Identity-and-Access-Management-Designer All-in-One Exam Guide For Quick Preparation.


Salesforce Certified Identity-and-Access-Management-Designer certification exam is a proctored, multiple-choice exam that consists of 60 questions. You have 105 minutes to complete the exam, and you must score at least 68% to pass. Identity-and-Access-Management-Designer exam fee is $400, and you can take the exam either in-person or online.


Salesforce Identity-and-Access-Management-Designer certification exam is designed for professionals who are responsible for designing and implementing secure access solutions using Salesforce technology. Identity-and-Access-Management-Designer exam tests the candidate's knowledge of Salesforce's identity and access management features and their ability to design and implement secure access solutions that meet business requirements. Salesforce Certified Identity and Access Management Designer certification is ideal for professionals who work in IT security, network administration, or Salesforce development.

 

NEW QUESTION # 140
Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.
Mow can a guest register using data previously collected during order placement?

  • A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.
  • B. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
  • C. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.
  • D. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.

Answer: B


NEW QUESTION # 141
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

  • A. SAML Bearer Assertion flow
  • B. User-Agent flow
  • C. Web Server flow
  • D. Web Application flow

Answer: C


NEW QUESTION # 142
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • C. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • D. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

Answer: B


NEW QUESTION # 143
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?
Choose 2 answers

  • A. Users creating simple-to-guess password reset questions.
  • B. Users choosing passwords that are the same as their Facebook password.
  • C. Users accessing Salesforce from a public Wi-Fi access point.
  • D. Users leaving laptops unattended and not logging out of Salesforce.

Answer: B,C


NEW QUESTION # 144
The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

  • A. Jwt bearer token
  • B. Username-password
  • C. Web server
  • D. User-Agent

Answer: C,D


NEW QUESTION # 145
Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

  • A. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
  • B. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
  • C. Configure an authentication provider to delegate authentication to the LDAP directory.
  • D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: C


NEW QUESTION # 146
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

  • A. The self-registration process will produce an error to the user.
  • B. The self-registration process will create a person Account record.
  • C. The self-registration page will ask user to select an account.
  • D. The self-registration page will create a new account record.

Answer: A


NEW QUESTION # 147
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  • A. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
  • B. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
  • C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  • D. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

Answer: C


NEW QUESTION # 148
Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?

  • A. OAuth 2.0 Username-Password Flow for Special Scenarios
  • B. OAuth 2.0 Web Server Flow for Web App Integration
  • C. OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration
  • D. OAuth 2.0 Asset Token Flow for Securing Connected Devices

Answer: D


NEW QUESTION # 149
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licenses across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process.
Which two recommendations should the Architect make to address the complaints? (Choose two.)

  • A. Activate My Domain to brand each org to the specific business use case.
  • B. Implement SP-Initiated Single Sign-on flows to allow deep linking.
  • C. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
  • D. Implement Delegated Authentication from each org to the LDAP provider.

Answer: A,B


NEW QUESTION # 150
Universal Containers (UC) wants to integrate a web application with Salesforce. The UC team has implemented the OAuth Web-Server Authentication Flow for authentication purposes.
Which two considerations should an Architect point out to UC? (Choose two.)

  • A. The web server must be able to protect consumer secret.
  • B. The web application should be hosted on a secure server.
  • C. The flow involves passing the user credentials back and forth.
  • D. The flow will NOT provide an OAuth Refresh Token back to the server.

Answer: A,B


NEW QUESTION # 151
A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:
1) Customer purchases the device.
2) Customer registers the device using their mobile app.
3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.
Which OAuth flow should be used to meet these requirements?

  • A. OAuth 2.0 Asset Token Flow
  • B. OAuth 2.0 Username-Password Flow
  • C. OAuth 2.0 User-Agent Flow
  • D. OAuth 2.0 SAML Bearer Assertion Flow

Answer: A


NEW QUESTION # 152
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

  • A. The salesforce SSO settings are using http post
  • B. My domain is configured and active within salesforce.
  • C. The users have the correct Federation ID within salesforce.
  • D. The identity provider is correctly preserving the Relay state

Answer: D


NEW QUESTION # 153
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
  • B. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • C. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • D. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.

Answer: C,D


NEW QUESTION # 154
Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce?
Choose 2 answers

  • A. SAML Service Provider
  • B. SAML Identity Provider
  • C. OAuth Resource Server
  • D. OAuth Client

Answer: A,D


NEW QUESTION # 155
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

  • A. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
  • B. Remove the Login page from the list of Authentication Services on the My Domain configuration.
  • C. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
  • D. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.

Answer: B


NEW QUESTION # 156
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements?
Choose 2 answers

  • A. App Launcher
  • B. Connected Apps
  • C. Identity Connect
  • D. salesforce Canvas

Answer: A,D


NEW QUESTION # 157
Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.
Which three steps need to be configured to enable self-registration using person accounts?
Choose 3 answers

  • A. Under Login and Registration settings, ensure that the default account field is empty.
  • B. Contact Salesforce Support to enable person accounts.
  • C. Contact Salesforce Support to enable business accounts.
  • D. Set organization-wide default sharing for Contact to Public Read Only.
  • E. Enable access to person and business account record types under Public Access Settings.

Answer: A,B,E


NEW QUESTION # 158
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers

  • A. Salesforce license for sales users and External Identity license for Marketing users
  • B. Identity license for sales users and Identity connect license for Marketing users
  • C. Salesforce license for sales users and Identity license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

Answer: A,D


NEW QUESTION # 159
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

  • A. Web
  • B. Api
  • C. Id
  • D. Custom_permissions

Answer: D


NEW QUESTION # 160
Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

  • A. Facebook is the service provider and salesforce is the identity provider
  • B. Salesforce is the service provider and Facebook is the identity provider
  • C. Google is the service provider and Facebook is the identity provider
  • D. Salesforce is the service provider and Google is the identity provider

Answer: B,D


NEW QUESTION # 161
Which three types of attacks would a 2-Factor Authentication solution help garden against?

  • A. Phishing attacks
  • B. Dictionary attacks
  • C. Man-in-the-middle attacks
  • D. Key logging attacks
  • E. Network perimeter attacks

Answer: A,D,E


NEW QUESTION # 162
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • A. The Issuer Certificate from the Identity Provider expired two weeks ago.
  • B. The default language for the Identity Provider and Salesforce are Different.
  • C. The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • D. The Identity Provider is also used to SSO into five other applications.

Answer: A,B


NEW QUESTION # 163
......

Guaranteed Success with Identity-and-Access-Management-Designer Dumps: https://www.actualcollection.com/Identity-and-Access-Management-Designer-exam-questions.html

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy