• Home
  • Articles
  • Dec 15, 2023 Identity-and-Access-Management-Designer Exam Crack Test Engine Dumps Training With 245 Questions [Q139-Q157]

Dec 15, 2023 Identity-and-Access-Management-Designer Exam Crack Test Engine Dumps Training With 245 Questions [Q139-Q157]

Share

Dec 15, 2023 Identity-and-Access-Management-Designer Exam Crack Test Engine Dumps Training With 245 Questions

Obtain the Identity-and-Access-Management-Designer PDF Dumps Get 100% Outcomes Exam Questions For You To Pass


Salesforce Identity-and-Access-Management-Designer Certification Exam is a valuable certification for professionals who want to advance their careers in the field of identity and access management. Salesforce Certified Identity and Access Management Designer certification is recognized globally and is highly respected in the industry. It can help professionals to stand out from the crowd and demonstrate their expertise in Salesforce technologies.

 

NEW QUESTION # 139
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

  • A. DisplayState
  • B. StartURL
  • C. RedirectURL
  • D. RelayState

Answer: B


NEW QUESTION # 140
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to enter a second password after the first Authentication
  • B. Require users to supply their email and phone number, which gets validated.
  • C. Require users to provide their RSA token along with their credentials.
  • D. Require users to use a biometric reader as well as their password

Answer: C,D


NEW QUESTION # 141
Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

  • A. The flow involves passing the user credentials back and forth.
  • B. The flow will not provide an Oauth refresh token back to the server.
  • C. The web application should be hosted on a secure server.
  • D. The web server must be able to protect consumer privacy

Answer: C,D


NEW QUESTION # 142
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • B. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
  • C. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • D. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.

Answer: C,D


NEW QUESTION # 143
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app. Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? Choose 2 answers

  • A. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • B. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesfore as the IdP
  • C. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • D. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

Answer: B,D


NEW QUESTION # 144
Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

  • A. Once SSO is enabled, users are only able to login using Salesforce credentials.
  • B. Request Salesforce Support to enable delegated authentication.
  • C. Enable My Domain and select "Prevent login from https://login.salesforce.com".
  • D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.

Answer: C,D


NEW QUESTION # 145
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • B. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • C. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  • D. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

Answer: B


NEW QUESTION # 146
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • B. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at
  • C. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • D. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Answer: A

Explanation:
first login.


NEW QUESTION # 147
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • B. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • C. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

Answer: C,D


NEW QUESTION # 148
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

  • A. The self-registration page will ask user to select an account.
  • B. The self-registration process will produce an error to the user.
  • C. The self-registration page will create a new account record.
  • D. The self-registration process will create a person Account record.

Answer: D


NEW QUESTION # 149
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

  • A. Salesforce users will be locked out of Salesforce if the web service goes down.
  • B. Delegated Authentication is enabled or disabled for the entire Salesforce org.
  • C. The web service must reside on a public cloud service, such as Heroku.
  • D. UC will be required to develop and support a custom SOAP web service.

Answer: B,C


NEW QUESTION # 150
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

  • A. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
  • B. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
  • C. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
  • D. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

Answer: A,C


NEW QUESTION # 151
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Custom_permissions
  • B. Api
  • C. Refresh_token
  • D. Full

Answer: B,C


NEW QUESTION # 152
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

  • A. OAuth SAML Bearer Assertion FLow
  • B. OAuth JWT Bearer Token FLow
  • C. OAuth Refresh Token FLow
  • D. OAuth Username-Password Flow

Answer: B,D


NEW QUESTION # 153
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauth refresh token flow
  • B. Oauthjwt bearer token flow
  • C. Oauth SAML bearer assertion flow
  • D. Oauth Username-password flow

Answer: B,C


NEW QUESTION # 154
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication andblock access to reports when accessed through a Standard Assurance session.
  • B. Use SAML federatedAuthentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • C. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • D. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Answer: B


NEW QUESTION # 155
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. Email Verification Credits
  • B. External Identity Licenses
  • C. Identity Connect Licenses
  • D. SMS verification Credits

Answer: B,D


NEW QUESTION # 156
Universal Containers (UC) would like to enable SAML-based SSO for a Salesforce Partner Community. UC has an existing LDAP identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the Partner Community.
What SSO flow should an Architect recommend?

  • A. Web Server
  • B. SP-Initiated
  • C. User-Agent
  • D. IdP-Initiated

Answer: D


NEW QUESTION # 157
......


To prepare for the exam, candidates should have experience in working with Salesforce Identity and Access Management solutions and should be familiar with the Salesforce platform. They should also have knowledge of industry standards and best practices related to identity and access management, such as SAML, OAuth, OpenID Connect, and SCIM.


The Identity-and-Access-Management-Designer exam covers a range of topics, including user authentication, authorization mechanisms, identity federation, and single sign-on (SSO). You will also need to have a deep understanding of Salesforce security models, roles and permissions, and data access controls. Additionally, you will need to know how to use Salesforce tools like Identity Connect, My Domain, and Connected Apps to manage access and identity across multiple systems.

 

Identity-and-Access-Management-Designer Exam Dumps Contains FREE Real Quesions from the Actual Exam: https://www.actualcollection.com/Identity-and-Access-Management-Designer-exam-questions.html

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy