• Home
  • Articles
  • [Jan-2022] Updated Salesforce Identity-and-Access-Management-Designer Dumps - PDF & Online Engine [Q73-Q93]

[Jan-2022] Updated Salesforce Identity-and-Access-Management-Designer Dumps - PDF & Online Engine [Q73-Q93]

Share

[Jan-2022] Updated Salesforce Identity-and-Access-Management-Designer Dumps – PDF & Online Engine

Identity-and-Access-Management-Designer.pdf - Questions Answers PDF Sample Questions Reliable

NEW QUESTION 73
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Twitter.
  • B. Configure a predefined authentication provider for Facebook.
  • C. Create a custom external authentication provider for Facebook.
  • D. Create a custom external authentication provider for Twitter.

Answer: A,B

 

NEW QUESTION 74
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an off-platform application for generating shipping labels. The label generator application uses OAuth to provide users access.
What license type should an Architect recommend for the customers?

  • A. Customer Community Plus license
  • B. Identity license
  • C. Customer Community license
  • D. External Identity license

Answer: B

 

NEW QUESTION 75
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

  • A. Run registration handler on incoming OAuth responses.
  • B. Call SOAP API upsertQ on user object.
  • C. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
  • D. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Answer: A

 

NEW QUESTION 76
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden.
Which two recommended ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps? (Choose two.)

  • A. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.
  • B. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
  • C. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
  • D. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

Answer: A,D

 

NEW QUESTION 77
Which three capabilities does SAML-based Federated authentication provide? (Choose three.)

  • A. Web applications with no passwords are more secure and stronger against hacks.
  • B. Trust relationships between Identity Provider and Service Provider are required.
  • C. Access tokens are used to access resources on the server once the user is authenticated.
  • D. SAML tokens can be in XML or JSON format and can be used interchangeably.
  • E. Centralized federation provides single point of access, control and auditing.

Answer: B,C,E

 

NEW QUESTION 78
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

  • A. Create only a contact.
  • B. Create a contactless user.
  • C. Create a person account.
  • D. Create a user and a related contact.

Answer: D

 

NEW QUESTION 79
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

  • A. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
  • B. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
  • C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
  • D. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

Answer: A

 

NEW QUESTION 80
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the Community.
Which two actions should an Architect recommend UC to take? (Choose two.)

  • A. Configure an Authentication Provider for LinkedIn social media accounts.
  • B. Configure SSO settings for Facebook to serve as a SAML Identity Provider.
  • C. Create a custom Apex Registration Handler to handle new and existing users.
  • D. Use Delegated Authentication to call the Twitter login API to authenticate users.

Answer: A,C

 

NEW QUESTION 81
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

  • A. Configure registration for communities to use a custom apex controller.
  • B. Modify the communitiesselfregcontroller to assign the profile and account.
  • C. Configure registration for communities to use a custom visualforce page.
  • D. Modify the selfregistration trigger to assign profile and account.

Answer: B,C

 

NEW QUESTION 82
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?

  • A. User-Token Oauth flow
  • B. SAML assertion Oauth flow
  • C. Web server Oauth flow
  • D. User-Agent Oauth flow

Answer: C

 

NEW QUESTION 83
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The connected App setting "All users may self-authorize" is enabled.
  • B. The use of high assurance sections are required for the connected App.
  • C. The users do not have the correct permission set assigned to them.
  • D. The salesforce administrators gave revoked the Oauth authorization.

Answer: C

 

NEW QUESTION 84
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  • A. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
  • B. Redirect users to the third-party app for registration.
  • C. Use a connected app with user provisioning flow.
  • D. Create Canvas app in Salesforce for third-party app to provision users.

Answer: C

 

NEW QUESTION 85
Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

  • A. Delegated Authentication will continue to work with REST services.
  • B. Delegated Authentication will continue to work with a .Net service.
  • C. Delegated Authentication will not work with REST services.
  • D. Delegated Authentication will not work with a .Net service.

Answer: B,C

 

NEW QUESTION 86
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

  • A. Configure an Authentication Provider for LinkedIn Social Media Accounts.
  • B. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
  • C. Use Delegated Authentication to call the Twitter login API to authenticate users.
  • D. Create a Custom Apex Registration Handler to handle new and existing users.

Answer: A,D

 

NEW QUESTION 87
The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • B. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • C. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • D. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Answer: B

 

NEW QUESTION 88
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

  • A. Require users to use a biometric reader as well as their password
  • B. Require users to supply their email and phone number, which gets validated.
  • C. Require users to provide their RSA token along with their credentials.
  • D. Require users to enter a second password after the first Authentication

Answer: A,C

 

NEW QUESTION 89
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

  • A. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
  • B. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
  • C. Use Login Flow to bypass IP range restriction for the mobile app.
  • D. Remove existing restrictions on IP ranges for all types of user access.

Answer: A,B

 

NEW QUESTION 90
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

  • A. Use the existing SAML-SSO flow along with User Agent Flow.
  • B. Configure the Embedded Web Browser to use My Domain URL.
  • C. Use the existing SAML SSO flow along with Web Server Flow.
  • D. Configure the Salesforce1 App to use the MY Domain URL.

Answer: A,D

 

NEW QUESTION 91
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP.
After some evaluation, UC decides NOT to 65 set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. SP-initiated SSO will NOT work
  • B. Neither SP- nor IdP-initiated SSO will work.
  • C. Either SP- or IdP-initiated SSO will work.
  • D. IdP-initiated SSO will NOT work.

Answer: B

 

NEW QUESTION 92
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

  • A. Remove the Login page from the list of Authentication Services on the My Domain configuration.
  • B. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
  • C. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
  • D. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

Answer: A

 

NEW QUESTION 93
......


What is the duration of the Identity-and-Access-Management-Designer Exam

  • Passing Score: 65%
  • Length of Examination: 120 minutes
  • Format: Multiple choices, multiple answers
  • Number of Questions: 60

 

Salesforce Identity-and-Access-Management-Designer Dumps PDF Are going to be The Best Score: https://www.exam4tests.com/Identity-and-Access-Management-Designer-valid-braindumps.html

Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam and Certification Test Engine: https://drive.google.com/open?id=1QrVixlmJDYYAbj1dbNjaaFagOSb8yCPI 

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 Exam4Tests NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy