[Sep 27, 2022] Verified Identity-and-Access-Management-Designer dumps and 245 unique questions [Q89-Q113]

September 27, 2022 admin 0

Categories : Identity-and-Access-Management-Designer , Salesforce

4/5 - (3 votes)

[Sep 27, 2022] Verified Identity-and-Access-Management-Designer dumps and 245 unique questions

Identity-and-Access-Management-Designer Dumps for Pass Guaranteed – Pass Identity-and-Access-Management-Designer Exam 2022

Q89. A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?

Facebook and Linkedln will be the SPs.

Salesforce will be the service provider (SP).

Salesforce will be the identity provider (IdP).

Facebook and Linkedln will act as the IdPs and SPs.

Q90. Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

Create a custom application on Heroku that manages the sign-on process from Facebook.

Use JIT Provisioning to automatically create the account in the accounting system.

Add an Apex callout in the registration handler of the authorization provider.

Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Q91. Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

Disallow the use of Single Sign-on for any users of the mobile app.

Require High Assurance sessions in order to use the Connected App.

Set Login IP Ranges to the internal network for all of the app users Profiles.

Use Google Authenticator as an additional part of the login process

Q92. A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing IdP.

Setup Salesforce as an IdP to authenticate against the LDAP directory.

Use Salesforce connect to synchronize LDAP passwords to Salesforce.

Setup Salesforce as an Authentication Provider to the existing IdP.

Q93. An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user’s Salesforce session Is revoked Immediately.

If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.

Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.

When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Q94. Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

Q95. Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

Just-in-Time (JIT) provisioning

Custom middleware and web services

Custom login flow and Apex handler

Third-party AppExchange solution

Q96. Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

Configure a predefined authentication provider for Amazon.

Create a custom external authentication provider for Amazon.

Configure an OpenID Connect Authentication Provider for Amazon.

Configure Amazon as a connected app.

Q97. Universal Containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use Salesforce Ideas and provide the ability for employees to post ideas from the company portal. They use SAML-based SSO to get into the Company portal and would like to leverage it to access Salesforce. Most of the users don’t exist in Salesforce and they would like the user records created in Salesforce Communities the first time they try to access Salesforce.
What recommendation should an Architect make to meet this requirement?

Use Salesforce APIs to create users on the fly.

Use Just-in-Time provisioning.

Use On-the-Fly provisioning.

Use Identity Connect to sync users.

Q98. Universal Container’s (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.
UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.
Which of the following license types should be used to meet the requirement?

External Apps License

Partner Community License

Partner Community Login License

Customer Community plus Login License

Q99. A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

Apex Exception Email

View Setup Audit Trail

Debug Logs

Q100. An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

Consumer key and consumer secret

Federation ID

User info endpoint URL

Apex registration handler

Q101. Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC? (Choose two.)

Configure Registration for Communities to use a custom Visualforce Page.

Configure Registration for Communities to use a custom Apex Controller.

Modify the CommunitiesSelfRegController to assign the Profile and Account.

Modify the SelfRegistration trigger to assign Profile and Account.

Q102. Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC’s security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

Require the use of Salesforce security tokens on passwords.

Enforce mutual authentication between systems using SSL.

Include Client Id and Client Secret in the login header callout.

Set up a proxy service for the login service in the DMZ.

Q103. After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

Require users to provide their RSA token along with their credentials.

Require users to supply their email and phone number, which gets validated.

Require users to enter a second password after the first Authentication

Require users to use a biometric reader as well as their password

Q104. A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend?
Choose 2 answers

Implement Auth.SamlJitHandler Interface.

Create and update methods.

Implement RegistrationHandler Interface.

Implement SesslonManagement Class.

Q105. An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.
Which Salesforce OAuth authorization flow should be used7

OAuth 2-0 SAML Bearer Assertion Flow

OAuth 2.0 JWT Bearer Flow

SAML Assertion Flow

OAuth 2.0 User-Agent Flow

Q106. Universal Containers (UC) would like to enable SAML-based SSO for a Salesforce Partner Community. UC has an existing LDAP identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the Partner Community.
What SSO flow should an Architect recommend?

IdP-Initiated

SP-Initiated

User-Agent

Web Server

Q107. A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa?
Choose 3 answers

username and password + SMS passcode

Username and password + secunty key

Third-party single sign-on with Mobile Authenticator app

Certificate-based Authentication

Lightning Login

Q108. Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

Users leaving laptops unattended and not logging out of Salesforce.

Users accessing Salesforce from a public Wi-Fi access point.

Users choosing passwords that are the same as their Facebook password.

Users creating simple-to-guess password reset questions.

Q109. Universal containers(UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally,UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

Refresh Tokens

Full

Web

API

Q110. Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

My Domain

External Identity

Identity Provider

Multi-Factor Authentication

Q111. Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.

Use custom login flows with callouts to a third-party fingerprint scanning application.

Q112. Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

Configure the Embedded Web Browser to use My Domain URL.

Configure the Salesforce1 App to use the MY Domain URL.

Use the existing SAML-SSO flow along with User Agent Flow.

Use the existing SAML SSO flow along with Web Server Flow.

Q113. A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

Use a connected app with user provisioning flow.

Create Canvas app in Salesforce for third-party app to provision users.

Redirect users to the third-party app for registration.

Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

Loading …