Identity-and-Access-Management-Designer | Top Tips Of Updated Identity-and-Access-Management-Designer Free Practice Exam

NEW QUESTION 1
Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

• A. Identity Licence.
• B. Salesforce Licence.
• C. External Identity Licence.
• D. Salesforce Platform Licence.

Answer: D

NEW QUESTION 2
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'

• A. Web Server OAuth SSO flow
• B. Service-Provider-Initiated SSO
• C. Identity-Provider-initiated SSO
• D. StartURL on Identity Provider

Answer: B

NEW QUESTION 3
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors? Choose 2 answers

• A. The subject element is missing from the assertion sent to salesforce.
• B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
• C. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
• D. The assertion sent to 5alesforce contains an assertion ID previously used.

Answer: AD

NEW QUESTION 4
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

• A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
• B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
• C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
• D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Answer: B

NEW QUESTION 5
Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.
Which Salesforce license is required to fulfill this requirement?

• A. External Identity
• B. Identity Verification
• C. Identity Connect
• D. Identity Only

Answer: D

NEW QUESTION 6
A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

• A. Setup Salesforce as a Service Provider to the existing IdP.
• B. Setup Salesforce as an IdP to authenticate against the LDAP directory.
• C. Use Salesforce connect to synchronize LDAP passwords to Salesforce.
• D. Setup Salesforce as an Authentication Provider to the existing IdP.

Answer: A

NEW QUESTION 7
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

• A. Configure an authentication provider and a registration handler for each social sign-on provider.
• B. Configure a single sign-on setting and a registration handler for each social sign-on provider.
• C. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
• D. Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Answer: A

NEW QUESTION 8
Which two statements are capable of Identity Connect? Choose 2 answers

• A. Synchronization of Salesforce Permission Set Licence Assignments.
• B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
• C. Support multiple orgs connecting to multiple Active Directory servers.
• D. Automated user synchronization and de-activation.

Answer: BD

NEW QUESTION 9
Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?

• A. OpenID Connect Web Server Flo
• B. Determine if the service provider is secure enough to store the client secret on.
• C. Embedded Logi
• D. Identify what level of UI customization will be required to make it match the service providers look and feel.
• E. Salesforce REST api
• F. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
• G. Embedded Logi
• H. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.

Answer: C

NEW QUESTION 10
What item should an Architect consider when designing a Delegated Authentication implementation?

• A. The Web service should be secured with TLS using Salesforce trusted certificates.
• B. The Web service should be able to accept one to four input method parameters.
• C. The web service should use the Salesforce Federation ID to identify the user.
• D. The Web service should implement a custom password decryption method.

Answer: A

NEW QUESTION 11
What are three capabilities of Delegated Authentication? Choose 3 answers

• A. It can be assigned by Custom Permissions.
• B. It can connect to SOAP services.
• C. It can be assigned by Permission Sets.
• D. It can be assigned by Profiles.
• E. It can connect to REST services.

Answer: BCE

NEW QUESTION 12
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

• A. The Connected App settings "All users may self-authorize" is enabled.
• B. The Salesforce Administrators have revoked the OAuth authorization.
• C. The Users do not have the correct permission set assigned to them.
• D. The User of High Assurance sessions are required for the Connected App.

Answer: C

NEW QUESTION 13
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

• A. The Identity Provider can authenticate multiple applications.
• B. The Identity Provider can authenticate multiple social media accounts.
• C. The Identity provider can store credentials for multiple applications.
• D. The Identity Provider can centralize enterprise password policy.

Answer: AD

NEW QUESTION 14
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

• A. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
• B. The user has not configured the salesforce1 mobile app to use my domain for login
• C. The "Redirect to identity provider" option has not been selected the SAML configuration.
• D. The user has not been granted the "Enable single Sign-on" permission

Answer: B

NEW QUESTION 15
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

• A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
• B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
• C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.
• D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

Answer: B

NEW QUESTION 16
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

• A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
• B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
• C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
• D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce

Answer: B

NEW QUESTION 17
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers

• A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization anunderstanding of the user's login activity across all its digital properties and applications.
• C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity,even if it spans multiple corporate brands and user experiences.
• D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: BC

NEW QUESTION 18
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

• A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revokedImmediately.
• B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existingSalesforce users in First-in, First-out (FIFO) fashion.
• C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platformout-of-the-box.
• D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce,thus providing SSO as a default feature.

Answer: A

NEW QUESTION 19
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

• A. Create only a contact.
• B. Create a contactless user.
• C. Create a user and a related contact.
• D. Create a person account.

Answer: C

NEW QUESTION 20
......