• Home
  • Articles
  • Get ready to pass the Identity-and-Access-Management-Designer Exam right now using our Salesforce Identity and Access Management Designer Exam Package [Q69-Q87]

Get ready to pass the Identity-and-Access-Management-Designer Exam right now using our Salesforce Identity and Access Management Designer Exam Package [Q69-Q87]

Share

 Get ready to pass the Identity-and-Access-Management-Designer Exam right now using our Salesforce Identity and Access Management Designer  Exam Package

A fully updated 2021 Identity-and-Access-Management-Designer Exam Dumps exam guide from training expert PassSureExam

NEW QUESTION 69
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  • A. Access Token
  • B. Refresh Token
  • C. Authentication Token
  • D. Session ID

Answer: A,C

 

NEW QUESTION 70
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers willutilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. UseSAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • B. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML toallow SSO.
  • C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • D. Use anightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

Answer: A

 

NEW QUESTION 71
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to the login address URL of the identity Provider.
  • B. Reference to the login address URL of the service provider.
  • C. Reference to a URL redirect parameter at the service provider.
  • D. Reference to a URL redirect parameter at the identity provider.

Answer: C

 

NEW QUESTION 72
Which three are features of federated Single sign-on solutions? Choose 3 Answers

  • A. It enables quick and easy provisioning and deactivating of users.
  • B. It establishes trust between Identity Store and Service Provider.
  • C. It solves all identity and access management problems.
  • D. It federates credentials control to authorized applications.
  • E. It improves affiliated applications adoption rates.

Answer: A,B,E

 

NEW QUESTION 73
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

  • A. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.
  • B. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
  • C. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
  • D. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.

Answer: D

 

NEW QUESTION 74
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  • B. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • D. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA

Answer: A

 

NEW QUESTION 75
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app. Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? Choose 2 answers

  • A. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • B. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesfore as the IdP
  • C. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
  • D. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.

Answer: B,C

 

NEW QUESTION 76
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers

  • A. The Identity Provider can authenticate multiple applications.
  • B. The Identity Provider can authenticate multiple social media accounts.
  • C. The Identity provider can store credentials for multiple applications.
  • D. The Identity Provider can centralize enterprise password policy.

Answer: A,D

 

NEW QUESTION 77
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?

  • A. SAML Identity Location
  • B. Issuer
  • C. Entity Id
  • D. Identity Provider Login URL

Answer: C

 

NEW QUESTION 78
Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

  • A. Configure the embedded Web browser to use my domain URL.
  • B. Use the existing SAML SSO flow along with user agent flow.
  • C. Use the existing SAML SSO flow along with Web server flow
  • D. Configure the salesforce1 app to use the my domain URL

Answer: B,D

 

NEW QUESTION 79
A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 JWT Bearer Token Flow
  • B. OAuth 2.0 SAML Bearer Assertion Flow
  • C. OAuth 2.0 Device Authentication Row
  • D. OAuth 2.0 Asset Token Flow

Answer: D

 

NEW QUESTION 80
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Twitter.
  • B. Configure a predefined authentication provider for Facebook.
  • C. Create a custom external authentication provider for Twitter.
  • D. Create a custom external authentication provider for Facebook.

Answer: A,B

 

NEW QUESTION 81
Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC? (Choose two.)

  • A. Configure Registration for Communities to use a custom Visualforce Page.
  • B. Configure Registration for Communities to use a custom Apex Controller.
  • C. Modify the SelfRegistration trigger to assign Profile and Account.
  • D. Modify the CommunitiesSelfRegController to assign the Profile and Account.

Answer: A,D

 

NEW QUESTION 82
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: "Failed: Not approved for access." What is the probable cause of this issue?

  • A. The Salesforce Administrators have revoked the OAuth authorization.
  • B. The Connected App setting "All users may self-authorize" is enabled.
  • C. The use of High Assurance sessions are required for the Connected App.
  • D. The users do NOT have the correct permission set assigned to them.

Answer: D

 

NEW QUESTION 83
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

  • A. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • B. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • C. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
  • D. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

Answer: A

 

NEW QUESTION 84
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

  • A. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
  • B. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
  • C. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  • D. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.

Answer: C

 

NEW QUESTION 85
Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

  • A. Delegated Authentication will not work with REST services.
  • B. Delegated Authentication will continue to work with a .Net service.
  • C. Delegated Authentication will continue to work with REST services.
  • D. Delegated Authentication will not work with a .Net service.

Answer: A,B

 

NEW QUESTION 86
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

  • A. Develop a schedule job that calls out to Facebook on a nightly basis.
  • B. Use information in the signed request that is received from Facebook.
  • C. Use SAML just-in-time provisioning between Facebook and Salesforce
  • D. Use the updateuser() method on the registration handler class.

Answer: D

 

NEW QUESTION 87
......

Master 2021 Latest The Questions Salesforce Identity and Access Management Designer and Pass Identity-and-Access-Management-Designer  Real Exam!: https://www.passsureexam.com/Identity-and-Access-Management-Designer-pass4sure-exam-dumps.html

Practice To Identity-and-Access-Management-Designer - PassSureExam Remarkable Practice On your Salesforce Certified Identity and Access Management Designer Exam: https://drive.google.com/open?id=1eUB_2V_eWtjznOodJ_xJhgJ8f17NJ1kp

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam