[Sep-2022] 100% Actual Identity-and-Access-Management-Designer dumps Q&As with Explanations Verified & Correct Answers [Q14-Q39]

[Sep-2022] 100% Actual Identity-and-Access-Management-Designer dumps Q&As with Explanations Verified & Correct Answers

Identity-and-Access-Management-Designer Dumps with Free 365 Days Update Fast Exam Updates

NEW QUESTION 14
Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC? (Choose two.)

• A. Configure Registration for Communities to use a custom Apex Controller.
• B. Modify the SelfRegistration trigger to assign Profile and Account.
• C. Modify the CommunitiesSelfRegController to assign the Profile and Account.
• D. Configure Registration for Communities to use a custom Visualforce Page.

Answer: C,D

 

NEW QUESTION 15
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

• A. Use the updateUser method on the registration Handler Class.
• B. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
• C. Develop a scheduled job that calls out to Facebook on a nightly basis.
• D. Use information in the signed Request that is received from facebook.

Answer: A

 

NEW QUESTION 16
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

• A. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
• B. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
• C. Use a self-signed certificate for salesforce and a self-signed cert for the external system
• D. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system

Answer: B,C

 

NEW QUESTION 17
Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

• A. Once SSO is enabled, users are only able to login using Salesforce credentials.
• B. Request Salesforce Support to enable delegated authentication.
• C. Enable My Domain and select "Prevent login from https://login.salesforce.com".
• D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.

Answer: C,D

 

NEW QUESTION 18
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

• A. The "Redirect to identity provider" option has not been selected the SAML configuration.
• B. The user has not configured the salesforce1 mobile app to use my domain for login
• C. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
• D. The user has notbeen granted the "Enable single Sign-on" permission

Answer: B

 

NEW QUESTION 19
Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

• A. Multi-Factor Authentication
• B. My Domain
• C. External Identity
• D. Identity Provider

Answer: B

 

NEW QUESTION 20
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

• A. Require users to enter a second password after the first Authentication
• B. Require users to use a biometric reader as well as their password
• C. Require users to provide their RSA token along with their credentials.
• D. Require users to supply their email and phone number, which gets validated.

Answer: B,C

 

NEW QUESTION 21
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360?
Choose 2 answers

• A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• B. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.
• C. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
• D. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.

Answer: C,D

 

NEW QUESTION 22
Universal Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates.
Which two OAuth flows should be considered to meet the requirement? (Choose two.)

• A. Refresh Token flow
• B. SAML Bearer Assertion flow
• C. Web Server flow
• D. JWT Bearer Token flow

Answer: B,D

 

NEW QUESTION 23
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

• A. RedirectURL
• B. RelayState
• C. StartURL
• D. DisplayState

Answer: B

 

NEW QUESTION 24
Universal Containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use Salesforce Ideas and provide the ability for employees to post ideas from the company portal. They use SAML-based SSO to get into the Company portal and would like to leverage it to access Salesforce. Most of the users don't exist in Salesforce and they would like the user records created in Salesforce Communities the first time they try to access Salesforce.
What recommendation should an Architect make to meet this requirement?

• A. Use Just-in-Time provisioning.
• B. Use On-the-Fly provisioning.
• C. Use Identity Connect to sync users.
• D. Use Salesforce APIs to create users on the fly.

Answer: A

 

NEW QUESTION 25
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

• A. Debug Logs
• B. View Setup Audit Trail
• C. Login History
• D. Apex Exception Email

Answer: C

 

NEW QUESTION 26
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

• A. The Identity Provider is also used to SSO into five other applications.
• B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
• C. The default language for the Identity Provider and Salesforce are Different.
• D. The Issuer Certificate from the Identity Provider expired two weeks ago.

Answer: B,D

 

NEW QUESTION 27
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

• A. Set up a proxy service for the login service in the DMZ.
• B. Enforce mutual authentication between systems using SSL.
• C. Require the use of Salesforce security tokens on passwords.
• D. Include Client Id and Client Secret in the login header callout.

Answer: C

 

NEW QUESTION 28
Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.
At a minimum, which Salesforce license is required to support this requirement?

• A. Identity Connect
• B. Identity Verification
• C. Identity Only
• D. External Identity

Answer: C

 

NEW QUESTION 29
Universal containers (UC) has implemented SAML -based single Sign-on for their salesforce application. UC is using pingfederate as the Identity provider. To access salesforce, Users usually navigate to a bookmarked link to my domain URL. What type of single Sign-on is this?

• A. Sp-Initiated
• B. IDP-initiated
• C. IDP-initiated with deep linking
• D. Web server flow.

Answer: A

 

NEW QUESTION 30
Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

• A. SP-Initiated
• B. IdP-Initiated
• C. User-Agent
• D. SP-Initiated with Deep Linking

Answer: B

 

NEW QUESTION 31
The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.
The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.
Which two solutions should the IAM specialist recommend?
Choose 2 answers

• A. Login & Registration pages can be branded in the Community Administration settings.
• B. Build custom site pages for reset and forgot password features.
• C. Build custom pages for branding requirements in Experience Cloud.
• D. Use Experience Builder to build branded Reset and Forgot Password pages.

Answer: A,D

 

NEW QUESTION 32
Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

• A. Add the employee portals IP address to the login IP range on the user profile.
• B. Use a digital certificate signed by the employee portal Server.
• C. Use a dedicated profile for the user the Employee portal uses.
• D. Add the Employee portals IP address to the Trusted IP range for the connected App

Answer: D

 

NEW QUESTION 33
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

• A. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
• B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
• C. Salesforce Org1 and PingFederate are acting as Identity Providers.
• D. Financial System and CPQ System are the only Service Providers.

Answer: C

 

NEW QUESTION 34
Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

• A. A Salesforce Identity can be included but NTO will require Identity Connect.
• B. Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
• C. Salesforce Identity is not needed since NTO uses Microsoft AD.
• D. Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.

Answer: A

 

NEW QUESTION 35
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

• A. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
• B. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
• C. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
• D. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.

Answer: A

 

NEW QUESTION 36
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

• A. Run registration handler on incoming OAuth responses.
• B. Call SOAP API upsertQ on user object.
• C. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
• D. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Answer: A

 

NEW QUESTION 37
An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.
Which two reasons are the source of the issue?
Choose 2 answers
StartURL for the connected app is not set in Connected App settings.

• A. OAuth scope does not include "openid*.
• B. The connected app is not set in the App menu as 'Visible in App Launcher".
• C. Session Policy is set as 'High Assurance Session required' for this connected app.

Answer: A,B

 

NEW QUESTION 38
The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• B. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.

Answer: C

 

NEW QUESTION 39
......

How to study the Identity-and-Access-Management-Designer Exam

There are two main types of resources for preparation of certification exams first there are the study guides and the books that are detailed and suitable for building knowledge from ground up then there are video tutorial and lectures that can somehow ease the pain of through study and are comparatively less boring for some candidates yet these demand time and concentration from the learner. Smart Candidates who want to build a solid foundation in all exam topics and related technologies usually combine video lectures with study guides to reap the benefits of both but there is one crucial preparation tool as often overlooked by most candidates the practice exams. Practice exams are built to make students comfortable with the real exam environment. Statistics have shown that most students fail not due to that preparation but due to exam anxiety the fear of the unknown. DumpsFree expert team recommends you to prepare some notes on these topics along with it don't forget to practice Salesforce Identity-and-Access-Management-Designer exam dumps which been written by our expert team, Both these will help you a lot to clear this exam with good marks.

 

Verified Identity-and-Access-Management-Designer dumps Q&As - 2022 Latest Identity-and-Access-Management-Designer Download: https://www.dumpsfree.com/Identity-and-Access-Management-Designer-valid-exam.html

Dumps Questions [2022] Pass for Identity-and-Access-Management-Designer Exam: https://drive.google.com/open?id=1uVyaJ3_pmW20jI5rCVA0_4aSoPxQ3S2F