Latest Identity-and-Access-Management-Designer Actual Free Exam Questions Updated 229 Questions [Q78-Q97]

Rate this post

Latest Identity-and-Access-Management-Designer Actual Free Exam Questions Updated 229 Questions

Free Identity-and-Access-Management-Designer Exam Braindumps certification guide Q&A

NO.78 Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

Create a custom external authentication provider for Facebook.

Configure a predefined authentication provider for Facebook.

Create a custom external authentication provider for Twitter.

Configure a predefined authentication provider for Twitter.

NO.79 Universal Containers wants to set up SSO for a selected group of users to access external applications from Salesforce through App Launcher.
Which three steps must be completed in Salesforce to accomplish the goal? (Choose three.)

Associate User profiles with the Connected Apps.

Complete My Domain and Identity Provider setup.

Create Connected Apps for the external applications.

Complete Single Sign-on Settings in Security Controls.

Create Named Credentials for each external system.

NO.80 Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

Check the Refresh Token policy defined in the Salesforce Connected App.

Validate that the users are checking the box to remember their passwords.

Verify that the Callback URL is correctly pointing to the new URI Scheme.

Confirm that the access Token’s Time-To-Live policy has been set appropriately.

NO.81 A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing IdP.

Setup Salesforce as an IdP to authenticate against the LDAP directory.

Use Salesforce connect to synchronize LDAP passwords to Salesforce.

Setup Salesforce as an Authentication Provider to the existing IdP.

NO.82 An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.

Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.

Confirm performance considerations with Salesforce Customer Support due to high peaks.

NO.83 Which three types of attacks would a 2-Factor Authentication solution help garden against?

Key logging attacks

Network perimeter attacks

Phishing attacks

Dictionary attacks

Man-in-the-middle attacks

NO.84 Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn’t require storing credentials, client secret or refresh tokens?

Web Server flow

JWT Bearer Token flow

Username-Password flow

User Agent flow

NO.85 Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

Delegated Authentication will continue to work with REST services.

Delegated Authentication will continue to work with a .Net service.

Delegated Authentication will not work with REST services.

Delegated Authentication will not work with a .Net service.

NO.86 Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

OAuth Refresh Token FLow

OAuth Username-Password Flow

OAuth SAML Bearer Assertion FLow

OAuth JWT Bearer Token FLow

NO.87 Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

JWT Bearer Token Flow

Web Server Authentication Flow

User Agent Flow

Username and Password Flow

NO.88 Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?

SAML Metadata file importer

Identity Provider Metadata download

Connected App Manager

Security Assertion Markup Language Validator

NO.89 The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

NO.90 Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

Implement 2FA authentication for the Salesforce org.

Set trusted IP ranges for the organization.

Implement an single sign-on for Salesforce using an external identity provider.

Implement multi-factor authentication for the Salesforce org.

NO.91 The security team at Universal Containers has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other uses of Salesforce, users should be allowed to use AD credentials or Salesforce credentials.
What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically add or remove a Permission Set that grants the Export Reports permission.

Use SAML Federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

Use SAML Federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports permission.

Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.

NO.92 A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

OAuth 2.0 JWT Bearer How

OAuth 2.0 Device Flow

OAuth 2.0 User-Agent Flow

OAuth 2.0 Asset Token Flow

NO.93 Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking’

Web Server OAuth SSO flow

Service-Provider-Initiated SSO

Identity-Provider-initiated SSO

StartURL on Identity Provider

NO.94 Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.
Which two recommendations should an identity architect make to fulfill this requirement?
Choose 2 answers

Add customers as contacts and add them to Experience Cloud site.

Enable Welcome emails while configuring the Experience Cloud site.

Allow Password reset using the API to update Experience Cloud site membership.

Use Login Flows to allow users to reset password in Experience Cloud site.

NO.95 Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

As part of the body of a Salesforce Knowledge article.

In the mobile navigation menu on Salesforce for Android.

The sidebar of a Salesforce Console as a console component.

Included in the Call Control Tool that’s part of Open CTI.

NO.96 Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

Federation ID

Salesforce User ID

User Full Name

User Email Address

Salesforce Username

NO.97 The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

Web server

Jwt bearer token

User-Agent

Username-password