Assume Salesforce Identity-and-Access-Management-Designer Dumps PDF Are going to be The Best Score [Q140-Q159]

Assume Salesforce Identity-and-Access-Management-Designer Dumps PDF Are going to be The Best Score

Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam and Certification Test Engine

Achieving the Salesforce Certified Identity-and-Access-Management-Designer certification can help you advance your career and open up new job opportunities. This certification demonstrates your expertise in designing and implementing identity and access management solutions using the Salesforce platform, which is highly valued by employers in industries such as finance, healthcare, and government.

 

NEW QUESTION # 140
Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.
Which Salesforce license is required to fulfill this requirement?

• A. Identity Only
• B. Identity Verification
• C. Identity Connect
• D. External Identity

Answer: A

NEW QUESTION # 141
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

• A. full
• B. Web
• C. Refresh token
• D. API

Answer: C,D

NEW QUESTION # 142
A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers

• A. Apex coding skills are needed for registration handler to create and update users.
• B. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
• C. Use declarative registration handler process builder/flow to create, update users and contacts.
• D. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.

Answer: A,B

NEW QUESTION # 143
In a typical SSL setup involving a trusted party and a trusting party, what consideration should an Architect take into account when using digital certificates?

• A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
• B. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
• C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
• D. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA.

Answer: B

NEW QUESTION # 144
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360?
Choose 2 answers

• A. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications.
• B. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences.
• C. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: A,B

NEW QUESTION # 145
Universal containers (UC) would like to enable self - registration for their salesforce partner community users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

• A. Modify the selfregistration trigger to assign profile and account.
• B. Configure registration for communities to use a custom apex controller.
• C. Modify the communitiesselfregcontroller to assign the profile and account.
• D. Configure registration for communities to use a custom visualforce page.

Answer: C,D

NEW QUESTION # 146
The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)

• A. Web Server
• B. Username-Password
• C. User-Agent
• D. JWT Bearer Token

Answer: A,C

NEW QUESTION # 147
Which two considerations should be made when implementing Delegated Authentication?
Choose 2 answers

• A. The authentication web service can include custom attributes.
• B. Salesforce servers receive but do not validate a user's credentials.
• C. Just-in-time Provisioning can be configured for new users.
• D. It requires trusted IP ranges at the User Profile level.
• E. It can be used to authenticate API clients and mobile apps.

Answer: C,E

NEW QUESTION # 148
Universal Containers (UC) would like to enable SAML based SSO for a Salesforce Partner Community. UC has an existing LDAP identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an Architect recommend?

• A. User- Agent.
• B. Idp-Initiated.
• C. Web Server.
• D. SP-Initiated.

Answer: D

NEW QUESTION # 149
Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

• A. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.
• B. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.
• C. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.
• D. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."

Answer: A

NEW QUESTION # 150
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google.
UC is also leveraging the App Launcher to let customers access an off-platform application for generating shipping labels. The label generator application uses OAuth to provide users access.
What license type should an Architect recommend for the customers?

• A. Customer Community Plus license
• B. Customer Community license
• C. Identity license
• D. External Identity license

Answer: C

NEW QUESTION # 151
Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

• A. Configure the custom employee app as a connected app.
• B. Configure AWS as an OpenID Connect Provider.
• C. Develop a custom Auth server in AWS.
• D. Create a custom external authentication provider.

Answer: B

NEW QUESTION # 152
Universal containers (UC) has decided to use salesforce as an identity provider for multiple external applications. UC wants to use the salesforce app launcher to control the apps that are available to individual users. Which three steps are required to make this happen?

• A. Set up identity connect to synchronize user data.
• B. Set up salesforce as a SAML IDP with my domain.
• C. Create a connected App for each external application.
• D. Add each connected App to the app launcher with a start URL
• E. Set up an Auth provider for each external application.

Answer: B,C,D

NEW QUESTION # 153
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

• A. Set up a proxy server for the login service in the DMZ.
• B. Require the use of Salesforce security Tokens on password.
• C. Include client ID and client secret in the login header callout.
• D. Enforce mutual Authentication between systems using SSL.

Answer: B

NEW QUESTION # 154
Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

• A. The Federation ID must is case sensitive
• B. The Federation ID must be in the form of an email address.
• C. The Federation ID must be a valid Salesforce Username
• D. The Federation ID must be populated on the user record.

Answer: A,D

NEW QUESTION # 155
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licenses across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process.
Which two recommendations should the Architect make to address the complaints? (Choose two.)

• A. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
• B. Implement Delegated Authentication from each org to the LDAP provider.
• C. Activate My Domain to brand each org to the specific business use case.
• D. Implement SP-Initiated Single Sign-on flows to allow deep linking.

Answer: C,D

NEW QUESTION # 156
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

• A. Identity Provider, because the API calls are authenticated by Salesforce.
• B. An independent system, because Salesforce is not part of the SSO setup.
• C. Connected App, because Salesforce is connected with Employee portal via API.
• D. Service Provider, because Salesforce is the application for managing ideas.

Answer: B

NEW QUESTION # 157
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

• A. Login History
• B. Login Forensics
• C. Login Inspector
• D. Login Report

Answer: B

NEW QUESTION # 158
Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third-party employee portal only supports OAuth.
What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

• A. Add the third-party portal as a connected app.
• B. Configure SSO to use the third party portal as an identity provider.
• C. Configure Salesforce for Delegated Authentication.
• D. Create a custom external authentication provider.

Answer: B

NEW QUESTION # 159
......

Use Identity-and-Access-Management-Designer Exam Dumps (2023 PDF Dumps) To Have Reliable Identity-and-Access-Management-Designer Test Engine: https://www.practicedump.com/Identity-and-Access-Management-Designer_actualtests.html

Identity-and-Access-Management-Designer PDF Recently Updated Questions Dumps to Improve Exam Score: https://drive.google.com/open?id=1aUtBZvOynEahH636LkVJwL7c6RNcH6Rb