• Home
  • Articles
  • New 2021 Guaranteed Success with PracticeDump Identity-and-Access-Management-Designer Dumps Salesforce PDF Questions [Q23-Q44]

New 2021 Guaranteed Success with PracticeDump Identity-and-Access-Management-Designer Dumps Salesforce PDF Questions [Q23-Q44]

Share

New 2021 Guaranteed Success with PracticeDump Identity-and-Access-Management-Designer Dumps Salesforce PDF Questions

Exceptional Practice To Salesforce Certified Identity and Access Management Designer Pass the First Time

NEW QUESTION 23
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Google is the identity provider
  • B. Google is the service provider
  • C. Salesforce is the service provider
  • D. Salesforce is the identity provider

Answer: C

 

NEW QUESTION 24
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  • A. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
  • B. Use a connected app with user provisioning flow.
  • C. Create Canvas app in Salesforce for third-party app to provision users.
  • D. Redirect users to the third-party app for registration.

Answer: B

 

NEW QUESTION 25
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?

  • A. Sp-Initiated SSO will not work
  • B. Neithersp - nor IDP - initiated SSO will work
  • C. Either sp - or IDP - initiated SSO will work
  • D. IDP - initiated SSO will not work

Answer: A

 

NEW QUESTION 26
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

  • A. The "Redirect to identity provider" option has not been selected the SAML configuration.
  • B. The user has not configured the salesforce1 mobile app to use my domain for login
  • C. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
  • D. The user has not been granted the "Enable single Sign-on" permission

Answer: B

 

NEW QUESTION 27
A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

  • A. Setup Salesforce as an IdP to authenticate against the LDAP directory.
  • B. Setup Salesforce as an Authentication Provider to the existing IdP.
  • C. Use Salesforce connect to synchronize LDAP passwords to Salesforce.
  • D. Setup Salesforce as a Service Provider to the existing IdP.

Answer: D

 

NEW QUESTION 28
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
  • B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • C. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.

Answer: D

 

NEW QUESTION 29
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

  • A. Develop a schedule job that calls out to Facebook on a nightly basis.
  • B. Use information in the signed request that is received from Facebook.
  • C. Use SAML just-in-time provisioning between Facebook and Salesforce
  • D. Use the updateuser() method on the registration handler class.

Answer: D

 

NEW QUESTION 30
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

  • A. Configure Amazon as a connected app.
  • B. Create a custom external authentication provider for Amazon.
  • C. Configure an OpenID Connect Authentication Provider for Amazon.
  • D. Configure a predefined authentication provider for Amazon.

Answer: C

 

NEW QUESTION 31
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

  • A. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
  • B. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
  • C. Select "Enable as a Canvas Personal App" in the connected app settings.
  • D. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.

Answer: B,D

 

NEW QUESTION 32
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

  • A. Add a new identity provider to authenticate and authorize mobile users.
  • B. Use a custom attribute on the user object to control access to the mobile app
  • C. Use connected apps Oauth policies to restrict mobile app access to authorized users.
  • D. Use the permission set license to assign the mobile app permission to sales users

Answer: A

 

NEW QUESTION 33
Universal Containers (UC) has decided to build a new, highly sensitive application on the Force.com platform.
The security team at UC has decided that they want users to provide a fingerprint in addition to username/password to authenticate to this application. How can an Architect support fingerprints as a form of identification for Salesforce authentication?

  • A. Use Salesforce Two-factor authentication with callouts to a third-party fingerprint scanning application.
  • B. Use an AppExchange product that does fingerprint scanning with native Salesforce Identity Confirmation.
  • C. Use delegated Authentication with callouts to a third-party fingerprint scanning application.
  • D. Use custom login flows with callouts to a third-party fingerprint scanning application.

Answer: B

 

NEW QUESTION 34
Which two considerations should be made when implementing Delegated Authentication?
Choose 2 answers

  • A. Salesforce servers receive but do not validate a user's credentials.
  • B. The authentication web service can include custom attributes.
  • C. It can be used to authenticate API clients and mobile apps.
  • D. It requires trusted IP ranges at the User Profile level.
  • E. Just-in-time Provisioning can be configured for new users.

Answer: C,E

 

NEW QUESTION 35
Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

  • A. SP-Initiated with Deep Linking
  • B. IdP-Initiated
  • C. SP-Initiated
  • D. User-Agent

Answer: B

 

NEW QUESTION 36
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?

  • A. Create a Connected App that supports the User-Agent OAuth Flow.
  • B. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
  • C. Create a Connected App that supports the Refresh Token OAuth Flow.
  • D. Create a Connected App that supports the Web Server OAuth Flow.

Answer: B

 

NEW QUESTION 37
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. Neither SP- nor IdP-initiated SSO will work.
  • B. IdP-initiated SSO will not work.
  • C. SP-initiated SSO will not work.
  • D. Either SP- or IdP-initiated SSO will work.

Answer: A

 

NEW QUESTION 38
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

  • A. Run registration handler on incoming OAuth responses.
  • B. Call SOAP API upsertQ on user object.
  • C. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
  • D. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

Answer: A

 

NEW QUESTION 39
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to provide their RSA token along with their credentials.
  • B. Require users to use a biometric reader as well as their password
  • C. Require users to enter a second password after the first Authentication
  • D. Require users to supply their email and phone number, which gets validated.

Answer: B,D

 

NEW QUESTION 40
The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)

  • A. JWT Bearer Token
  • B. User-Agent
  • C. Username-Password
  • D. Web Server

Answer: B,D

 

NEW QUESTION 41
Universal Containers has built a custom token-based Two-Factor Authentication system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-Factor login process for it, as well.
What is the recommended solution an Architect should consider?

  • A. Replace the custom 2FA system with an AppExchange App that supports on-premise applications and Salesforce.
  • B. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
  • C. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
  • D. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

Answer: D

 

NEW QUESTION 42
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers

  • A. Scopes
  • B. Refresh Token
  • C. Verification Code
  • D. Authorization Code
  • E. Client ID

Answer: A,B,E

 

NEW QUESTION 43
Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

  • A. Salesforce is the service provider and Google is the identity provider
  • B. Facebook is the service provider and salesforce is the identity provider
  • C. Google is the service provider and Facebook is the identity provider
  • D. Salesforce is the service provider and Facebook is the identity provider

Answer: A,D

 

NEW QUESTION 44
......

Identity-and-Access-Management-Designer EXAM DUMPS WITH GUARANTEED SUCCESS: https://www.practicedump.com/Identity-and-Access-Management-Designer_actualtests.html

Best Quality Salesforce Identity-and-Access-Management-Designer Exam Questions: https://drive.google.com/open?id=1aUtBZvOynEahH636LkVJwL7c6RNcH6Rb

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.