• Home
  • Articles
  • Salesforce Identity-and-Access-Management-Designer Exam Info and Free Practice Test PracticeDump [Q100-Q125]

Salesforce Identity-and-Access-Management-Designer Exam Info and Free Practice Test PracticeDump [Q100-Q125]

Share

Salesforce Identity-and-Access-Management-Designer Exam Info and Free Practice Test | PracticeDump

Pass Salesforce Identity-and-Access-Management-Designer Premium Files Test Engine pdf - Free Dumps Collection

NEW QUESTION 100
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

  • A. Create an apex scheduled job in one org that will synchronize the other orgs profile.
  • B. Implement Delegated Authentication that will update the user profiles as necessary.
  • C. Implement an Oauthjwt flow to pass the profile credentials between systems.
  • D. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.

Answer: D

 

NEW QUESTION 101
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?

  • A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • B. Develop a scheduled job that calls out to Facebook on a nightly basis.
  • C. Use information in the signed Request that is received from facebook.
  • D. Use the updateUser method on the registration Handler Class.

Answer: D

 

NEW QUESTION 102
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

  • A. Callback_uri
  • B. Redirect_uri
  • C. State
  • D. Scope

Answer: B

 

NEW QUESTION 103
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

  • A. Remove existing restrictions on IP ranges for all types of user access.
  • B. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
  • C. Use Login Flow to bypass IP range restriction for the mobile app.
  • D. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.

Answer: B,D

 

NEW QUESTION 104
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

  • A. Delegated Authentication is enabled or disabled for the entire Salesforce org.
  • B. Salesforce users will be locked out of Salesforce if the web service goes down.
  • C. UC will be required to develop and support a custom SOAP web service.
  • D. The web service must reside on a public cloud service, such as Heroku.

Answer: A,D

 

NEW QUESTION 105
Universal Containers is setting up their Customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default Account record.
What will happen when customers self-register in the Community?

  • A. The self-registration page will create a new Account record.
  • B. The self-registration process will create a Person Account record.
  • C. The self-registration page will ask users to select an Account.
  • D. The self-registration process will produce an error to the user.

Answer: D

 

NEW QUESTION 106
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  • A. In the mobile navigation menu on Salesforce for Android.
  • B. As part of the body of a Salesforce Knowledge article.
  • C. The sidebar of a Salesforce Console as a console component.
  • D. Included in the Call Control Tool that's part of Open CTI.

Answer: B,C

 

NEW QUESTION 107
Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.
Which three steps should an identity architect take to implement social sign-on?
Choose 3 answers

  • A. Create authentication providers for both Facebook and Linkedln.
  • B. Register both Facebook and Linkedln as connected apps.
  • C. Enable "Federated Single Sign-On Using SAML".
  • D. Update the default registration handlers to create and update users.
  • E. Check "Facebook" and "Linkedln" under Login Page Setup.

Answer: A,D,E

 

NEW QUESTION 108
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers. What SAML SSO setting in Salesforce provides this capability?

  • A. Identity Provider Login URL.
  • B. SAML Identity Location.
  • C. Entity Id
  • D. Issuer.

Answer: B

 

NEW QUESTION 109
A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation In the community.
Which should be used to satisfy this requirement?

  • A. OAuth Device Plow
  • B. Login Flows
  • C. Named Credentials
  • D. Single Sign-On Settings

Answer: A

 

NEW QUESTION 110
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

  • A. OAuth Username-Password Flow
  • B. OAuth SAML Bearer Assertion FLow
  • C. OAuth Refresh Token FLow
  • D. OAuth JWT Bearer Token FLow

Answer: A,D

 

NEW QUESTION 111
A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.
Which two considerations should the architect keep in mind?
Choose 2 answers

  • A. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.
  • B. AMR field shows the authentication methods used at IdP.
  • C. Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
  • D. High-assurance sessions must be configured under Session Security Level Policies.

Answer: A,B

 

NEW QUESTION 112
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. SMS verification Credits
  • B. External Identity Licenses
  • C. Identity Connect Licenses
  • D. Email Verification Credits

Answer: A,B

 

NEW QUESTION 113
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • C. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • D. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.

Answer: A,C

 

NEW QUESTION 114
The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)

  • A. Username-Password
  • B. User-Agent
  • C. JWT Bearer Token
  • D. Web Server

Answer: B,D

 

NEW QUESTION 115
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: "Failed: Not approved for access." What is the probable cause of this issue?

  • A. The Connected App setting "All users may self-authorize" is enabled.
  • B. The Salesforce Administrators have revoked the OAuth authorization.
  • C. The use of High Assurance sessions are required for the Connected App.
  • D. The users do NOT have the correct permission set assigned to them.

Answer: D

 

NEW QUESTION 116
Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

  • A. Identity Provider (IdP)
  • B. Service Provider (SP)
  • C. Resource Server
  • D. Client Application

Answer: B

 

NEW QUESTION 117
Which two statements are capable of Identity Connect? Choose 2 answers

  • A. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
  • B. Support multiple orgs connecting to multiple Active Directory servers.
  • C. Automated user synchronization and de-activation.
  • D. Synchronization of Salesforce Permission Set Licence Assignments.

Answer: A,C

 

NEW QUESTION 118
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • C. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • D. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.

Answer: A,C

 

NEW QUESTION 119
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

  • A. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
  • B. Salesforce Org1 and PingFederate are acting as Identity Providers.
  • C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
  • D. Financial System and CPQ System are the only Service Providers.

Answer: B

 

NEW QUESTION 120
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app. Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? Choose 2 answers

  • A. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • B. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesfore as the IdP
  • C. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.
  • D. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

Answer: B,D

 

NEW QUESTION 121
Which three types of attacks would a 2-Factor Authentication solution help garden against?

  • A. Man-in-the-middle attacks
  • B. Phishing attacks
  • C. Key logging attacks
  • D. Network perimeter attacks
  • E. Dictionary attacks

Answer: C,D,E

 

NEW QUESTION 122
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

  • A. The web service can be written using either the soap or rest protocol.
  • B. UC should whitelist all salesforce ip ranges on their corporate firewall.
  • C. The web service needs to include Source IP as a method parameter.
  • D. Delegated Authentication is enabled for the system administrator profile.
  • E. The return type of the Web service method should be a Boolean value

Answer: B,C,E

 

NEW QUESTION 123
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. full
  • B. Refresh token
  • C. Web
  • D. API

Answer: B,D

 

NEW QUESTION 124
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. JWT Bearer Token Flow
  • B. Web Server Flow
  • C. User Agent Flow
  • D. OpenID Connect

Answer: B

 

NEW QUESTION 125
......

Updated Official licence for Identity-and-Access-Management-Designer Certified by Identity-and-Access-Management-Designer Dumps PDF: https://www.practicedump.com/Identity-and-Access-Management-Designer_actualtests.html

New 2022 Realistic Identity-and-Access-Management-Designer Dumps Test Engine Exam Questions in here: https://drive.google.com/open?id=1TnpNXo1g8W_itx4ArhWby1_9i-zRWZKK

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 PracticeDump. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimers:
PracticeDump material do not contain actual Business Architecture Guild Exam Questions or materials.
SAP, Microsoft, Google, Amazon, Certiport, Qualtrics are Registered Trade Mark.
PracticeDump website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon.
PracticeDump offers only Probable Questions and Answers. PracticeDump offer learning materials and practice tests created by subject matter experts to assist and help learner prepare for those exams.
All Certification Brands used on the website are owned by the respective brand owners. PracticeDump does not own or claim any ownership on any of the brands. The site www.practicedump.com is in no way affiliated with SAP SE.