[Sep-2023] Use Real Identity-and-Access-Management-Designer Dumps - 100% Free Identity-and-Access-Management-Designer Exam Dumps [Q109-Q124]

[Sep-2023] Use Real Identity-and-Access-Management-Designer Dumps - 100% Free Identity-and-Access-Management-Designer Exam Dumps

Identity-and-Access-Management-Designer PDF Dumps Exam Questions – Valid Identity-and-Access-Management-Designer Dumps

Salesforce Identity-and-Access-Management-Designer Exam is a challenging certification exam that requires a solid understanding of Salesforce’s security model and best practices. However, passing the exam and earning the certification can help professionals advance their careers and demonstrate their expertise in identity and access management solutions using Salesforce.

 

NEW QUESTION # 109
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

• A. Configure Delegated Authentication.
• B. Configure SAML SSO settings.
• C. Set up My Domain.
• D. Create a Connected App.

Answer: B,C

NEW QUESTION # 110
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

• A. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
• B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.
• C. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
• D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.

Answer: C

NEW QUESTION # 111
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?

• A. Enable Single Logout with a secure logout URL.
• B. Use a HTTP POST to make a call to the revoke token endpoint.
• C. Use a HTTP POST to request the refresh token for the current user.
• D. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.

Answer: B

NEW QUESTION # 112
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• C. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• D. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: C

NEW QUESTION # 113
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

• A. Verify that the Callback URL is correctly pointing to the new URI Scheme.
• B. Validate that the users are checking the box to remember their passwords.
• C. Confirm that the access Token's Time-To-Live policy has been set appropriately.
• D. Check the Refresh Token policy defined in the Salesforce Connected App.

Answer: D

NEW QUESTION # 114
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

• A. Create a custom external authentication provider for Facebook.
• B. Configure a predefined authentication provider for Facebook.
• C. Create a custom external authentication provider for Twitter.
• D. Configure a predefined authentication provider for Twitter.

Answer: B,D

NEW QUESTION # 115
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

• A. Implement the Openid protocol and configure an Authentication provider
• B. Build a custom web page that uses the identity store and calls frontdoor.jsp
• C. Build a custom Web service that is supported by Delegated Authentication.
• D. Use a professional social media such as LinkedIn as an Authentication provider

Answer: A,C

NEW QUESTION # 116
Which three types of attacks would a 2-Factor Authentication solution help garden against?

• A. Dictionary attacks
• B. Network perimeter attacks
• C. Man-in-the-middle attacks
• D. Phishing attacks
• E. Key logging attacks

Answer: A,B,E

NEW QUESTION # 117
Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

• A. SP-Initiated with Deep Linking
• B. SP-Initiated
• C. User-Agent
• D. IdP-Initiated

Answer: D

NEW QUESTION # 118
An administrator created a connected app for a custom wet) application in Salesforce which needs to be visible as a tile in App Launcher The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue.
Which two reasons are the source of the issue?
Choose 2 answers
StartURL for the connected app is not set in Connected App settings.

• A. OAuth scope does not include "openid*.
• B. Session Policy is set as 'High Assurance Session required' for this connected app.
• C. The connected app is not set in the App menu as 'Visible in App Launcher".

Answer: A,C

NEW QUESTION # 119
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

• A. OAuth Username-Password Flow
• B. OAuth SAML Bearer Assertion FLow
• C. OAuth JWT Bearer Token FLow
• D. OAuth Refresh Token FLow

Answer: B,C

NEW QUESTION # 120
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• A. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
• B. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
• C. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• D. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.

Answer: C,D

NEW QUESTION # 121
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65* set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

• A. SP-initiated SSO will NOT work
• B. IdP-initiated SSO will NOT work.
• C. Neither SP- nor IdP-initiated SSO will work.
• D. Either SP- or IdP-initiated SSO will work.

Answer: C

NEW QUESTION # 122
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

• A. Customer Community Plus license
• B. Identity license
• C. Customer Community license
• D. External Identity license

Answer: B

NEW QUESTION # 123
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

• A. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.
• B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
• C. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
• D. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.

Answer: D

NEW QUESTION # 124
......

Ultimate Identity-and-Access-Management-Designer Guide to Prepare Free Latest Salesforce Practice Tests Dumps: https://www.practicedump.com/Identity-and-Access-Management-Designer_actualtests.html

Get Top-Rated Salesforce Identity-and-Access-Management-Designer Exam Dumps Now: https://drive.google.com/open?id=1aUtBZvOynEahH636LkVJwL7c6RNcH6Rb