Your success in Salesforce Identity-and-Access-Management-Designer is our sole target and we develop all our Identity-and-Access-Management-Designer braindumps in a way that facilitates the attainment of this target. Not only is our Identity-and-Access-Management-Designer study material the best you can find, it is also the most detailed and the most updated. Identity-and-Access-Management-Designer Practice Exams for Salesforce Identity-and-Access-Management-Designer are written to the highest standards of technical accuracy.
Check Identity-and-Access-Management-Designer free dumps before getting the full version:
NEW QUESTION 1
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers
- A. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
- B. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
- C. Use a self-signed certificate for salesforce and a self-signed cert for the external system
- D. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
Answer: CD
NEW QUESTION 2
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?
- A. Use the Salesforce Authenticator mobile app with two-step verification
- B. Lock sessions to the IP address from which they originated.
- C. Increase Password complexity requirements in Salesforce.
- D. Implement Single Sign-on using a corporate Identity store.
Answer: A
NEW QUESTION 3
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?
- A. Customer Community license
- B. Identity license
- C. Customer Community Plus license
- D. External Identity license
Answer: B
NEW QUESTION 4
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement? Choose 3 answers
- A. Create an approval process for a custom object associated with the provisioning flow.
- B. Create a connected app for Concur in Salesforce.
- C. Enable User Provisioning for the connected app.
- D. Create an approval process for user object associated with the provisioning flow.
- E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
Answer: BCE
NEW QUESTION 5
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?
- A. Add each connected App to the App Launcher with a Start URL.
- B. Set up an Auth Provider for each External Application.
- C. Set up Salesforce as a SAML Idp with My Domain.
- D. Set up Identity Connect to Synchronize user data.
- E. Create a Connected App for each external application.
Answer: ACE
NEW QUESTION 6
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
- A. Identity Only License
- B. External Identity License
- C. Identity Verification Credits Add-on License
- D. Identity Connect License
Answer: A
NEW QUESTION 7
Which three types of attacks would a 2-Factor Authentication solution help garden against?
- A. Key logging attacks
- B. Network perimeter attacks
- C. Phishing attacks
- D. Dictionary attacks
- E. Man-in-the-middle attacks
Answer: ABD
NEW QUESTION 8
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?
- A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
- B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
- C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
- D. Allow partners to register through the IdP and create partner users in Salesforce through an API.
Answer: B
NEW QUESTION 9
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?
- A. Require the use of Salesforce security tokens on passwords.
- B. Enforce mutual authentication between systems using SSL.
- C. Include Client Id and Client Secret in the login header callout.
- D. Set up a proxy service for the login service in the DMZ.
Answer: A
NEW QUESTION 10
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?
- A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
- B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
- C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.
- D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
Answer: B
NEW QUESTION 11
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?
- A. Associate user profiles with the connected Apps.
- B. Complete my domain and Identity provider setup.
- C. Create connected apps for the external applications.
- D. Complete single Sign-on settings in security controls.
- E. Create named credentials for each external system.
Answer: ABC
NEW QUESTION 12
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers
- A. Resource deep linking
- B. App launcher
- C. SSO from salesforce1 mobile app.
- D. Login forensics
Answer: AC
NEW QUESTION 13
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?
- A. SP-initiated SSO will not work.
- B. Neither SP- nor IdP-initiated SSO will work.
- C. Either SP- or IdP-initiated SSO will work.
- D. IdP-initiated SSO will not work.
Answer: B
NEW QUESTION 14
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?
- A. Financial System
- B. Pingfederate
- C. Salesforce Org 2
- D. Salesforce Org 1
Answer: BD
NEW QUESTION 15
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers
- A. Use a professional social media such as LinkedIn as an Authentication provider
- B. Build a custom web page that uses the identity store and calls frontdoor.jsp
- C. Build a custom Web service that is supported by Delegated Authentication.
- D. Implement the Openid protocol and configure an Authentication provider
Answer: CD
NEW QUESTION 16
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers
- A. Create a custom external authentication provider for Facebook.
- B. Configure a predefined authentication provider for Facebook.
- C. Create a custom external authentication provider for Twitter.
- D. Configure a predefined authentication provider for Twitter.
Answer: BD
NEW QUESTION 17
......
Thanks for reading the newest Identity-and-Access-Management-Designer exam dumps! We recommend you to try the PREMIUM Downloadfreepdf.net Identity-and-Access-Management-Designer dumps in VCE and PDF here: https://www.downloadfreepdf.net/Identity-and-Access-Management-Designer-pdf-download.html (196 Q&As Dumps)