we provide Validated Salesforce Identity-and-Access-Management-Designer practice exam which are the best for clearing Identity-and-Access-Management-Designer test, and to get certified by Salesforce Salesforce Certified Identity and Access Management Designer (SP19). The Identity-and-Access-Management-Designer Questions & Answers covers all the knowledge points of the real Identity-and-Access-Management-Designer exam. Crack your Salesforce Identity-and-Access-Management-Designer Exam with latest dumps, guaranteed!
Free demo questions for Salesforce Identity-and-Access-Management-Designer Exam Dumps Below:
NEW QUESTION 1
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.
Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?
- A. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
- B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
- C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
- D. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.
Answer: A
NEW QUESTION 2
Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers
- A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
- B. Build a custom visualforce page for both the change password and Forgot password experiences.
- C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
- D. Build a community builder page for both the change password and Forgot password experiences.
Answer: BC
NEW QUESTION 3
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?
- A. The Connected App settings "All users may self-authorize" is enabled.
- B. The Salesforce Administrators have revoked the OAuth authorization.
- C. The Users do not have the correct permission set assigned to them.
- D. The User of High Assurance sessions are required for the Connected App.
Answer: C
NEW QUESTION 4
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?
- A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
- B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
- C. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
- D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
Answer: C
NEW QUESTION 5
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
- A. OAuth Refresh Token FLow
- B. OAuth Username-Password Flow
- C. OAuth SAML Bearer Assertion FLow
- D. OAuth JWT Bearer Token FLow
Answer: CD
NEW QUESTION 6
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement? Choose 2 answers
- A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
- B. Assign the connected app to the customer community, and enable the users profile in the Community settings.
- C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
- D. Set each of the Connected App access settings to Admin Pre-Approved.
Answer: CD
NEW QUESTION 7
A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?
- A. OAuth 2.0 Asset Token Flow
- B. OAuth 2.0 Device Authentication Row
- C. OAuth 2.0 JWT Bearer Token Flow
- D. OAuth 2.0 SAML Bearer Assertion Flow
Answer: A
NEW QUESTION 8
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?
- A. Use Active Directory with Reverse Proxy as the Identity Provider.
- B. Use Microsoft Access control Service as the Authentication provider.
- C. Use Active Directory Federation Service (ADFS) as the Identity Provider.
- D. Use Salesforce Identity Connect as the Identity Provider.
Answer: D
NEW QUESTION 9
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?
- A. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
- B. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
- C. Remove the Login page from the list of Authentication Services on the My Domain configuration.
- D. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
Answer: C
NEW QUESTION 10
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?
- A. Query using OpenID Connect discovery endpoint.
- B. A Leverage OpenID Connect Token Introspection.
- C. Create a custom OAuth scope.
- D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.
Answer: B
NEW QUESTION 11
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?
- A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
- B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
- C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
- D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.
Answer: C
NEW QUESTION 12
How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?
- A. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
- B. Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
- C. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
- D. Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
Answer: A
NEW QUESTION 13
Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers
- A. Configure SAML SSO settings.
- B. Configure Delegated Authentication
- C. Create a connected App
- D. Set up my domain
Answer: AD
NEW QUESTION 14
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers
- A. Trust relationships between Identity Provider and Service Provider are required.
- B. SAML tokens can be in XML or JSON format and can be used interchangeably.
- C. Web applications with no passwords are more secure and stronger against attacks.
- D. Access tokens are used to access resources on the server once the user is authenticated.
- E. Centralized federation provides single point of access, control and auditing.
Answer: ADE
NEW QUESTION 15
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
- A. Federation ID
- B. Salesforce User ID
- C. User Full Name
- D. User Email Address
- E. Salesforce Username
Answer: ACD
NEW QUESTION 16
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?
- A. Entity id
- B. Issuer
- C. Identity provider login URL
- D. SAML identity location
Answer: A
NEW QUESTION 17
......
100% Valid and Newest Version Identity-and-Access-Management-Designer Questions & Answers shared by Dumps-hub.com, Get Full Dumps HERE: https://www.dumps-hub.com/Identity-and-Access-Management-Designer-dumps.html (New 196 Q&As)