[Aug 30, 2023] Get to the Top with Identity-and-Access-Management-Designer Practice Exam Questions Use Real Identity-and-Access-Management-Designer Dumps Free Sample Questions and Practice Test Engine Salesforce Identity-and-Access-Management-Designer certification is an excellent choice for professionals who wish to demonstrate their expertise in identity and access management in Salesforce. It is [...]

All Products Contact now

[Aug 30, 2023] Get to the Top with Identity-and-Access-Management-Designer Practice Exam Questions [Q42-Q58]

Share

[Aug 30, 2023] Get to the Top with Identity-and-Access-Management-Designer Practice Exam Questions

Use Real Identity-and-Access-Management-Designer Dumps Free Sample Questions and Practice Test Engine


Salesforce Identity-and-Access-Management-Designer certification is an excellent choice for professionals who wish to demonstrate their expertise in identity and access management in Salesforce. It is a challenging exam that requires a deep understanding of the Salesforce platform, but it is also highly rewarding for those who pass it. By earning this certification, professionals can enhance their career prospects and demonstrate their commitment to staying up-to-date with the latest industry standards and best practices.

 

NEW QUESTION # 42
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. API
  • B. full
  • C. Refresh token
  • D. Web

Answer: A,C


NEW QUESTION # 43
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?

  • A. Issuer
  • B. SAML Identity Location
  • C. Entity Id
  • D. Identity Provider Login URL

Answer: C


NEW QUESTION # 44
Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

  • A. Configure an authentication provider to delegate authentication to the LDAP directory.
  • B. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
  • C. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.
  • D. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

Answer: A


NEW QUESTION # 45
Under which scenario Web Server flow will be used?

  • A. Used for verifying Access protected resources.
  • B. Used for server-side components when page needs to be rendered.
  • C. Used for mobile applications and testing legacy Integrations.
  • D. Used for web applications when server-side code needs to interact with APIS.

Answer: D


NEW QUESTION # 46
Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

  • A. Request Salesforce Support to enable delegated authentication.
  • B. Assign user "is Single Sign-on Enabled" permission via profile or permission set.
  • C. Enable My Domain and select "Prevent login from https://login.salesforce.com".
  • D. Once SSO is enabled, users are only able to login using Salesforce credentials.

Answer: B,C


NEW QUESTION # 47
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement?
Choose 3 answers

  • A. Create a connected app for Concur in Salesforce.
  • B. Create an approval process for user object associated with the provisioning flow.
  • C. Create an approval process for a custom object associated with the provisioning flow.
  • D. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
  • E. Enable User Provisioning for the connected app.

Answer: A,D,E


NEW QUESTION # 48
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.
Which two connected app options need to be configured to fulfill this use case?
Choose 2 answers

  • A. Set the Refresh Token Policy to expire refresh token after 3 months.
  • B. Set Permitted Users to "All users may self-authorize".
  • C. Set the Session Timeout value to 3 months.
  • D. Set Permitted Users to "Admin approved users are pre-authorized".

Answer: A,B


NEW QUESTION # 49
Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

  • A. Add the employee portals IP address to the login IP range on the user profile.
  • B. Use a dedicated profile for the user the Employee portal uses.
  • C. Add the Employee portals IP address to the Trusted IP range for the connected App
  • D. Use a digital certificate signed by the employee portal Server.

Answer: C


NEW QUESTION # 50
Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?

  • A. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
  • B. Create tasks for users who need to update their data or accept the new community rules.
  • C. Create a custom landing page and email campaign asking all community members to login and verify their data.
  • D. Add a banner to the community Home page asking users to update their profile and accept the new community rules.

Answer: A


NEW QUESTION # 51
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?

  • A. Create a Connected App that supports the Refresh Token OAuth Flow.
  • B. Create a Connected App that supports the Web Server OAuth Flow.
  • C. Create a Connected App that supports the User-Agent OAuth Flow.
  • D. Create a Connected App that supports the JWT Bearer Token OAuth Flow.

Answer: D


NEW QUESTION # 52
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

  • A. Users choosing passwords that are the same as their Facebook password.
  • B. Users leaving laptops unattended and not logging out of Salesforce.
  • C. Users creating simple-to-guess password reset questions.
  • D. Users accessing Salesforce from a public Wi-Fi access point.

Answer: A,D


NEW QUESTION # 53
An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

  • A. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.
  • B. Ensure that there is an HTTPS connection between IDP and SP.
  • C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
  • D. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

Answer: A


NEW QUESTION # 54
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  • A. In the mobile navigation menu on Salesforce for Android.
  • B. The sidebar of a Salesforce Console as a console component.
  • C. As part of the body of a Salesforce Knowledge article.
  • D. Included in the Call Control Tool that's part of Open CTI.

Answer: B,C


NEW QUESTION # 55
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

  • A. RelayState
  • B. RedirectURL
  • C. DisplayState
  • D. StartURL

Answer: A


NEW QUESTION # 56
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. OpenID Connect
  • B. User Agent Flow
  • C. JWT Bearer Token Flow
  • D. Web Server Flow

Answer: D


NEW QUESTION # 57
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

  • A. Use Delegated Authentication to call the Twitter login API to authenticate users.
  • B. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.
  • C. Configure an Authentication Provider for LinkedIn Social Media Accounts.
  • D. Create a Custom Apex Registration Handler to handle new and existing users.

Answer: C,D


NEW QUESTION # 58
......

Pass Salesforce Identity-and-Access-Management-Designer exam - questions - convert Tets Engine to PDF: https://officialdumps.realvalidexam.com/Identity-and-Access-Management-Designer-real-exam-dumps.html

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Our Study Prep will help you pass the exam in the first attempt. Our Study guide will guarantee full refund for any reason in case of your failure of test. Our Exam Torrent will provide you with one year free update, and will send new version to you immediately after it is updated.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealValidExam NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy