• Home
  • Blogs
  • Practice on 2024 LATEST Identity-and-Access-Management-Designer Exam Updated 245 Questions [Q49-Q73]

Practice on 2024 LATEST Identity-and-Access-Management-Designer Exam Updated 245 Questions [Q49-Q73]

Share

Practice on 2024 LATEST Identity-and-Access-Management-Designer Exam Updated 245 Questions

Download Latest Identity-and-Access-Management-Designer Dumps with Authentic Real Exam QA's


Salesforce Identity-and-Access-Management-Designer certification is an excellent credential for professionals who work with Salesforce systems and want to demonstrate their expertise in identity and access management. Salesforce Certified Identity and Access Management Designer certification exam covers a wide range of topics, including identity and access management fundamentals, Salesforce security features, user authentication, and authorization. Salesforce Certified Identity and Access Management Designer certification is recognized globally and provides professionals with access to a wide range of resources and tools to help them stay current with the latest trends and best practices in the field.


Salesforce Certified Identity and Access Management Designer certification is a valuable credential for professionals who work with Salesforce systems. Salesforce Certified Identity and Access Management Designer certification demonstrates that the candidate has a deep understanding of Salesforce's identity and access management features, including user authentication, authorization, and data security. Salesforce Certified Identity and Access Management Designer certification is also an excellent way for professionals to demonstrate their commitment to professional development and their dedication to providing high-quality services to their clients.

 

NEW QUESTION # 49
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. full
  • B. Refresh token
  • C. API
  • D. Web

Answer: B,C


NEW QUESTION # 50
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

  • A. Increase Password complexity requirements in Salesforce.
  • B. Implement Single Sign-on using a corporate Identity store.
  • C. Lock sessions to the IP address from which they originated.
  • D. Use the Salesforce Authenticator mobile app with two-step verification

Answer: C


NEW QUESTION # 51
Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.
What should NTO's first step be in gathering signals that could indicate account compromise?

  • A. Download the Login History and evaluate the details of logins performed by the user.
  • B. Download the Identity Provider Event Log and evaluate the details of activities performed by the user.
  • C. Download the Setup Audit Trail and review all recent activities performed by the user.
  • D. Review the User record and evaluate the login and transaction history.

Answer: A


NEW QUESTION # 52
A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropriate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 SAML Bearer Assertion Flow
  • B. OAuth 2.0 Device Authentication Row
  • C. OAuth 2.0 JWT Bearer Token Flow
  • D. OAuth 2.0 Asset Token Flow

Answer: D


NEW QUESTION # 53
Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

  • A. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
  • B. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.
  • C. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
  • D. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.

Answer: B


NEW QUESTION # 54
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
  • B. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • C. To use dynamic branding, the community must be built with the Customer Account Portal template.
  • D. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.

Answer: C,D


NEW QUESTION # 55
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Full
  • B. Refresh_token
  • C. Custom_permissions
  • D. Api

Answer: B,D


NEW QUESTION # 56
Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

  • A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.
  • B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.
  • C. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.
  • D. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

Answer: A,D


NEW QUESTION # 57
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to supply their email and phone number, which gets validated.
  • B. Require users to enter a second password after the first Authentication
  • C. Require users to use a biometric reader as well as their password
  • D. Require users to provide their RSA token along with their credentials.

Answer: A,C


NEW QUESTION # 58
Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

  • A. Service-provider-initiated SSO
  • B. Start URL on identity provider
  • C. Web server Oauth SSO flow.
  • D. Identity-provider-initiated SSO

Answer: A


NEW QUESTION # 59
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

  • A. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
  • B. Identity connect is not compatible with UC's current identity environment.
  • C. Identity Connect will not support user provisioning in UC's current environment.
  • D. Identity Connect will only support SP-initiated SAML flows in UC's current environment.

Answer: C


NEW QUESTION # 60
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

  • A. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
  • B. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
  • C. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  • D. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

Answer: C


NEW QUESTION # 61
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

Answer: A,D


NEW QUESTION # 62
The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?

  • A. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
  • B. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
  • C. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
  • D. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.

Answer: C


NEW QUESTION # 63
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

  • A. Use a self-signed certificate for salesforce and a self-signed cert for the external system
  • B. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
  • C. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
  • D. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system

Answer: B


NEW QUESTION # 64
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers

  • A. Refresh Token
  • B. Client ID
  • C. Verification Code
  • D. Scopes
  • E. Authorization Code

Answer: A,B,D


NEW QUESTION # 65
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

  • A. Configure registration for communities to use a custom visualforce page.
  • B. Modify the communitiesselfregcontroller to assign the profile and account.
  • C. Modify the selfregistration trigger to assign profile and account.
  • D. Configure registration for communities to use a custom apex controller.

Answer: A,B


NEW QUESTION # 66
Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

  • A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.
  • B. Use a login flow to query custom SAML attributes and set permission sets.
  • C. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.
  • D. Use a login flow to query standard SAML attributes and set permission sets.

Answer: C


NEW QUESTION # 67
Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials.
The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically.
Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?

  • A. Custom login flow and Apex handler
  • B. Third-party AppExchange solution
  • C. Just-in-Time (JIT) provisioning
  • D. Custom middleware and web services

Answer: C


NEW QUESTION # 68
Universal Containers (UC) is planning to add Wi-Fi enabled GPS tracking devices to its shipping containers so that the GPS coordinates data can be sent from the tracking device to its Salesforce production org via a custom API. The GPS devices have no direct user input or output capabilities.
Which OAuth flow should the identity architect recommend to meet the requirement?

  • A. OAuth 2.0 Username-Password Flow for Special Scenarios
  • B. OAuth 2.0 Web Server Flow for Web App Integration
  • C. OAuth 2.0 Asset Token Flow for Securing Connected Devices
  • D. OAuth 2.0 JWT Bearer Flow for Server-to-Server Integration

Answer: C


NEW QUESTION # 69
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  • A. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.
  • B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
  • C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  • D. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.

Answer: C


NEW QUESTION # 70
Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

  • A. Develop a custom Auth server in AWS.
  • B. Configure AWS as an OpenID Connect Provider.
  • C. Create a custom external authentication provider.
  • D. Configure the custom employee app as a connected app.

Answer: B


NEW QUESTION # 71
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use just-in-time provisioning
  • B. Use on-the-fly provisioning
  • C. Use salesforce APIs to create users on the fly
  • D. Use Identity connect to sync users

Answer: A


NEW QUESTION # 72
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?

  • A. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
  • B. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
  • C. Register partners in one org and access information from other orgs using APIs.
  • D. Consolidate Partner related information in a single org and provide access through Salesforce community.

Answer: B


NEW QUESTION # 73
......

Authentic Identity-and-Access-Management-Designer Exam Dumps PDF - Apr-2024 Updated: https://skillsoft.braindumpquiz.com/Identity-and-Access-Management-Designer-exam-material.html

Related Blogs

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 BRAINDUMPQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.