This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sun Oct 6 12:25:25 2024 / +0000 GMT ___________________________________________________ Title: NEW 2022 Certification Sample Questions Identity-and-Access-Management-Designer Dumps & Practice Exam [Q87-Q109] --------------------------------------------------- NEW 2022 Certification Sample Questions Identity-and-Access-Management-Designer Dumps & Practice Exam Identity-and-Access-Management-Designer Deluxe Study Guide with Online Test Engine Q87. An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.Which Salesforce OAuth authorization flow should be used7  OAuth 2-0 SAML Bearer Assertion Flow  OAuth 2.0 JWT Bearer Flow  SAML Assertion Flow  OAuth 2.0 User-Agent Flow Q88. Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.What should an identity architect recommend to meet these requirements?  Configure a predefined authentication provider for Amazon.  Create a custom external authentication provider for Amazon.  Configure an OpenID Connect Authentication Provider for Amazon.  Configure Amazon as a connected app. Q89. An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.What is recommended to fulfill this requirement with the least amount of customization?  Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.  Use Login Flows to add a screen that shows personalized alerts.  Build a Lightning web Component (LWC) for a homepage that shows custom alerts.  Create custom metadata that stores user alerts and use a LWC to display alerts. Q90. Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.What should be done to fulfill the requirement?Choose 2 answers  Setup Salesforce as an identity provider (IdP) for order Tracking.  Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,  Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.  Setup Order Tracking as a Canvas app in 5alesforce to POST IdP initiated SAML assertion. Q91. Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?  Service Provider, because Salesforce is the application for managing ideas.  Connected App, because Salesforce is connected with Employee portal via API.  Identity Provider, because the API calls are authenticated by Salesforce.  An independent system, because Salesforce is not part of the SSO setup. Q92. Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers  Use the salesforce REST API to sync users from active directory to salesforce  Use an app exchange product to sync users from Active Directory to salesforce.  Use Active Directory Federation Services to sync users from active directory to salesforce.  Use Identity connect to sync users from Active Directory to salesforce Q93. Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?  Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.  Use Delegated Authentication with callouts to a third-party fingerprint scanning application.  Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.  Use custom login flows with callouts to a third-party fingerprint scanning application. Q94. Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?  SP-Initiated with Deep Linking  SP-Initiated  IdP-Initiated  User-Agent Q95. Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.How should the combined companys’ employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?  Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.  Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.  Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.  Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button. Q96. Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers  Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.  Remove existing restrictions on IP ranges for all types of user access.  Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.  Use Login Flow to bypass IP range restriction for the mobile app. Q97. Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licenses across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process.Which two recommendations should the Architect make to address the complaints? (Choose two.)  Activate My Domain to brand each org to the specific business use case.  Implement IdP-Initiated Single Sign-on flows to allow deep linking.  Implement Delegated Authentication from each org to the LDAP provider.  Implement SP-Initiated Single Sign-on flows to allow deep linking. Q98. Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?  Use the updateUser method on the registration Handler Class.  Develop a scheduled job that calls out to Facebook on a nightly basis.  Use information in the signed Request that is received from facebook.  Use SAML Just-In-Time Provisioning between Facebook and Salesforce. Q99. A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:1. They plan to implement Partner communities to provide access to their partner network .2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.4. They would like to provide a single login for their partners.How should an Identity Architect solution this requirement with limited custom development?  Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.  Consolidate Partner related information in a single org and provide access through Salesforce community.  Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.  Register partners in one org and access information from other orgs using APIs. Q100. Universal containers (UC) would like to enable self – registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers  Modify the communitiesselfregcontroller to assign the profile and account.  Modify the selfregistration trigger to assign profile and account.  Configure registration for communities to use a custom visualforce page.  Configure registration for communities to use a custom apex controller. Q101. Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don’t exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?  Use on-the-fly provisioning  Use just-in-time provisioning  Use salesforce APIs to create users on the fly  Use Identity connect to sync users Q102. Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?  Access Tokens  Mobile pins  Refresh Tokens  Scopes Q103. Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.Which two Salesforce license types does UC need for its employees’Choose 2 answers  Company Community and Identity licenses  Identity and Identity Connect licenses  Chatter Only and Identity licenses  Salesforce and Identity Connect licenses Q104. Universal Container’s (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.Which two options should be utilized in creating an authentication provider?Choose 2 answers  A custom registration handier can be set.  A custom error URL can be set.  The default login user can be set.  The default authentication provider certificate can be set. Q105. A company’s external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.What should be done to improve security?  Select “Admin approved users are pre-authonzed” and assign specific profiles.  Create custom scopes and assign to the connected app.  Define a permission set that grants access to the app and assign to authorized users.  Leverage external objects and data classification policies. Q106. Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?  Use a dedicated profile for the user the Employee portal user.  Add the Employee portal’s IP Address to the trusted IP range for the Connected App.  Use a digital certificate signed by the Employee portal server.  Add the Employee portal’s IP address to the Login IP range on the user profile.? May two answers Q107. Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which twocapabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose2 answers  The Identity Provider can authenticate multiple applications.  The Identity Provider can authenticate multiple social media accounts.  The Identity provider can store credentials for multiple applications.  The Identity Provider can centralize enterprise password policy. Q108. Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?  Id  Web  Api  Custom_permissions Q109. Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users’ credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.How should an identity architect configure AWS to authenticate and authorize Salesforce users?  Configure the custom employee app as a connected app.  Configure AWS as an OpenID Connect Provider.  Create a custom external authentication provider.  Develop a custom Auth server in AWS.  Loading … Identity-and-Access-Management-Designer dumps review - Professional Quiz Study Materials: https://www.braindumpsit.com/Identity-and-Access-Management-Designer_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-07-27 12:47:31 Post date GMT: 2022-07-27 12:47:31 Post modified date: 2022-07-27 12:47:31 Post modified date GMT: 2022-07-27 12:47:31