• Home
  • Articles
  • [Feb-2024] Identity-and-Access-Management-Designer Questions - Truly Beneficial For Your Salesforce Exam [Q122-Q147]

[Feb-2024] Identity-and-Access-Management-Designer Questions - Truly Beneficial For Your Salesforce Exam [Q122-Q147]

Share

[Feb-2024] Identity-and-Access-Management-Designer Questions - Truly Beneficial For Your Salesforce Exam

Download Salesforce Identity-and-Access-Management-Designer Sample Questions


Salesforce Identity-and-Access-Management-Designer certification is a valuable credential for professionals who work in the IAM domain. Salesforce Certified Identity and Access Management Designer certification validates the candidate's expertise in designing and implementing IAM solutions on the Salesforce platform. Salesforce Certified Identity and Access Management Designer certification exam covers a range of topics related to IAM, and passing the exam requires a thorough understanding of these concepts. The Salesforce Certified Identity and Access Management Designer credential is a testament to an individual's commitment to their profession and their dedication to staying up-to-date with the latest industry standards and best practices.


Salesforce Identity-and-Access-Management-Designer Exam is one of the most popular certifications in the Salesforce ecosystem. It is designed for professionals who want to validate their expertise in Salesforce Identity and Access Management (IAM) and become a Salesforce Certified Identity and Access Management Designer. Identity-and-Access-Management-Designer exam is intended to test the knowledge and skills of individuals who are responsible for designing and implementing IAM solutions on the Salesforce platform.


Salesforce Certified Identity and Access Management Designer certification exam consists of 60 multiple-choice questions, and candidates have 120 minutes to complete the exam. Identity-and-Access-Management-Designer exam covers a wide range of topics, including Salesforce security architecture, user authentication and authorization, identity and access management, and integration with external systems.

 

NEW QUESTION # 122
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  • A. Create Canvas app in Salesforce for third-party app to provision users.
  • B. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
  • C. Use a connected app with user provisioning flow.
  • D. Redirect users to the third-party app for registration.

Answer: C


NEW QUESTION # 123
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

  • A. App Launcher
  • B. SSO from Salesforce Mobile App
  • C. Resource deep linking
  • D. Login Forensics

Answer: B,C


NEW QUESTION # 124
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

  • A. Use the existing SAML SSO flow along with Web Server Flow.
  • B. Use the existing SAML-SSO flow along with User Agent Flow.
  • C. Configure the Salesforce1 App to use the MY Domain URL.
  • D. Configure the Embedded Web Browser to use My Domain URL.

Answer: C,D


NEW QUESTION # 125
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

  • A. Create a custom application on Heroku that manages the sign-on process from Facebook.
  • B. Add an Apex callout in the registration handler of the authorization provider.
  • C. Use JIT Provisioning to automatically create the account in the accounting system.
  • D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Answer: B


NEW QUESTION # 126
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

  • A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • B. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
  • C. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  • D. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

Answer: C


NEW QUESTION # 127
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

  • A. OAuth JWT Bearer Token FLow
  • B. OAuth Refresh Token FLow
  • C. OAuth SAML Bearer Assertion FLow
  • D. OAuth Username-Password Flow

Answer: A,C


NEW QUESTION # 128
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

  • A. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
  • B. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
  • C. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
  • D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Answer: D


NEW QUESTION # 129
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

  • A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
  • B. Create custom scopes and assign to the connected app.
  • C. Define a permission set that grants access to the app and assign to authorized users.
  • D. Leverage external objects and data classification policies.

Answer: B


NEW QUESTION # 130
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  • B. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

Answer: A,D


NEW QUESTION # 131
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

  • A. Use the permission set license to assign the mobile app permission to sales users
  • B. Use a custom attribute on the user object to control access to the mobile app
  • C. Add a new identity provider to authenticate and authorize mobile users.
  • D. Use connected apps Oauth policies to restrict mobile app access to authorized users.

Answer: C


NEW QUESTION # 132
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?

  • A. Create a custom Lightning Web Component
  • B. Use Login Discovery
  • C. Use an external Identity Provider
  • D. Integrate with social websites (Facebook, Linkedin. Twitter)

Answer: B


NEW QUESTION # 133
Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

  • A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.
  • B. Use a login flow to query standard SAML attributes and set permission sets.
  • C. Use a login flow to query custom SAML attributes and set permission sets.
  • D. Use the Apex Just-m-Time handler to query custom SAML attributes and set permission sets.

Answer: D


NEW QUESTION # 134
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

  • A. An independent system, because Salesforce is not part of the SSO setup.
  • B. Connected App, because Salesforce is connected with Employee portal via API.
  • C. Service Provider, because Salesforce is the application for managing ideas.
  • D. Identity Provider, because the API calls are authenticated by Salesforce.

Answer: A


NEW QUESTION # 135
Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.
Which three steps should an identity architect take to implement social sign-on?
Choose 3 answers

  • A. Update the default registration handlers to create and update users.
  • B. Check "Facebook" and "Linkedln" under Login Page Setup.
  • C. Register both Facebook and Linkedln as connected apps.
  • D. Create authentication providers for both Facebook and Linkedln.
  • E. Enable "Federated Single Sign-On Using SAML".

Answer: A,B,D


NEW QUESTION # 136
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the identity provider.
  • B. Reference to a URL redirect parameter at the service provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to the login address URL of the identity Provider.

Answer: A


NEW QUESTION # 137
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

  • A. The user has not configured the salesforce1 mobile app to use my domain for login
  • B. The "Redirect to identity provider" option has not been selected the SAML configuration.
  • C. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
  • D. The user has notbeen granted the "Enable single Sign-on" permission

Answer: A


NEW QUESTION # 138
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  • B. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • D. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

Answer: B


NEW QUESTION # 139
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • C. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
  • D. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

Answer: A


NEW QUESTION # 140
Universal containers(UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally,UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. Web
  • B. Full
  • C. Refresh Tokens
  • D. API

Answer: B,D


NEW QUESTION # 141
Universal Containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licenses and adding dirty data.
Which two actions should UC take to prevent unauthorized form submissions during the self-registration process? (Choose two.)

  • A. Require a CAPTCHA at the end of the self-registration process.
  • B. Primarily use lookup and picklist fields on the self-registration page.
  • C. Use open-ended security questions and complex password requirements.
  • D. Use hidden fields populated via JavaScript events in the self-registration page.

Answer: A,C


NEW QUESTION # 142
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location.
Which two options should an architect recommend? Choose 2 answers

  • A. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
  • B. Use login flow to bypass ip range restriction for the mobile app.
  • C. Remove existing restrictions on ip ranges for all types of user access.
  • D. Relax the ip restriction in the connect app settings for the salesforce1 mobile app

Answer: B,D


NEW QUESTION # 143
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • B. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • C. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  • D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

Answer: B


NEW QUESTION # 144
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

  • A. The self-registration process will create a person Account record.
  • B. The self-registration process will produce an error to the user.
  • C. The self-registration page will ask user to select an account.
  • D. The self-registration page will create a new account record.

Answer: B


NEW QUESTION # 145
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?

  • A. Develop a scheduled job that calls out to Facebook on a nightly basis.
  • B. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • C. Use information in the signed Request that is received from facebook.
  • D. Use the updateUser method on the registration Handler Class.

Answer: B


NEW QUESTION # 146
Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.
What role does identity Connect play in the outlined requirements?

  • A. Service Provider
  • B. User Management
  • C. Identity Provider
  • D. Single Sign-On

Answer: B


NEW QUESTION # 147
......

Truly Beneficial For Your Salesforce Exam: https://www.realexamfree.com/Identity-and-Access-Management-Designer-real-exam-dumps.html

Real Identity-and-Access-Management-Designer Exam Questions and Answers FREE: https://drive.google.com/open?id=1wqsq6wXT6eTBMzlyqHft-tYhKqTYyZ9u

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy