• Home
  • Articles
  • Updated Nov-2023 Official licence for Identity-and-Access-Management-Designer Certified by Identity-and-Access-Management-Designer Dumps PDF [Q126-Q144]

Updated Nov-2023 Official licence for Identity-and-Access-Management-Designer Certified by Identity-and-Access-Management-Designer Dumps PDF [Q126-Q144]

Share

Updated Nov-2023 Official licence for Identity-and-Access-Management-Designer Certified by Identity-and-Access-Management-Designer Dumps PDF

Grab latest Amazon Identity-and-Access-Management-Designer Dumps as PDF Updated on 2023

NEW QUESTION # 126
Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA.
UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees'
Choose 2 answers

  • A. Identity and Identity Connect licenses
  • B. Company Community and Identity licenses
  • C. Salesforce and Identity Connect licenses
  • D. Chatter Only and Identity licenses

Answer: A,C


NEW QUESTION # 127
Universal Containers (UC) has implemented an SP-initiated SAML flow between an external IdP and Salesforce. A user at UC is attempting to log in to Salesforce mobile app for the first time and is being prompted for Salesforce credentials instead of being shown the IdP login page.
What is the likely cause of the issue?

  • A. The user has NOT configured the Salesforce mobile app to use My Domain for login.
  • B. The "Redirect to Identity Provider" option has NOT been selected on the SAML configuration.
  • C. The user has NOT been granted the "Enable Single Sign-on" permission.
  • D. The "Redirect to Identity Provider" option has NOT been selected in the My Domain configuration.

Answer: A


NEW QUESTION # 128
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?
Choose 2 answers

  • A. The Identity Provider can authenticate multiple social media accounts.
  • B. The Identity provider can store credentials for multiple applications.
  • C. The Identity Provider can centralize enterprise password policy.
  • D. The Identity Provider can authenticate multiple applications.

Answer: C,D


NEW QUESTION # 129
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

  • A. The web service can be written using either the soap or rest protocol.
  • B. UC should whitelist all salesforce ip ranges on their corporate firewall.
  • C. Delegated Authentication is enabled for the system administrator profile.
  • D. The web service needs to include Source IP as a method parameter.
  • E. The return type of the Web service method should be a Boolean value

Answer: B,D,E


NEW QUESTION # 130
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement?
Choose 3 answers

  • A. Create a connected app for Concur in Salesforce.
  • B. Enable User Provisioning for the connected app.
  • C. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.
  • D. Create an approval process for user object associated with the provisioning flow.
  • E. Create an approval process for a custom object associated with the provisioning flow.

Answer: A,B,C


NEW QUESTION # 131
Which two statements are capable of Identity Connect? Choose 2 answers

  • A. Synchronization of Salesforce Permission Set Licence Assignments.
  • B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
  • C. Automated user synchronization and de-activation.
  • D. Support multiple orgs connecting to multiple Active Directory servers.

Answer: B,C


NEW QUESTION # 132
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • B. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • C. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Answer: D


NEW QUESTION # 133
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
  • B. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • C. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • D. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.

Answer: C,D


NEW QUESTION # 134
A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

  • A. OAuth 2.0 SAML Bearer Assertion Flow
  • B. OAuth 2.0 JWT Bearer Token Flow
  • C. OAuth 2.0 Device Authentication Row
  • D. OAuth 2.0 Asset Token Flow

Answer: D


NEW QUESTION # 135
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The salesforce administrators gave revoked the Oauth authorization.
  • B. The users do not have the correct permission set assigned to them.
  • C. The connected App setting "All users may self-authorize" is enabled.
  • D. The use of high assurance sections are required for the connected App.

Answer: B


NEW QUESTION # 136
The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • D. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Answer: A


NEW QUESTION # 137
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

  • A. Use a self-signed certificate for salesforce and a self-signed cert for the external system
  • B. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
  • C. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
  • D. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

Answer: A,D


NEW QUESTION # 138
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

  • A. Configure a predefined authentication provider for Amazon.
  • B. Configure an OpenID Connect Authentication Provider for Amazon.
  • C. Create a custom external authentication provider for Amazon.
  • D. Configure Amazon as a connected app.

Answer: B


NEW QUESTION # 139
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

  • A. Use the updateuser() method on the registration handler class.
  • B. Use SAML just-in-time provisioning between Facebook and Salesforce
  • C. Use information in the signed request that is received from Facebook.
  • D. Develop a schedule job that calls out to Facebook on a nightly basis.

Answer: A


NEW QUESTION # 140
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

  • A. Connected App, because Salesforce is connected with Employee portal via API.
  • B. Identity Provider, because the API calls are authenticated by Salesforce.
  • C. Service Provider, because Salesforce is the application for managing ideas.
  • D. An independent system, because Salesforce is not part of the SSO setup.

Answer: D


NEW QUESTION # 141
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
  • B. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  • C. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  • D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer: B


NEW QUESTION # 142
A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?

  • A. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
  • B. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
  • C. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
  • D. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.

Answer: D


NEW QUESTION # 143
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

  • A. Delegated Authentication will not work with a.net service.
  • B. Delegated Authentication will continue to work with a.net service.
  • C. Delegated Authentication will continue to work with rest services.
  • D. Delegated Authentication will not work with rest services.

Answer: B,D


NEW QUESTION # 144
......


Salesforce Identity-and-Access-Management-Designer Certification Exam is a challenging exam that requires a lot of preparation and hard work. Identity-and-Access-Management-Designer exam consists of 60 multiple-choice questions that need to be answered within 105 minutes. The questions are designed to test the candidates' knowledge of Salesforce technologies, as well as their ability to design and implement identity and access management solutions.


Salesforce Identity and Access Management Designer certification exam comprises 60 multiple-choice questions and is timed at 105 minutes. Identity-and-Access-Management-Designer exam is proctored and can be taken either in-person or remotely. To pass the exam, candidates must score at least 65% or higher. Identity-and-Access-Management-Designer exam fee is $400, and candidates can register for the exam through the Salesforce certification portal.

 

Latest Identity-and-Access-Management-Designer Exam Dumps Salesforce Exam from Training: https://www.realexamfree.com/Identity-and-Access-Management-Designer-real-exam-dumps.html

Newly Released Identity-and-Access-Management-Designer Dumps for Salesforce Identity and Access Management Designer Certified: https://drive.google.com/open?id=1wqsq6wXT6eTBMzlyqHft-tYhKqTYyZ9u

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy