A Review Of Realistic Identity-and-Access-Management-Designer Study Guides

NEW QUESTION 1
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

• A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
• B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
• C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
• D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer: C

NEW QUESTION 2
Universal containers (UC) built a customer Community for customers to buy products, review orders, and
manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

• A. Google is the service provider and Facebook is the identity provider
• B. Salesforce is the service provider and Google is the identity provider
• C. Facebook is the service provider and salesforce is the identity provider
• D. Salesforce is the service provider and Facebook is the identity provider

Answer: BD

NEW QUESTION 3
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement? Choose 2 answers

• A. External Identity Licenses
• B. Identity Connect Licenses
• C. Email Verification Credits
• D. SMS verification Credits

Answer: AD

NEW QUESTION 4
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the community. Which two actions should an Architect recommend UC to take?

• A. Use Delegated Authentication to call the Twitter login API to authenticate users.
• B. Configure an Authentication Provider for LinkedIn Social Media Accounts.
• C. Create a Custom Apex Registration Handler to handle new and existing users.
• D. Configure SSO Settings For Facebook to serve as a SAML Identity Provider.

Answer: BC

NEW QUESTION 5
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

• A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
• B. Create an apex scheduled job in one org that will synchronize the other orgs profile.
• C. Implement Delegated Authentication that will update the user profiles as necessary.
• D. Implement an Oauthjwt flow to pass the profile credentials between systems.

Answer: A

NEW QUESTION 6
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

• A. Authentication Token
• B. Session ID
• C. Refresh Token
• D. Access Token

Answer: CD

NEW QUESTION 7
Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.
What should an identity architect do to fulfill this requirement?

• A. Contact Salesforce Support and enable delegate single sign-on.
• B. Create a custom external authentication provider.
• C. Use certificate-based authentication.
• D. Configure OpenID Connect authentication provider.

Answer: B

NEW QUESTION 8
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

• A. The Identity Provider can authenticate multiple applications.
• B. The Identity Provider can authenticate multiple social media accounts.
• C. The Identity provider can store credentials for multiple applications.
• D. The Identity Provider can centralize enterprise password policy.

Answer: AD

NEW QUESTION 9
Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

• A. Use the same SAML Identity location as the first org.
• B. Use a different Entity ID than the first org.
• C. Use the same request bindings as the first org.
• D. Use the Salesforce Username as the SAML Identity Type.

Answer: B

NEW QUESTION 10
A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend? Choose 2 answers

• A. Implement Auth.SamlJitHandler Interface.
• B. Create and update methods.
• C. Implement RegistrationHandler Interface.
• D. Implement SesslonManagement Class.

Answer: AB

NEW QUESTION 11
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

• A. Financial System and CPQ System are the only Service Providers.
• B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
• C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
• D. Salesforce Org1 and PingFederate are acting as Identity Providers.

Answer: D

NEW QUESTION 12
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: C

NEW QUESTION 13
Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers

• A. Use the existing SAML SSO flow along with user agent flow.
• B. Configure the embedded Web browser to use my domain URL.
• C. Use the existing SAML SSO flow along with Web server flow
• D. Configure the salesforce1 app to use the my domain URL

Answer: AD

NEW QUESTION 14
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

• A. Use the salesforce REST API to sync users from active directory to salesforce
• B. Use an app exchange product to sync users from Active Directory to salesforce.
• C. Use Active Directory Federation Services to sync users from active directory to salesforce.
• D. Use Identity connect to sync users from Active Directory to salesforce

Answer: BD

NEW QUESTION 15
Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?

• A. SAML Metadata file importer
• B. Identity Provider Metadata download
• C. Connected App Manager
• D. Security Assertion Markup Language Validator

Answer: D

NEW QUESTION 16
......