2022 New Identity-and-Access-Management-Designer Exam Dumps with PDF and VCE Free: https://www.2passeasy.com/dumps/Identity-and-Access-Management-Designer/

Free of Identity-and-Access-Management-Designer exam guide materials and preparation labs for Salesforce certification for IT examinee, Real Success Guaranteed with Updated Identity-and-Access-Management-Designer pdf dumps vce Materials. 100% PASS Salesforce Certified Identity and Access Management Designer (SP19) exam Today!

Free demo questions for Salesforce Identity-and-Access-Management-Designer Exam Dumps Below:

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

  • A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
  • B. Utilize Authorization Providers to allow the third-party appliction to authenticate itself againstSalesforce as the Idp.
  • C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
  • D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

Answer: AC

Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

  • A. Financial System
  • B. Pingfederate
  • C. Salesforce Org 2
  • D. Salesforce Org 1

Answer: BD

Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

  • A. Create a custom application on Heroku that manages the sign-on process from Facebook.
  • B. Use JIT Provisioning to automatically create the account in the accounting system.
  • C. Add an Apex callout in the registration handler of the authorization provider.
  • D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Answer: C

In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

  • A. RedirectURL
  • B. RelayState
  • C. DisplayState
  • D. StartURL

Answer: B

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

  • A. My Domain
  • B. External Identity
  • C. Identity Provider
  • D. Multi-Factor Authentication

Answer: A

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

  • A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
  • B. Create custom scopes and assign to the connected app.
  • C. Define a permission set that grants access to the app and assign to authorized users.
  • D. Leverage external objects and data classification policies.

Answer: B

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

  • A. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
  • B. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
  • C. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
  • D. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

Answer: D

which three are features of federated Single Sign-on solutions? Choose 3 answers

  • A. It federates credentials control to authorized applications.
  • B. It establishes trust between Identity store and service provider.
  • C. It solves all identity and access management problems.
  • D. It improves affiliated applications adoption rates.
  • E. It enables quick and easy provisioning and deactivating of users.

Answer: BCE

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

  • A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
  • B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
  • C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
  • D. Allow partners to register through the IdP and create partner users in Salesforce through an API.

Answer: B

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user atfirst login.

Answer: C

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees' Choose 2 answers

  • A. Company Community and Identity licenses
  • B. Identity and Identity Connect licenses
  • C. Chatter Only and Identity licenses
  • D. Salesforce and Identity Connect licenses

Answer: BD

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

  • A. Identity store
  • B. Authentication store
  • C. Identity provider
  • D. Service provider

Answer: C

Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use on-the-fly provisioning
  • B. Use just-in-time provisioning
  • C. Use salesforce APIs to create users on the fly
  • D. Use Identity connect to sync users

Answer: B

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Answer: AB

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

  • A. Id
  • B. Web
  • C. Api
  • D. Custom_permissions

Answer: D


P.S. Dumps-files.com now are offering 100% pass ensure Identity-and-Access-Management-Designer dumps! All Identity-and-Access-Management-Designer exam questions have been updated with correct answers: https://www.dumps-files.com/files/Identity-and-Access-Management-Designer/ (196 New Questions)