[Q84-Q100] Exam Identity-and-Access-Management-Designer Realistic Dumps Verified Questions Free [Jan 13, 2024]

Exam Identity-and-Access-Management-Designer Realistic Dumps Verified Questions Free [Jan 13, 2024]

Valid Identity-and-Access-Management-Designer Dumps for Helping Passing Salesforce Exam!

Salesforce Identity-and-Access-Management-Designer is a certification exam designed for professionals who wish to demonstrate their expertise in identity and access management in Salesforce. Salesforce Certified Identity and Access Management Designer certification is ideal for individuals who have a strong background in Salesforce administration, security, and access control. Identity-and-Access-Management-Designer exam focuses on measuring the candidate's ability to design, implement, and manage complex identity and access management solutions in a Salesforce environment.

 

NEW QUESTION # 84
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

• A. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
• B. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
• C. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
• D. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.

Answer: D

NEW QUESTION # 85
Universal containers (UC) would like to enable self - registration for their salesforcepartner community users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

• A. Modify the communitiesselfregcontroller to assign the profile and account.
• B. Configure registration for communities to use a custom visualforce page.
• C. Configure registrationfor communities to use a custom apex controller.
• D. Modify the selfregistration trigger to assign profile and account.

Answer: A,B

NEW QUESTION # 86
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65« set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

• A. Either SP- or IdP-initiated SSO will work.
• B. Neither SP- nor IdP-initiated SSO will work.
• C. SP-initiated SSO will NOT work
• D. IdP-initiated SSO will NOT work.

Answer: B

NEW QUESTION # 87
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

• A. The default Client Certificate or a Certificate from Certificate and Key Management menu.
• B. The default Client Certificate from the Develop--> API Menu.
• C. The CA-Signed Certificate from the Certificate and Key Management menu.
• D. The Self-Signed Certificates from the Certificate & Key Management menu.

Answer: B

NEW QUESTION # 88
which three are features of federated Single Sign-on solutions? Choose 3 answers

• A. It enables quick and easy provisioning and deactivating of users.
• B. It improves affiliated applications adoption rates.
• C. It solves all identity and access management problems.
• D. It federates credentials control to authorized applications.
• E. It establishes trust between Identity store and service provider.

Answer: A,C,E

NEW QUESTION # 89
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

• A. The my domain capability is not enabled on the new user's profile.
• B. The Federation ID field on the new user records is not correctly set
• C. The administrator forgot to reset the new user's salesforce password.
• D. The new users do not have the SSO permission enabled on their profiles.

Answer: B

NEW QUESTION # 90
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• C. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• D. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.

Answer: B

NEW QUESTION # 91
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

• A. Users creating simple-to-guess password reset questions.
• B. Users choosing passwords that are the same as their Facebook password.
• C. Users leaving laptops unattended and not logging out of Salesforce.
• D. Users accessing Salesforce from a public Wi-Fi access point.

Answer: B,D

NEW QUESTION # 92
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

• A. Api
• B. Id
• C. Web
• D. Custom_permissions

Answer: D

NEW QUESTION # 93
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• A. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
• B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• C. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
• D. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.

Answer: B,C

NEW QUESTION # 94
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• C. Use SAML federatedAuthentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D. Use SAML Federated Authentication andblock access to reports when accessed through a Standard Assurance session.

Answer: C

NEW QUESTION # 95
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

• A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
• B. Modify the existing Communities registration controller to assign different profiles.
• C. Modify the Community pages to utilize specific fields on the User and Contact records.
• D. Create separate login flows corresponding to the different community user personas.

Answer: B

NEW QUESTION # 96
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow the employees to post ideas from the Employee portal. When clicking some links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with relevant pages.
What scope should be requested when using the OAuth token to meet this requirement?

• A. api
• B. full
• C. Visualforce
• D. web

Answer: D

Explanation:
Explanation

NEW QUESTION # 97
Universal Containers built a custom mobile app for their field reps to create orders in Salesforce. OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.
What should the logout function perform in this scenario, where user sessions are refreshed automatically?

• A. Clear out the client Id to stop auto session refresh.
• B. Invoke the revocation URL and pass the refresh token.
• C. Invoke the revocation URL and pass the access token.
• D. Clear out all the tokens to stop auto session refresh.

Answer: B

NEW QUESTION # 98
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

• A. Salesforce Username
• B. Federation ID
• C. User Full Name
• D. Salesforce User ID
• E. User Email Address

Answer: B,C,E

NEW QUESTION # 99
Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled "User Provisioning" on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

• A. The Approval queue for User Provisioning Requests is unmonitored.
• B. User Provisioning for Connected Apps does not support role sync.
• C. Required operation(s) was not mapped in User Provisioning Settings.
• D. Salesforce roles have more than three levels in the role hierarchy.

Answer: B

NEW QUESTION # 100
......

Salesforce Certified Identity and Access Management Designer certification exam is designed to test the candidate's knowledge and skills in areas such as Salesforce security models, identity management, access controls, and authentication and authorization mechanisms. Identity-and-Access-Management-Designer exam covers topics such as user management, role hierarchy, profiles, permission sets, single sign-on, multi-factor authentication, and more.

 

Identity-and-Access-Management-Designer Exam Dumps For Certification Exam Preparation: https://prep4sure.examtorrent.com/Identity-and-Access-Management-Designer-exam-papers.html