Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Dumps and Certification Test Engine [Q113-Q136]

(PDF) Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam and Certification Test Engine

Use Identity-and-Access-Management-Designer Exam Dumps (2022 PDF Dumps) To Have Reliable Identity-and-Access-Management-Designer Test Engine

Difficulty in writing Identity-and-Access-Management-Designer Exam

This is exam is very difficult for those candidates who don’t practice during preparation and candidates need a lab for practicing. Then practical exposure is much required to understand the contents of the exam. So, if anyone is associated with some kinds of an organization where he has opportunities to practice but if you can’t afford the lab and don’t have time to practice. So, BraindumpsVCE is the solution to this problem. We provide the best Salesforce Identity-and-Access-Management-Designer dumps and practice test for your preparation. Salesforce Identity-and-Access-Management-Designer dumps to ensure your success in the Salesforce Identity-and-Access-Management-Designer Certification Exam at first attempt. Our Salesforce Identity-and-Access-Management-Designer dumps are updated on regular basis. BraindumpsVCE has given option to download some test papers questions in PDF format, alongwith, this candidates can practice test papers online using our test engine. BraindumpsVCE provides verified questions with answers which you can expect in the exam. So, it makes easier for candidates to clear it in the first attempt itself..

Certification Path

There is no prerequisite for this exam.

 

NEW QUESTION 113
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

• A. Configure an authentication provider and a registration handler for each social sign-on provider.
• B. Configure a single sign-on setting and a registration handler for each social sign-on provider.
• C. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
• D. Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Answer: A

 

NEW QUESTION 114
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

• A. Web applications with no passwords are more secure and stronger against attacks.
• B. SAML tokens can be in XML or JSON format and can be used interchangeably.
• C. Trust relationships between Identity Provider and Service Provider are required.
• D. Access tokens are used to access resources on the server once the user is authenticated.
• E. Centralized federation provides single point of access, control and auditing.

Answer: C,D,E

 

NEW QUESTION 115
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers willutilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

• A. UseSAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
• B. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML toallow SSO.
• C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
• D. Use anightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.

Answer: A

 

NEW QUESTION 116
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

• A. Confirm performance considerations with Salesforce Customer Support due to high peaks.
• B. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
• C. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
• D. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.

Answer: A

 

NEW QUESTION 117
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

• A. Use information in the Signed Request that is received from Facebook.
• B. Use the updateUser() method on the Registration Handler class.
• C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
• D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Answer: B

 

NEW QUESTION 118
Which two statements are capable of Identity Connect? Choose 2 answers

• A. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
• B. Synchronization of Salesforce Permission Set Licence Assignments.
• C. Support multiple orgs connecting to multiple Active Directory servers.
• D. Automated user synchronization and de-activation.

Answer: A,B

 

NEW QUESTION 119
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

• A. Use information in the signed Request that is received from facebook.
• B. Use the updateUser method on the registration Handler Class.
• C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
• D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Answer: B

 

NEW QUESTION 120
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups.
Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

• A. Use an app exchange product to sync users from Active Directory to salesforce.
• B. Use Active Directory Federation Services to sync users from active directory to salesforce.
• C. Use the salesforce REST API to sync users from active directory to salesforce
• D. Use Identity connect to sync users from Active Directory to salesforce

Answer: A,D

 

NEW QUESTION 121
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
1. Enter a phone number and/or email address
2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?

• A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
• B. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
• C. Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.
• D. Create an Authentication provider and implement a self-registration handler class.

Answer: B

 

NEW QUESTION 122
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the Community.
Which two actions should an Architect recommend UC to take? (Choose two.)

• A. Configure an Authentication Provider for LinkedIn social media accounts.
• B. Configure SSO settings for Facebook to serve as a SAML Identity Provider.
• C. Create a custom Apex Registration Handler to handle new and existing users.
• D. Use Delegated Authentication to call the Twitter login API to authenticate users.

Answer: A,C

 

NEW QUESTION 123
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

• A. Configure SAML SSO settings.
• B. Set up My Domain.
• C. Create a Connected App.
• D. Configure Delegated Authentication.

Answer: A,B

 

NEW QUESTION 124
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

• A. Lock sessions to the IP address from which they originated.
• B. Increase Password complexity requirements in Salesforce.
• C. Implement Single Sign-on using a corporate Identity store.
• D. Use the Salesforce Authenticator mobile app with two-step verification

Answer: A

 

NEW QUESTION 125
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

• A. Require users to enter a second password after the first Authentication
• B. Require users to supply their email and phone number, which gets validated.
• C. Require users to provide their RSA token along with their credentials.
• D. Require users to use a biometric reader as well as their password

Answer: C,D

 

NEW QUESTION 126
Universal containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to salesforce to upload the e-signatures as a file attachment and uses Oauth protocol for both Authentication and authorization. What is the most recommended and secure Oauth scope setting that an architect should recommend?

• A. Id
• B. Custom_permissions
• C. Web
• D. API

Answer: D

 

NEW QUESTION 127
Universal containers (UC) would like to enable self - registration for their salesforce partner community users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

• A. Modify the communitiesselfregcontroller to assign the profile and account.
• B. Modify the selfregistration trigger to assign profile and account.
• C. Configure registration for communities to use a custom visualforce page.
• D. Configure registration for communities to use a custom apex controller.

Answer: A,C

 

NEW QUESTION 128
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

• A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
• B. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
• C. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
• D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

 

NEW QUESTION 129
Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

• A. Configure the main salesforce org as an Authentication provider.
• B. Configure the main Salesforce org as a service provider.
• C. Configure the regional salesforce orgs as Identity Providers.
• D. Configure the main salesforce org as the Identity provider.

Answer: D

 

NEW QUESTION 130
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

• A. Refresh Token
• B. Authentication Token
• C. Session ID
• D. Access Token

Answer: A,D

 

NEW QUESTION 131
Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

• A. Implement an OAuth JWT flow to pass the profile credentials between systems.
• B. Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.
• C. Implement Delegated Authentication that will update the user profiles as necessary.
• D. Create an Apex scheduled job in one org that will synchronize the other org's profiles.

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 132
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

• A. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
• B. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
• C. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
• D. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.

Answer: D

 

NEW QUESTION 133
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

• A. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
• B. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
• C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
• D. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA

Answer: A

 

NEW QUESTION 134
Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

• A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
• B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
• C. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
• D. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.

Answer: D

 

NEW QUESTION 135
Universal Containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use Salesforce Ideas and provide the ability for employees to post ideas from the company portal. They use SAML-based SSO to get into the Company portal and would like to leverage it to access Salesforce. Most of the users don't exist in Salesforce and they would like the user records created in Salesforce Communities the first time they try to access Salesforce.
What recommendation should an Architect make to meet this requirement?

• A. Use Identity Connect to sync users.
• B. Use On-the-Fly provisioning.
• C. Use Just-in-Time provisioning.
• D. Use Salesforce APIs to create users on the fly.

Answer: C

 

NEW QUESTION 136
......

How to book the Identity-and-Access-Management-Designer Exam

These are following steps for registering the Identity-and-Access-Management-Designer Exam. Step 1: Visit to Webassessor Exam Registration Step 2: Signup/Login to Webassessor Step 3: Select the onsite proctored or online proctored delivery method of Certification Exam Step 4: Select Date, time and confirm with a payment method

For more information, please click here.

 

Identity-and-Access-Management-Designer Dumps Full Questions with Free PDF Questions to Pass: https://www.braindumpsvce.com/Identity-and-Access-Management-Designer_exam-dumps-torrent.html

Identity-and-Access-Management-Designer PDF Recently Updated Questions Dumps to Improve Exam Score: https://drive.google.com/open?id=1KzS4DroFpgFNU4GzeF43bkPABwlyG2q1