
Latest Oct 26, 2023 Real Identity-and-Access-Management-Designer Exam Dumps Questions Valid Identity-and-Access-Management-Designer Dumps PDF
Salesforce Identity-and-Access-Management-Designer Exam Dumps - PDF Questions and Testing Engine
NEW QUESTION # 57
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers
- A. Create a custom external authentication provider for Facebook.
- B. Configure a predefined authentication provider for Facebook.
- C. Configure a predefined authentication provider for Twitter.
- D. Create a custom external authentication provider for Twitter.
Answer: B,C
NEW QUESTION # 58
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers
- A. The "edair_api" OAuth scope m the connected app.
- B. The "web" OAuth scope in the connected app,
- C. The "api" OAuth scope in the connected app.
- D. The Use Digital Signature option in the connected app.
Answer: C,D
NEW QUESTION # 59
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers willutilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?
- A. UseSAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
- B. Use anightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
- C. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML toallow SSO.
- D. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
Answer: A
NEW QUESTION # 60
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?
- A. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
- B. Use custom login flows with callouts to a third-party fingerprint scanning application.
- C. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
- D. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
Answer: B
NEW QUESTION # 61
A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?
- A. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
- B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.
- C. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
- D. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
Answer: B
NEW QUESTION # 62
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?
- A. Either sp - or IDP - initiated SSO will work
- B. Sp-Initiated SSO will not work
- C. Neithersp - nor IDP - initiated SSO will work
- D. IDP - initiated SSO will not work
Answer: B
NEW QUESTION # 63
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?
- A. Web
- B. Custom_permissions
- C. Api
- D. Id
Answer: B
NEW QUESTION # 64
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?
- A. An independent system, because Salesforce is not part of the SSO setup.
- B. Connected App, because Salesforce is connected with Employee portal via API.
- C. Service Provider, because Salesforce is the application for managing ideas.
- D. Identity Provider, because the API calls are authenticated by Salesforce.
Answer: A
NEW QUESTION # 65
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?
- A. Configure an OpenID Connect Authentication Provider for Amazon.
- B. Configure Amazon as a connected app.
- C. Configure a predefined authentication provider for Amazon.
- D. Create a custom external authentication provider for Amazon.
Answer: A
NEW QUESTION # 66
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers
- A. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
- B. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
- C. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
- D. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
Answer: A,C
NEW QUESTION # 67
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers
- A. Delegated Authentication is enabled or disabled for the entire Salesforce org.
- B. UC will be required to develop and support a custom SOAP web service.
- C. Salesforce users will be locked out of Salesforce if the web service goes down.
- D. The web service must reside on a public cloud service, such as Heroku.
Answer: A,D
NEW QUESTION # 68
Universal Containers (UC) wants to integrate a web application with Salesforce. The UC team has implemented the OAuth Web-Server Authentication Flow for authentication purposes.
Which two considerations should an Architect point out to UC? (Choose two.)
- A. The flow will NOT provide an OAuth Refresh Token back to the server.
- B. The web server must be able to protect consumer secret.
- C. The flow involves passing the user credentials back and forth.
- D. The web application should be hosted on a secure server.
Answer: B,D
NEW QUESTION # 69
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers
- A. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
- B. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
- C. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.
- D. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
Answer: A,D
NEW QUESTION # 70
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?
- A. The self-registration page will create a new account record.
- B. The self-registration process will produce an error to the user.
- C. The self-registration process will create a person Account record.
- D. The self-registration page will ask user to select an account.
Answer: B
NEW QUESTION # 71
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?
- A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
- B. Use the updateUser() method on the Registration Handler class.
- C. Develop a scheduled job that calls out to Facebook on a nightly basis.
- D. Use information in the Signed Request that is received from Facebook.
Answer: B
NEW QUESTION # 72
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?
- A. Use information in the signed Request that is received from facebook.
- B. Use the updateUser method on the registration Handler Class.
- C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
- D. Develop a scheduled job that calls out to Facebook on a nightly basis.
Answer: B
NEW QUESTION # 73
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?
- A. RelayState
- B. StartURL
- C. DisplayState
- D. RedirectURL
Answer: B
NEW QUESTION # 74
Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:
1. Enter a phone number and/or email address
2. Enter a verification code that is to be sent via email or text.
What is the recommended approach to fulfill this requirement?
- A. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.
- B. Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.
- C. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
- D. Create an Authentication provider and implement a self-registration handler class.
Answer: A
NEW QUESTION # 75
A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:
1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .
Which two options allow the Identity Architect to fulfill the requirements?
Choose 2 answers
- A. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
- B. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
- C. Redirect the user to a custom page that allows the user to select an existing social identity for login.
- D. Use the custom registration handler to link social identities to Salesforce identities.
Answer: A,D
NEW QUESTION # 76
......
Reliable Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Dumps PDF Oct 26, 2023 Recently Updated Questions: https://examboost.latestcram.com/Identity-and-Access-Management-Designer-exam-cram-questions.html
