This page was exported from Valid Premium Exam [ http://premium.validexam.com ] Export date:Mon Feb 24 12:34:34 2025 / +0000 GMT ___________________________________________________ Title: [Oct 31, 2023] Get Unlimited Access to Identity-and-Access-Management-Designer Certification Exam Cert Guide [Q66-Q84] --------------------------------------------------- [Oct 31, 2023] Get Unlimited Access to Identity-and-Access-Management-Designer Certification Exam Cert Guide Reliable Study Materials for Identity-and-Access-Management-Designer Exam Success For Sure Salesforce Identity and Access Management Designer certification is a highly sought-after credential that validates one's expertise in designing and implementing secure, scalable, and user-friendly identity and access management solutions on the Salesforce platform. Salesforce Certified Identity and Access Management Designer certification exam is designed for professionals who have a deep understanding of Salesforce's identity and access management architecture, including authentication, authorization, and user management. Salesforce Certified Identity and Access Management Designer credential is highly sought after by organizations that use Salesforce as their primary CRM platform. Salesforce Certified Identity and Access Management Designer certification demonstrates to potential employers that the candidate has the skills and expertise needed to design and implement secure and scalable IAM solutions within the Salesforce ecosystem. Salesforce Certified Identity and Access Management Designer certification provides a competitive advantage in the job market and opens up new career opportunities for IT professionals.   QUESTION 66The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)  JWT Bearer Token  Web Server  Username-Password  User-Agent QUESTION 67A group of users try to access one of Universal Containers’ Connected Apps and receive the following error message: ” Failed: Not approved for access.” What is the most likely cause of this issue?  The Connected App settings “All users may self-authorize” is enabled.  The Salesforce Administrators have revoked the OAuth authorization.  The Users do not have the correct permission set assigned to them.  The User of High Assurance sessions are required for the Connected App. QUESTION 68Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?  The “Redirect to Identity Provider” option has been selected in the my domain configuration.  The user has not configured the salesforce1 mobile app to use my domain for login  The “Redirect to identity provider” option has not been selected the SAML configuration.  The user has notbeen granted the “Enable single Sign-on” permission QUESTION 69A real estate company wants to provide its customers a digital space to design their interior decoration options. To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).Which two recommendations should the Salesforce IAM architect make to the IT Lead?Choose 2 answers  Use declarative registration handler process builder/flow to create, update users and contacts.  Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.  For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.  Apex coding skills are needed for registration handler to create and update users. QUESTION 70Universal Container’s (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.Which two options should be utilized in creating an authentication provider?Choose 2 answers  A custom registration handier can be set.  A custom error URL can be set.  The default login user can be set.  The default authentication provider certificate can be set. QUESTION 71Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?  Customer Community license  Identity license  Customer Community Plus license  External Identity license QUESTION 72Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.How should the combined companys’ employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?  Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.  Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.  Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.  Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button. QUESTION 73Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65* set up My Domain for their Salesforce org.How does that decision impact their SSO implementation?  IdP-initiated SSO will NOT work.  Neither SP- nor IdP-initiated SSO will work.  Either SP- or IdP-initiated SSO will work.  SP-initiated SSO will NOT work QUESTION 74Universal Containers is setting up their Customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default Account record.What will happen when customers self-register in the Community?  The self-registration process will produce an error to the user.  The self-registration process will create a Person Account record.  The self-registration page will create a new Account record.  The self-registration page will ask users to select an Account. QUESTION 75Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).Which three OAuth concepts apply to this flow?Choose 3 answers  Verification URL  Client Secret  Access Token  Scopes QUESTION 76Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?  Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.  Build an integration that queries LDAP periodically and creates new active users in Salesforce.  Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.  Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.QUESTION 77Universal Container’s (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.Which of the following license types should be used to meet the requirement?  External Apps License  Partner Community License  Partner Community Login License  Customer Community plus Login License QUESTION 78Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers  Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC’s IdP.  Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.  Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.  Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp. QUESTION 79The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?  Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.  Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.  Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.  Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission. QUESTION 80Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financialsystem, and CPQ system. Below is the SSO implementation landscape.What role combination is represented by the systems in this scenario”  Financial System and CPQ System are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.  Salesforce Org1 and PingFederate are acting as Identity Providers. QUESTION 81Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.Which Salesforce license should UC utilize to implement this use case?  Identity Only  Salesforce Platform  External Identity  Partner Community QUESTION 82Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.How should an identity architect implement this requirement?  Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.  Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.  Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.  Make a callout during the login flow to query department from Active Directory to assign the appropriate profile. QUESTION 83universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.What would be the recommended solution to grant mobile app access to sales users?  Use a custom attribute on the user object to control access to the mobile app  Use connected apps Oauth policies to restrict mobile app access to authorized users.  Use the permission set license to assign the mobile app permission to sales users  Add a new identity provider to authenticate and authorize mobile users. QUESTION 84Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?  Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.  Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.  Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.  Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.  Loading … New Salesforce Identity-and-Access-Management-Designer Dumps & Questions: https://www.validexam.com/Identity-and-Access-Management-Designer-latest-dumps.html --------------------------------------------------- Images: https://premium.validexam.com/wp-content/plugins/watu/loading.gif https://premium.validexam.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-10-31 16:55:42 Post date GMT: 2023-10-31 16:55:42 Post modified date: 2023-10-31 16:55:42 Post modified date GMT: 2023-10-31 16:55:42