Updated Salesforce Certified Identity And Access Management Designer (SP19) Identity-and-Access-Management-Designer Free Dumps

NEW QUESTION 1
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

• A. My domain is configured and active within salesforce.
• B. The salesforce SSO settings are using http post
• C. The identity provider is correctly preserving the Relay state
• D. The users have the correct Federation ID within salesforce.

Answer: C

NEW QUESTION 2
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

• A. Authentication Token
• B. Session ID
• C. Refresh Token
• D. Access Token

Answer: CD

NEW QUESTION 3
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

• A. Require users to provide their RSA token along with their credentials.
• B. Require users to supply their email and phone number, which gets validated.
• C. Require users to enter a second password after the first Authentication
• D. Require users to use a biometric reader as well as their password

Answer: AD

NEW QUESTION 4
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

• A. Financial System and CPQ System are the only Service Providers.
• B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
• C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
• D. Salesforce Org1 and PingFederate are acting as Identity Providers.

Answer: D

NEW QUESTION 5
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

• A. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
• B. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
• C. Remove the Login page from the list of Authentication Services on the My Domain configuration.
• D. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

Answer: C

NEW QUESTION 6
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

• A. OAuth Refresh Token FLow
• B. OAuth Username-Password Flow
• C. OAuth SAML Bearer Assertion FLow
• D. OAuth JWT Bearer Token FLow

Answer: CD

NEW QUESTION 7
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

• A. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
• B. Use Login Flows to add a screen that shows personalized alerts.
• C. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
• D. Create custom metadata that stores user alerts and use a LWC to display alerts.

Answer: B

NEW QUESTION 8
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

• A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
• B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

Answer: BD

NEW QUESTION 9
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: D

NEW QUESTION 10
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a
Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

• A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
• B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
• C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
• D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

NEW QUESTION 11
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

• A. Use a professional social media such as LinkedIn as an Authentication provider
• B. Build a custom web page that uses the identity store and calls frontdoor.jsp
• C. Build a custom Web service that is supported by Delegated Authentication.
• D. Implement the Openid protocol and configure an Authentication provider

Answer: CD

NEW QUESTION 12
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?

• A. Web
• B. Full
• C. API
• D. Visualforce

Answer: A

NEW QUESTION 13
Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

• A. Add the Employee portals IP address to the Trusted IP range for the connected App
• B. Use a digital certificate signed by the employee portal Server.
• C. Add the employee portals IP address to the login IP range on the user profile.
• D. Use a dedicated profile for the user the Employee portal uses.

Answer: A

NEW QUESTION 14
An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.
Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

• A. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
• B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
• C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
• D. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.

Answer: A

NEW QUESTION 15
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers

• A. Create a custom external authentication provider for Facebook.
• B. Configure a predefined authentication provider for Facebook.
• C. Create a custom external authentication provider for Twitter.
• D. Configure a predefined authentication provider for Twitter.

Answer: BD

NEW QUESTION 16
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

• A. Modify the communitiesselfregcontroller to assign the profile and account.
• B. Modify the selfregistration trigger to assign profile and account.
• C. Configure registration for communities to use a custom visualforce page.
• D. Configure registration for communities to use a custom apex controller.

Answer: AC

NEW QUESTION 17
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

• A. The Identity Provider is also used to SSO into five other applications.
• B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
• C. The Issuer Certificate from the Identity Provider expired two weeks ago.
• D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC

NEW QUESTION 18
......