Salesforce-Certified-Identity-and-Access-Management-Designer Dumps Salesforce-Certified-Identity-and-Access-Management-Designer Braindumps Salesforce-Certified-Identity-and-Access-Management-Designer Real Questions Salesforce-Certified-Identity-and-Access-Management-Designer Practice Test Salesforce-Certified-Identity-and-Access-Management-Designer Actual Questions

Salesforce

Salesforce-Certified-Identity-and-Access-Management-Designer

Certified Identity and Access Management Designer

https://killexams.com/pass4sure/exam-detail/Salesforce-Certified-Identity-and-Access-Management-Designer

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system .

What is the most likely reason for this behaviour?

1. User Provisioning for Connected Apps does not support role sync.

2. Required operation(s) was not mapped in User Provisioning Settings.

3. The Approval queue for User Provisioning Requests is unmonitored.

4. Salesforce roles have more than three levels in the role hierarchy.

Answer: A

Question: 63

An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community . What portion of the authentication provider setup associates a Facebook user with a salesforce user?

1. Consumer key and consumer secret

2. Federation ID

3. User info endpoint URL

4. Apex registration handler

Answer: D

Question: 64

Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking?

1. Web Server OAuth SSO flow

2. Service-Provider-Initiated SSO

3. Identity-Provider-initiated SSO

4. StartURL on Identity Provider

Answer: B

Question: 65

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it’s users to be able to access them from their main Salesforce org seamless .

Which action should an architect recommend?

1. Configure the main salesforce org as an Authentication provider.

2. Configure the main salesforce org as the Identity provider.

3. Configure the regional salesforce orgs as Identity Providers.

4. Configure the main Salesforce org as a service provider.

Answer: B

Question: 66

Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC’s security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

1. Require the use of Salesforce security tokens on passwords.

2. Enforce mutual authentication between systems using SS

1. Include Client Id and Client Secret in the login header callout.

2. Set up a proxy service for the login service in the DM

Answer: A

Question: 67

Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username – password flow for the connection .

How can the connection to salesforce be restricted only to the employee portal server?

1. Add the Employee portals IP address to the Trusted IP range for the connected App

2. Use a digital certificate signed by the employee portal Server.

3. Add the employee portals IP address to the login IP range on the user profile.

4. Use a dedicated profile for the user the Employee portal uses.

Answer: A

Question: 68

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

1. Users leaving laptops unattended and not logging out of Salesforce.

2. Users accessing Salesforce from a public Wi-Fi access point.

3. Users choosing passwords that are the same as their Facebook password.

4. Users creating simple-to-guess password reset questions.

Answer: B,C

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app .

Which two are recommendations to make the UC? Choose 2 answers

1. Disallow the use of Single Sign-on for any users of the mobile app.

2. Require High Assurance sessions in order to use the Connected App.

3. Set Login IP Ranges to the internal network for all of the app users Profiles.

4. Use Google Authenticator as an additional part of the login process

Answer: B,D

Question: 70

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow? Choose 3 answers

1. Client ID

2. Refresh Token

3. Authorization Code

4. Verification Code

5. Scopes

Answer: A,B,E

Question: 71

Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC’s security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce .

What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

1. Include client ID and client secret in the login header callout.

2. Set up a proxy server for the login service in the DM

1. Require the use of Salesforce security Tokens on password.

2. Enforce mutual Authentication between systems using SS

Answer: C

Question: 72

Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app .

Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC’s Id

1. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

2. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

3. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

Answer: A,C

Question: 73

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

1. Google is the identity provider

2. Salesforce is the identity provider

3. Google is the service provider

4. Salesforce is the service provider

Answer: D

Question: 74

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

1. Google is the identity provider

2. Salesforce is the identity provider

3. Google is the service provider

4. Salesforce is the service provider

Answer: D

Question: 75

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

1. Use Custom Login Flows with Apex to detect the user’s IP address and prompt for 2FA if needed.

2. Add the list of company’s network IP addresses to the Login Range list under 2FA Setup.

3. Use an Apex Trigger on the User Login object to detect the user’s IP address and prompt for 2FA if needed.

4. Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

Answer: A

6$03/( 48(67,216

7KHVH TXHVWLRQV DUH IRU GHPR SXUSRVH RQO\ )XOO YHUVLRQ LV XS WR GDWH DQG FRQWDLQV DFWXDO TXHVWLRQV DQG DQVZHUV

.LOOH[DPV FRP LV DQ RQOLQH SODWIRUP WKDW RIIHUV D ZLGH UDQJH RI VHUYLFHV UHODWHG WR FHUWLILFDWLRQ H[DP SUHSDUDWLRQ 7KH SODWIRUP SURYLGHV DFWXDO TXHVWLRQV H[DP GXPSV DQG SUDFWLFH WHVWV WR KHOS LQGLYLGXDOV SUHSDUH IRU YDULRXV FHUWLILFDWLRQ H[DPV ZLWK FRQILGHQFH +HUH DUH VRPH NH\ IHDWXUHV DQG VHUYLFHV RIIHUHG E\ .LOOH[DPV FRP

$FWXDO ([DP 4XHVWLRQV .LOOH[DPV FRP SURYLGHV DFWXDO H[DP TXHVWLRQV WKDW DUH H[SHULHQFHG LQ WHVW FHQWHUV 7KHVH TXHVWLRQV DUH XSGDWHG UHJXODUO\ WR HQVXUH WKH\ DUH XS WR GDWH DQG UHOHYDQW WR WKH ODWHVW H[DP V\OODEXV %\ VWXG\LQJ WKHVH DFWXDO TXHVWLRQV FDQGLGDWHV FDQ IDPLOLDUL]H WKHPVHOYHV ZLWK WKH FRQWHQW DQG IRUPDW RI WKH UHDO H[DP

([DP 'XPSV .LOOH[DPV FRP RIIHUV H[DP GXPSV LQ 3') IRUPDW 7KHVH GXPSV FRQWDLQ D FRPSUHKHQVLYH FROOHFWLRQ RI TXHVWLRQV DQG DQVZHUV WKDW FRYHU WKH H[DP WRSLFV %\ XVLQJ WKHVH GXPSV FDQGLGDWHV FDQ HQKDQFH WKHLU NQRZOHGJH DQG LPSURYH WKHLU FKDQFHV RI VXFFHVV LQ WKH FHUWLILFDWLRQ H[DP

3UDFWLFH 7HVWV .LOOH[DPV FRP SURYLGHV SUDFWLFH WHVWV WKURXJK WKHLU GHVNWRS 9&( H[DP VLPXODWRU DQG RQOLQH WHVW HQJLQH 7KHVH SUDFWLFH WHVWV VLPXODWH WKH UHDO H[DP HQYLURQPHQW DQG KHOS FDQGLGDWHV DVVHVV WKHLU UHDGLQHVV IRU WKH DFWXDO H[DP 7KH SUDFWLFH WHVWV FRYHU D ZLGH UDQJH RI TXHVWLRQV DQG HQDEOH FDQGLGDWHV WR LGHQWLI\ WKHLU VWUHQJWKV DQG ZHDNQHVVHV

*XDUDQWHHG 6XFFHVV .LOOH[DPV FRP RIIHUV D VXFFHVV JXDUDQWHH ZLWK WKHLU H[DP GXPSV 7KH\ FODLP WKDW E\ XVLQJ WKHLU PDWHULDOV FDQGLGDWHV ZLOO SDVV WKHLU H[DPV RQ WKH ILUVW DWWHPSW RU WKH\ ZLOO UHIXQG WKH SXUFKDVH SULFH 7KLV JXDUDQWHH SURYLGHV DVVXUDQFH DQG FRQILGHQFH WR LQGLYLGXDOV SUHSDULQJ IRU FHUWLILFDWLRQ H[DPV

8SGDWHG &RQWHQW .LOOH[DPV FRP UHJXODUO\ XSGDWHV LWV TXHVWLRQ EDQN DQG H[DP GXPSV WR HQVXUH WKDW WKH\ DUH FXUUHQW DQG UHIOHFW WKH ODWHVW FKDQJHV LQ WKH H[DP V\OODEXV 7KLV KHOSV FDQGLGDWHV VWD\ XS WR GDWH ZLWK WKH H[DP FRQWHQW DQG LQFUHDVHV WKHLU FKDQFHV RI VXFFHVV

7HFKQLFDO 6XSSRUW .LOOH[DPV FRP SURYLGHV IUHH [ WHFKQLFDO VXSSRUW WR DVVLVW FDQGLGDWHV ZLWK DQ\ TXHULHV RU LVVXHV WKH\ PD\ HQFRXQWHU ZKLOH XVLQJ WKHLU VHUYLFHV 7KHLU FHUWLILHG H[SHUWV DUH DYDLODEOH WR SURYLGH JXLGDQFH DQG KHOS FDQGLGDWHV WKURXJKRXW WKHLU H[DP SUHSDUDWLRQ MRXUQH\

'PS .PSF FYBNT WJTJU IUUQT LJMMFYBNT DPN WFOEPST FYBN MJTU

.LOO \RXU H[DP DW )LUVW $WWHPSW *XDUDQWHHG