This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Sat Apr 5 23:59:51 2025 / +0000 GMT ___________________________________________________ Title: ValidBraindumps Identity-and-Access-Management-Designer Dumps Real Exam Questions Test Engine Dumps Training [Q70-Q89] --------------------------------------------------- ValidBraindumps Identity-and-Access-Management-Designer Dumps Real Exam Questions Test Engine Dumps Training Salesforce Identity-and-Access-Management-Designer exam dumps and online Test Engine For more info visit: Identity-and-Access-Management-Designer Exam Reference What is the duration of the Identity-and-Access-Management-Designer Exam Passing Score: 65%Format: Multiple choices, multiple answersLength of Examination: 120 minutesNumber of Questions: 60   Q70. Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?  Neithersp – nor IDP – initiated SSO will work  Either sp – or IDP – initiated SSO will work  IDP – initiated SSO will not work  Sp-Initiated SSO will not work Q71. Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow the employees to post ideas from the Employee portal. When clicking some links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with relevant pages.What scope should be requested when using the OAuth token to meet this requirement?  web  api  Visualforce  full ExplanationQ72. A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:1. User Authenticates and Authorizes Access2. Request an Access Token3. Salesforce Grants an Access Token4. Request an Authorization Code5. Salesforce Grants Authorization CodeWhat is the correct sequence for the authorization flow?  1, 4, 5, 2, 3  4, 1, 5, 2, 3  2, 1, 3, 4, 5  4,5,2, 3, 1 Q73. The security team at Universal Containers has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.For all other uses of Salesforce, users should be allowed to use AD credentials or Salesforce credentials.What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?  Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically add or remove a Permission Set that grants the Export Reports permission.  Use SAML Federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.  Use SAML Federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports permission.  Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session. Q74. architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers  The Identity Provider is also used to SSO into five other applications.  The clock on the Identity Provider server is twenty minutes behind Salesforce.  The Issuer Certificate from the Identity Provider expired two weeks ago.  The default language for the Identity Provider and Salesforce are Different. Q75. A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the “Authentication Method Reference” field (AMR) in the Login History can help.Which two considerations should the architect keep in mind?Choose 2 answers  AMR field shows the authentication methods used at IdP.  Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.  High-assurance sessions must be configured under Session Security Level Policies.  Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP. Q76. Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?  Associate user profiles with the connected Apps.  Complete my domain and Identity provider setup.  Create connected apps for the external applications.  Complete single Sign-on settings in security controls.  Create named credentials for each external system. Q77. Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers  Disallow the use of single Sign-on for any users of the mobile app.  Require high assurance sessions in order to use the connected App  Use Google Authenticator as an additional part of the logical processes.  Set login IP ranges to the internal network for all of the app users profiles. Q78. Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.Which approach will meet this requirement?  Create tasks for users who need to update their data or accept the new community rules.  Create a custom landing page and email campaign asking all community members to login and verify their data.  Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.  Add a banner to the community Home page asking users to update their profile and accept the new community rules. Q79. Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.Which two mechanisms are used to provision agents with the appropriate permissions?Choose 2 answers  Use Login Flow in User Context to update role and permission sets.  Use Login Flow in System Context to update role and permission sets.  Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.  Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets. Q80. Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers  Use the salesforce REST API to sync users from active directory to salesforce  Use an app exchange product to sync users from Active Directory to salesforce.  Use Active Directory Federation Services to sync users from active directory to salesforce.  Use Identity connect to sync users from Active Directory to salesforce Q81. Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers  Disallow the use of Single Sign-on for any users of the mobile app.  Require High Assurance sessions in order to use the Connected App.  Set Login IP Ranges to the internal network for all of the app users Profiles.  Use Google Authenticator as an additional part of the login process Q82. Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.What type of authentication flow is required to support deep linking’  Web Server OAuth SSO flow  Service-Provider-Initiated SSO  Identity-Provider-initiated SSO  StartURL on Identity Provider Q83. Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.What role combination is represented by the systems in this scenario”  Financial System and CPQ System are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are the only Service Providers.  Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.  Salesforce Org1 and PingFederate are acting as Identity Providers. Q84. A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.Once enabled, what role will Salesforce play?  Facebook and Linkedln will be the SPs.  Salesforce will be the service provider (SP).  Salesforce will be the identity provider (IdP).  Facebook and Linkedln will act as the IdPs and SPs. Q85. Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?  Access Tokens  Mobile pins  Refresh Tokens  Scopes Q86. Northern Trail Outfitters (NTO) is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page.The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.Which approach should the identity architect recommend?  Create a full sandbox to replicate the portal site and update the branding accordingly.  Implement Experience ID in the code and extend the URLs and endpomts, as required.  Use Heroku to build the new brand site and embedded login to reuse identities.  Configure an additional community site on the same org that is dedicated for the new brand. Q87. Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform will be written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?  Identity Licence.  Salesforce Licence.  External Identity Licence.  Salesforce Platform Licence. Q88. Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it’s users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?  Configure the main salesforce org as an Authentication provider.  Configure the main salesforce org as the Identity provider.  Configure the regional salesforce orgs as Identity Providers.  Configure the main Salesforce org as a service provider. Q89. A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:1. They plan to implement Partner communities to provide access to their partner network .2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.4. They would like to provide a single login for their partners.How should an Identity Architect solution this requirement with limited custom development?  Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.  Consolidate Partner related information in a single org and provide access through Salesforce community.  Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.  Register partners in one org and access information from other orgs using APIs.  Loading … Salesforce Identity-and-Access-Management-Designer: Selling Salesforce Identity and Access Management Designer Products and Solutions: https://www.validbraindumps.com/Identity-and-Access-Management-Designer-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-06-12 16:22:12 Post date GMT: 2022-06-12 16:22:12 Post modified date: 2022-06-12 16:22:12 Post modified date GMT: 2022-06-12 16:22:12