• Home
  • Articles
  • [Jan-2022 Newly Released] Identity-and-Access-Management-Designer Dumps for Salesforce Identity and Access Management Designer Certified [Q15-Q40]

[Jan-2022 Newly Released] Identity-and-Access-Management-Designer Dumps for Salesforce Identity and Access Management Designer Certified [Q15-Q40]

Share

[Jan-2022 Newly Released] Identity-and-Access-Management-Designer Dumps for Salesforce Identity and Access Management Designer Certified

Updated Verified Identity-and-Access-Management-Designer dumps Q&As - 100% Pass


What is the duration of the Identity-and-Access-Management-Designer Exam

  • Number of Questions: 60
  • Length of Examination: 120 minutes
  • Format: Multiple choices, multiple answers
  • Passing Score: 65%

 

NEW QUESTION 15
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

  • A. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
  • B. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
  • C. Use the Activations feature to meet the compliance requirement to track device information.
  • D. Use the Login History object to track information about devices from which users log in.

Answer: C

 

NEW QUESTION 16
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

  • A. Modify the communitiesselfregcontroller to assign the profile and account.
  • B. Modify the selfregistration trigger to assign profile and account.
  • C. Configure registration for communities to use a custom visualforce page.
  • D. Configure registration for communities to use a custom apex controller.

Answer: A,C

 

NEW QUESTION 17
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

  • A. Require High Assurance sessions in order to use the Connected App.
  • B. Set Login IP Ranges to the internal network for all of the app users Profiles.
  • C. Disallow the use of Single Sign-on for any users of the mobile app.
  • D. Use Google Authenticator as an additional part of the login process

Answer: A,B

 

NEW QUESTION 18
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

  • A. Develop a schedule job that calls out to Facebook on a nightly basis.
  • B. Use SAML just-in-time provisioning between Facebook and Salesforce
  • C. Use the updateuser() method on the registration handler class.
  • D. Use information in the signed request that is received from Facebook.

Answer: C

 

NEW QUESTION 19
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

  • A. The app is requesting too many access Tokens in a 24-hour period
  • B. The refresh token expiration policy is set incorrectly in salesforce
  • C. The users forget to check the box to remember their credentials.
  • D. The Oauth authorizations are being revoked by a nightly batch job.

Answer: B

 

NEW QUESTION 20
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

  • A. Configure SAML SSO settings.
  • B. Set up My Domain.
  • C. Create a Connected App.
  • D. Configure Delegated Authentication.

Answer: A,B

 

NEW QUESTION 21
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • B. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
  • C. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: A

 

NEW QUESTION 22
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

  • A. Add an Apex callout in the registration handler of the authorization provider.
  • B. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.
  • C. Use JIT Provisioning to automatically create the account in the accounting system.
  • D. Create a custom application on Heroku that manages the sign-on process from Facebook.

Answer: A

 

NEW QUESTION 23
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

  • A. Configure the Salesforce1 App to use the MY Domain URL.
  • B. Use the existing SAML SSO flow along with Web Server Flow.
  • C. Use the existing SAML-SSO flow along with User Agent Flow.
  • D. Configure the Embedded Web Browser to use My Domain URL.

Answer: A,C

 

NEW QUESTION 24
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

  • A. Use information in the Signed Request that is received from Facebook.
  • B. Use the updateUser() method on the Registration Handler class.
  • C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Answer: B

 

NEW QUESTION 25
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

  • A. The User of High Assurance sessions are required for the Connected App.
  • B. The Connected App settings "All users may self-authorize" is enabled.
  • C. The Users do not have the correct permission set assigned to them.
  • D. The Salesforce Administrators have revoked the OAuth authorization.

Answer: C

 

NEW QUESTION 26
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Twitter.
  • B. Create a custom external authentication provider for Facebook.
  • C. Configure a predefined authentication provider for Facebook.
  • D. Create a custom external authentication provider for Twitter.

Answer: A,C

 

NEW QUESTION 27
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

  • A. Login Report
  • B. Login Inspector
  • C. Login History
  • D. Login Forensics

Answer: D

 

NEW QUESTION 28
Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty dat a. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers

  • A. Primarily use lookup and picklist fields on the self registration page.
  • B. Require a captcha at the end of the self-registration process.
  • C. Use open-ended security questions and complex password requirements
  • D. Use hidden fields populated via java script events in the self-registration page.

Answer: B,D

 

NEW QUESTION 29
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  • C. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

Answer: A

 

NEW QUESTION 30
Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:
How can this requirement be met?

  • A. Use information in the signed Request that is received from facebook.
  • B. Use the updateUser method on the registration Handler Class.
  • C. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
  • D. Develop a scheduled job that calls out to Facebook on a nightly basis.

Answer: B

 

NEW QUESTION 31
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

  • A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
  • B. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
  • C. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
  • D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer: D

 

NEW QUESTION 32
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.
The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

  • A. External Identity license
  • B. Customer Community license
  • C. Identity license
  • D. Customer Community Plus license

Answer: A

 

NEW QUESTION 33
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

  • A. Run registration handler on incoming OAuth responses.
  • B. Call SOAP API upsertQ on user object.
  • C. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
  • D. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

Answer: A

 

NEW QUESTION 34
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

  • A. Web
  • B. full
  • C. Refresh token
  • D. API

Answer: C,D

 

NEW QUESTION 35
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?

  • A. Neithersp - nor IDP - initiated SSO will work
  • B. IDP - initiated SSO will not work
  • C. Either sp - or IDP - initiated SSO will work
  • D. Sp-Initiated SSO will not work

Answer: D

 

NEW QUESTION 36
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  • A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
  • B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
  • C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  • D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Answer: C

 

NEW QUESTION 37
How should an Architect force users to authenticate with Two-factor Authentication(2FA) for Salesforce only when not connected to an internal company network?

  • A. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
  • B. Add the company's list of network IP addresses to the Login Range list under 2FA Setup.
  • C. Apply the "Two-factor Authentication for User Interfae Logins" permission and Login IP Ranges for all Profiles.
  • D. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA in needed.

Answer: C

 

NEW QUESTION 38
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

  • A. Entity id
  • B. Identity provider login URL
  • C. Issuer
  • D. SAML identity location

Answer: A

 

NEW QUESTION 39
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

  • A. Identity Connect will only support SP-initiated SAML flows in UC's current environment.
  • B. Identity connect is not compatible with UC's current identity environment.
  • C. Identity Connect will not support user provisioning in UC's current environment.
  • D. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.

Answer: C

 

NEW QUESTION 40
......


The benefit in Obtaining the Identity-and-Access-Management-Designer Exam Certification

  • A candidate might have incredible IT skills. Employers that do the hiring need to make decisions based on limited information and as it always. When they view the official Salesforce Certified Identity and Access Management Designer certification, they can be guaranteed that a candidate has achieved a certain level of competence.
  • When an organization hiring or promotion an employee, then the decision is made by human resources. Now while Candidate may have an IT background, they do their decisions in a way that takes into record many different factors. One thing is candidates have formal credentials, such as the Salesforce Certified Identity and Access Management Designer.
  • After completing the Salesforce Certified Identity and Access Management Designer certification Candidate becomes a solid, well-rounded Salesforce Certified Identity and Access Management Designer.
  • If the Candidate has the desire to move up to a higher-paying position in an organization. This certification will help as always.

 

Latest Identity-and-Access-Management-Designer Exam Dumps Salesforce Exam from Training: https://passleader.briandumpsprep.com/Identity-and-Access-Management-Designer-prep-exam-braindumps.html

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Our website is aimed at relieving your pressure from heavy study load. Our Study Material offers you high-quality training material and will help you have a good knowledge of the actual test. Our website provides the best test engine with self-assessment features for enhanced progress.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsPrep NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy