Rebirth Identity-and-Access-Management-Designer Free Exam Questions For Salesforce Certified Identity And Access Management Designer (SP19) Certification

NEW QUESTION 1
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

• A. Configure the Embedded Web Browser to use My Domain URL.
• B. Configure the Salesforce1 App to use the MY Domain URL.
• C. Use the existing SAML-SSO flow along with User Agent Flow.
• D. Use the existing SAML SSO flow along with Web Server Flow.

Answer: BC

NEW QUESTION 2
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

• A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
• B. Create separate login flows corresponding to the different community user personas.
• C. Modify the Community pages to utilize specific fields on the User and Contact records.
• D. Modify the existing Communities registration controller to assign different profiles.

Answer: C

NEW QUESTION 3
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

• A. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
• B. The user has not configured the salesforce1 mobile app to use my domain for login
• C. The "Redirect to identity provider" option has not been selected the SAML configuration.
• D. The user has not been granted the "Enable single Sign-on" permission

Answer: B

NEW QUESTION 4
A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend? Choose 2 answers

• A. Implement Auth.SamlJitHandler Interface.
• B. Create and update methods.
• C. Implement RegistrationHandler Interface.
• D. Implement SesslonManagement Class.

Answer: AB

NEW QUESTION 5
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

• A. RedirectURL
• B. RelayState
• C. DisplayState
• D. StartURL

Answer: B

NEW QUESTION 6
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

• A. Id
• B. Web
• C. Api
• D. Custom_permissions

Answer: D

NEW QUESTION 7
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

• A. Redirect_uri
• B. State
• C. Scope
• D. Callback_uri

Answer: A

NEW QUESTION 8
Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

• A. Add the Employee portals IP address to the Trusted IP range for the connected App
• B. Use a digital certificate signed by the employee portal Server.
• C. Add the employee portals IP address to the login IP range on the user profile.
• D. Use a dedicated profile for the user the Employee portal uses.

Answer: A

NEW QUESTION 9
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

• A. User-Agent
• B. IDP-initiated
• C. Sp-Initiated
• D. Web server

Answer: B

NEW QUESTION 10
Under which scenario Web Server flow will be used?

• A. Used for web applications when server-side code needs to interact with APIS.
• B. Used for server-side components when page needs to be rendered.
• C. Used for mobile applications and testing legacy Integrations.
• D. Used for verifying Access protected resources.

Answer: A

NEW QUESTION 11
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

• A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
• B. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
• C. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
• D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Answer: D

NEW QUESTION 12
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: C

NEW QUESTION 13
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

• A. Check the Refresh Token policy defined in the Salesforce Connected App.
• B. Validate that the users are checking the box to remember their passwords.
• C. Verify that the Callback URL is correctly pointing to the new URI Scheme.
• D. Confirm that the access Token's Time-To-Live policy has been set appropriately.

Answer: A

NEW QUESTION 14
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

• A. The Identity Provider is also used to SSO into five other applications.
• B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
• C. The Issuer Certificate from the Identity Provider expired two weeks ago.
• D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC

NEW QUESTION 15
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

• A. As part of the body of a Salesforce Knowledge article.
• B. In the mobile navigation menu on Salesforce for Android.
• C. The sidebar of a Salesforce Console as a console component.
• D. Included in the Call Control Tool that's part of Open CTI.

Answer: AC

NEW QUESTION 16
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers

• A. Activate My Domain to Brand each org to the specific business use case.
• B. Implement SP-Initiated Single Sign-on flows to allow deep linking.
• C. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
• D. Implement Delegated Authentication from each org to the LDAP provider.

Answer: AB

NEW QUESTION 17
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

• A. My domain is configured and active within salesforce.
• B. The salesforce SSO settings are using http post
• C. The identity provider is correctly preserving the Relay state
• D. The users have the correct Federation ID within salesforce.

Answer: C

NEW QUESTION 18
......