Top Tips Of Down To Date Identity-and-Access-Management-Designer Free Question

NEW QUESTION 1
Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

• A. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
• B. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
• C. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
• D. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

Answer: D

NEW QUESTION 2
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

• A. Configure an authentication provider and a registration handler for each social sign-on provider.
• B. Configure a single sign-on setting and a registration handler for each social sign-on provider.
• C. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.
• D. Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Answer: A

NEW QUESTION 3
How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

• A. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
• B. Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
• C. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
• D. Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

Answer: A

NEW QUESTION 4
Universal Containers (UC) has a Customer Community that uses Facebook for of authentication. UC would like to ensure that changes in the Facebook profile are 65. reflected on the appropriate Customer Community user. How can this requirement be met?

• A. Use SAML Just-In-Time Provisioning between Facebook and Salesforce.
• B. Use information in the Signed Request that is received from Facebook.
• C. Develop a scheduled job that calls out to Facebook on a nightly basis.
• D. Use the updateUser() method on the Registration Handler class.

Answer: D

NEW QUESTION 5
Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

• A. Web Server flow with a Refresh Token.
• B. Mobile Agent flow with a Bearer Token.
• C. User Agent flow with a Refresh Token.
• D. SAML Assertion flow with a Bearer Token.

Answer: C

NEW QUESTION 6
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

• A. Google is the identity provider
• B. Salesforce is the identity provider
• C. Google is the service provider
• D. Salesforce is the service provider

Answer: D

NEW QUESTION 7
Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers

• A. Enable My Domain and select "Prevent login from https://login.salesforce.com".
• B. Request Salesforce Support to enable delegated authentication.
• C. Once SSO is enabled, users are only able to login using Salesforce credentials.
• D. Assign user "is Single Sign-on Enabled" permission via profile or permission set.

Answer: AD

NEW QUESTION 8
A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.
What should an Identity architect do to meet this requirement?

• A. Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
• B. Configure the company firewall to allow traffic from Salesforce IP ranges.
• C. Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
• D. Upload a third-party certificate from Salesforce into the on-premise server.

Answer: B

NEW QUESTION 9
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

• A. Configure a predefined authentication provider for Amazon.
• B. Create a custom external authentication provider for Amazon.
• C. Configure an OpenID Connect Authentication Provider for Amazon.
• D. Configure Amazon as a connected app.

Answer: C

NEW QUESTION 10
Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

• A. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
• B. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
• C. Provisioning API for both Provisioning and Deprovisioning.
• D. Just-in-Time (JIT) for both Provisioning and Deprovisioning.

Answer: D

NEW QUESTION 11
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement? Choose 3 answers

• A. Create an approval process for a custom object associated with the provisioning flow.
• B. Create a connected app for Concur in Salesforce.
• C. Enable User Provisioning for the connected app.
• D. Create an approval process for user object associated with the provisioning flow.
• E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.

Answer: BCE

NEW QUESTION 12
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

• A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
• B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
• C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
• D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce

Answer: B

NEW QUESTION 13
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: D

NEW QUESTION 14
A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:
* 1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
* 2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
* 3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
* 3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce.
Which two options allow the Identity Architect to fulfill the requirements? Choose 2 answers

• A. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
• B. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
• C. Redirect the user to a custom page that allows the user to select an existing social identity for login.
• D. Use the custom registration handler to link social identities to Salesforce identities.

Answer: BD

NEW QUESTION 15
Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

• A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
• B. Build a custom visualforce page for both the change password and Forgot password experiences.
• C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
• D. Build a community builder page for both the change password and Forgot password experiences.

Answer: BC

NEW QUESTION 16
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

• A. The Identity Provider can authenticate multiple applications.
• B. The Identity Provider can authenticate multiple social media accounts.
• C. The Identity provider can store credentials for multiple applications.
• D. The Identity Provider can centralize enterprise password policy.

Answer: AD

NEW QUESTION 17
Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

• A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
• B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
• C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.
• D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

Answer: B

NEW QUESTION 18
......