Login / Register   My Cart (0)

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

All Products Contact now
  • Home
  • Articles
  • Identity-and-Access-Management-Designer Exam Practice Questions prepared by Salesforce Professionals [Q136-Q160]

Identity-and-Access-Management-Designer Exam Practice Questions prepared by Salesforce Professionals [Q136-Q160]

Share

Identity-and-Access-Management-Designer Exam Practice Questions prepared by Salesforce Professionals

Use Valid New Identity-and-Access-Management-Designer Questions - Top choice Help You Gain Success


How much Identity-and-Access-Management-Designer Exam Cost

The price of the Salesforce Identity-and-Access-Management-Designer exam is $400 USD.

 

NEW QUESTION 136
universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team. What would be the recommended solution to grant mobile app access to sales users?

  • A. Use a custom attribute on the user object to control access to the mobile app
  • B. Add a new identity provider to authenticate and authorize mobile users.
  • C. Use connected apps Oauth policies to restrict mobile app access to authorized users.
  • D. Use the permission set license to assign the mobile app permission to sales users

Answer: C

 

NEW QUESTION 137
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

  • A. Select "Enable as a Canvas Personal App" in the connected app settings.
  • B. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
  • C. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
  • D. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

Answer: B,C

 

NEW QUESTION 138
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement?
Choose 2 answers

  • A. Require users to enter a second password after the first Authentication
  • B. Require users to provide their RSA token along with their credentials.
  • C. Require users to supply their email and phone number, which gets validated.
  • D. Require users to use a biometric reader as well as their password

Answer: C,D

 

NEW QUESTION 139
Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

  • A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.
  • B. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.
  • C. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.
  • D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

Answer: A,B

 

NEW QUESTION 140
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login.
What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

  • A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
  • B. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
  • C. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
  • D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Answer: A,C

 

NEW QUESTION 141
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

  • A. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
  • B. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
  • C. Use custom login flows with callouts to a third-party fingerprint scanning application.
  • D. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.

Answer: C

 

NEW QUESTION 142
Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?

  • A. Add the Employee portal's IP address to the Login IP range on the user profile.? May two answers
  • B. Use a digital certificate signed by the Employee portal server.
  • C. Use a dedicated profile for the user the Employee portal user.
  • D. Add the Employee portal's IP Address to the trusted IP range for the Connected App.

Answer: D

 

NEW QUESTION 143
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

  • A. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
  • B. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
  • C. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
  • D. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

Answer: D

 

NEW QUESTION 144
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • B. Use SAML Federated Authentication andblock access to reports when accessed through a Standard Assurance session.
  • C. Use SAML federatedAuthentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • D. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Answer: C

 

NEW QUESTION 145
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

  • A. Identity Verification Credits Add-on License
  • B. External Identity License
  • C. Identity Connect License
  • D. Identity Only License

Answer: D

 

NEW QUESTION 146
Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

  • A. Implement Delegated Authentication that will update the user profiles as necessary.
  • B. Implement an OAuth JWT flow to pass the profile credentials between systems.
  • C. Create an Apex scheduled job in one org that will synchronize the other org's profiles.
  • D. Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 147
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers

  • A. Identity license for sales users and Identity connect license for Marketing users
  • B. Salesforce license for sales users and External Identity license for Marketing users
  • C. Salesforce license for sales users and Identity license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

Answer: B,D

 

NEW QUESTION 148
What are threecapabilitiesof Delegated Authentication? Choose 3 answers

  • A. It can be assigned by Permission Sets.
  • B. It can be assigned by Custom Permissions.
  • C. It can connect to SOAP services.
  • D. It can connect to REST services.
  • E. It can be assigned by Profiles.

Answer: A,C,D

 

NEW QUESTION 149
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?

  • A. Identity Provider Login URL
  • B. Entity Id
  • C. SAML Identity Location
  • D. Issuer

Answer: B

 

NEW QUESTION 150
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  • B. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  • C. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
  • D. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.

Answer: D

 

NEW QUESTION 151
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
  • B. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  • C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • D. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.

Answer: D

 

NEW QUESTION 152
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

  • A. Create connected apps for the external applications.
  • B. Associate user profiles with the connected Apps.
  • C. Complete single Sign-on settings in security controls.
  • D. Create named credentials for each external system.
  • E. Complete my domain and Identity provider setup.

Answer: A,B,E

 

NEW QUESTION 153
Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.
What should be done to fulfill the requirement?
Choose 2 answers

  • A. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
  • B. Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion.
  • C. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
  • D. Setup Salesforce as an identity provider (IdP) for order Tracking.

Answer: A,D

 

NEW QUESTION 154
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use salesforce APIs to create users on the fly
  • B. Use just-in-time provisioning
  • C. Use on-the-fly provisioning
  • D. Use Identity connect to sync users

Answer: B

 

NEW QUESTION 155
A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa?
Choose 3 answers

  • A. username and password + SMS passcode
  • B. Username and password + secunty key
  • C. Certificate-based Authentication
  • D. Lightning Login
  • E. Third-party single sign-on with Mobile Authenticator app

Answer: B,D,E

 

NEW QUESTION 156
Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.
What should an identity architect do to fulfill this requirement?

  • A. Create a custom external authentication provider.
  • B. Use certificate-based authentication.
  • C. Contact Salesforce Support and enable delegate single sign-on.
  • D. Configure OpenID Connect authentication provider.

Answer: A

 

NEW QUESTION 157
An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

  • A. Ensure the Callback URL is correctly set in the Connected Apps settings.
  • B. Use the browser's Development tools to view the Salesforce page's markup.
  • C. Use a browser that has an add-on/extension that can inspect SAML.
  • D. Paste the SAML Assertion Validator in Salesforce.

Answer: C,D

 

NEW QUESTION 158
A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

  • A. Setup Salesforce as an Authentication Provider to the existing IdP.
  • B. Use Salesforce connect to synchronize LDAP passwords to Salesforce.
  • C. Setup Salesforce as an IdP to authenticate against the LDAP directory.
  • D. Setup Salesforce as a Service Provider to the existing IdP.

Answer: D

 

NEW QUESTION 159
A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation In the community.
Which should be used to satisfy this requirement?

  • A. OAuth Device Plow
  • B. Login Flows
  • C. Named Credentials
  • D. Single Sign-On Settings

Answer: A

 

NEW QUESTION 160
......

Identity-and-Access-Management-Designer Exam Practice Materials Collection: https://www.actual4test.com/Identity-and-Access-Management-Designer_examcollection.html

Get Latest and 100% Accurate Identity-and-Access-Management-Designer Exam Questions: https://drive.google.com/open?id=1QJfs7NkwLGi1xlQ7BSmIEKz8qbYT4_52

Related Articles

more
Go To Identity-and-Access-Management-Designer Questions

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Actual4test NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.