IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Designer
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :234 Q&As
  • Last Updated
    :Jan 07, 2025

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

  • Question 1:

    Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection. How can the connection to salesforce be restricted only to the employee portal server?

    A. Add the Employee portals IP address to the Trusted IP range for the connected App
    B. Use a digital certificate signed by the employee portal Server.
    C. Add the employee portals IP address to the login IP range on the user profile.
    D. Use a dedicated profile for the user the Employee portal uses.

  • Question 2:

    Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

    A. Use Salesforce reports to identify users that currently owns open "Classified" cases and should be granted access to the Classified information system.
    B. Use Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open "Classified" case, and remove it when the case is closed.
    C. Use Custom SAML JIT Provisioning to dynamically query the user's open "Classified" cases when attempting to access the classified information system.
    D. Use a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open "Classified" Cases.

  • Question 3:

    Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

    A. Web Application flow
    B. SAML Bearer Assertion flow
    C. User-Agent flow
    D. Web Server flow

  • Question 4:

    Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

    A. JWT Bearer Token flow
    B. Refresh Token flow
    C. SAML Bearer Assertion flow
    D. Web Service flow

  • Question 5:

    The security team at Universal Containers (UC) has identified exporting reports as a high- risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

    A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
    B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
    C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
    D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

  • Question 6:

    A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

    What should be used to fulfill this requirement?

    A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
    B. Use the Activations feature to meet the compliance requirement to track device information.
    C. Use the Login History object to track information about devices from which users log in.
    D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

  • Question 7:

    Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

    Which three OAuth concepts apply to this flow?

    Choose 3 answers

    A. Client ID
    B. Refresh Token
    C. Authorization Code
    D. Verification Code
    E. Scopes

  • Question 8:

    A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:

    1.

    They plan to implement Partner communities to provide access to their partner network.

    2.

    They have operations in multiple countries and are planning to implement multiple Salesforce orgs.

    3.

    Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.

    4.

    They would like to provide a single login for their partners.

    How should an Identity Architect solution this requirement with limited custom development?

    A. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
    B. Consolidate Partner related information in a single org and provide access through Salesforce community.
    C. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
    D. Register partners in one org and access information from other orgs using APIs.

  • Question 9:

    Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

    A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
    B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
    C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
    D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

  • Question 10:

    A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

    A. The Connected App settings "All users may self-authorize" is enabled.
    B. The Salesforce Administrators have revoked the OAuth authorization.
    C. The Users do not have the correct permission set assigned to them.
    D. The User of High Assurance sessions are required for the Connected App.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.