1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Designer
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :234 Q&As
  • Last Updated
    :Jan 07, 2025

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

  • Question 91:

    Users logging into Salesforce are frequently prompted to verify their identity.

    The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.

    What should the identity architect recommend to meet the requirement?

    A. Implement 2FA authentication for the Salesforce org.
    B. Set trusted IP ranges for the organization.
    C. Implement an single sign-on for Salesforce using an external identity provider.
    D. Implement multi-factor authentication for the Salesforce org.

  • Question 92:

    Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.

    What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

    A. Query using OpenID Connect discovery endpoint.
    B. A Leverage OpenID Connect Token Introspection.
    C. Create a custom OAuth scope.
    D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

  • Question 93:

    Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

    A. Users leaving laptops unattended and not logging out of Salesforce.
    B. Users accessing Salesforce from a public Wi-Fi access point.
    C. Users choosing passwords that are the same as their Facebook password.
    D. Users creating simple-to-guess password reset questions.

  • Question 94:

    How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

    A. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
    B. Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
    C. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
    D. Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

  • Question 95:

    The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

    A. Web server
    B. Jwt bearer token
    C. User-Agent
    D. Username-password

  • Question 96:

    A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.

    Which three functions meet the Salesforce criteria for secure mfa?

    Choose 3 answers

    A. username and password + SMS passcode
    B. Username and password + secunty key
    C. Third-party single sign-on with Mobile Authenticator app
    D. Certificate-based Authentication
    E. Lightning Login

  • Question 97:

    An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.

    Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

    A. Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
    B. Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
    C. Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
    D. Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.

  • Question 98:

    Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

    A. Delegated Authentication is enabled or disabled for the entire Salesforce org.
    B. UC will be required to develop and support a custom SOAP web service.
    C. Salesforce users will be locked out of Salesforce if the web service goes down.
    D. The web service must reside on a public cloud service, such as Heroku.

  • Question 99:

    Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

    The chief security officer is rolling out an org wide compliance policy to enforce re- venfication of devices if an employee has not logged in from that device in the last week.

    Which connected app setting should be leveraged to comply with this policy change?

    A. Scope - Deny refresh_token scope for this connected app.
    B. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
    C. Session Policy - Set timeout value of the connected app to 7 days.
    D. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.

  • Question 100:

    Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.

    Which two page types are valid login page types for the site?

    Choose 2 answers

    A. Experience Builder Page
    B. lightning Experience Page
    C. Login Discovery Page
    D. Embedded Login Page

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.