Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

• Question 111:

  Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

  Which license should the identity architect recommend to fulfill this requirement?

  A. Identity Only License
  B. External Identity License
  C. Identity Verification Credits Add-on License
  D. Identity Connect License
  A. Identity Only License

• Question 112:

  An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

  A. Ensure the Callback URL is correctly set in the Connected Apps settings.
  B. Use a browser that has an add-on/extension that can inspect SAML.
  C. Paste the SAML Assertion Validator in Salesforce.
  D. Use the browser's Development tools to view the Salesforce page's markup.
  B. Use a browser that has an add-on/extension that can inspect SAML.
  C. Paste the SAML Assertion Validator in Salesforce.

• Question 113:

  Northern Trail Outfitters (NTO) is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and

  claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page.

  The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal.

  Which approach should the identity architect recommend?

  A. Create a full sandbox to replicate the portal site and update the branding accordingly.
  B. Implement Experience ID in the code and extend the URLs and endpomts, as required.
  C. Use Heroku to build the new brand site and embedded login to reuse identities.
  D. Configure an additional community site on the same org that is dedicated for the new brand.
  B. Implement Experience ID in the code and extend the URLs and endpomts, as required.

• Question 114:

  A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.

  Which two features should be utilized to provide users with login and identity services for the third-party application?

  Choose 2 answers

  A. Use the App Launcher with single sign-on (SSO).
  B. External a Data source with Named Principal identity type.
  C. Use a connected app.
  D. Use Delegated Authentication.
  A. Use the App Launcher with single sign-on (SSO).
  C. Use a connected app.

• Question 115:

  Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

  A. Include client ID and client secret in the login header callout.
  B. Set up a proxy server for the login service in the DMZ.
  C. Require the use of Salesforce security Tokens on password.
  D. Enforce mutual Authentication between systems using SSL.
  C. Require the use of Salesforce security Tokens on password.

• Question 116:

  Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.

  Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?

  Choose 2 answers

  A. Identity Connect
  B. Delegated Authentication
  C. Connected Apps
  D. Embedded Login
  B. Delegated Authentication
  D. Embedded Login

• Question 117:

  The security team at Universal containers(UC) has identified exporting reports as a high- risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
  B. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
  D. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
  C. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

• Question 118:

  A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

  When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?

  A. OIDC is more secure than SAML and therefore is the obvious choice.
  B. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
  C. If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.
  D. They are equivalent protocols and there is no real reason to choose one over the other.
  B. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.

• Question 119:

  Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

  A. The Federation ID must be a valid Salesforce Username
  B. The Federation ID must is case sensitive
  C. The Federation ID must be in the form of an email address.
  D. The Federation ID must be populated on the user record.
  B. The Federation ID must is case sensitive
  D. The Federation ID must be populated on the user record.

• Question 120:

  What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  A. Reference to a URL redirect parameter at the identity provider.
  B. Reference to a URL redirect parameter at the service provider.
  C. Reference to the login address URL of the service provider.
  D. Reference to the login address URL of the identity Provider.
  B. Reference to a URL redirect parameter at the service provider.