Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

• Question 121:

  Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.

  What should be used and considered before recommending it as a solution on the Salesforce Platform?

  A. OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on.
  B. Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.
  C. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
  D. Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.
  C. Salesforce REST apis. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.

• Question 122:

  customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record.

  What item should an architect advise the identity team at UC to investigate first?

  A. My domain is configured and active within salesforce.
  B. The salesforce SSO settings are using http post
  C. The identity provider is correctly preserving the Relay state
  D. The users have the correct Federation ID within salesforce.
  C. The identity provider is correctly preserving the Relay state

  ---

  Explanation/Reference:

• Question 123:

  Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
  B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
  C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.
  C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.

• Question 124:

  A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.

  What should an identity architect use to fulfill this requirement?

  A. Canvas App Integration
  B. OAuth Tokens
  C. Authentication Providers
  D. Connected App and OAuth scopes
  D. Connected App and OAuth scopes

• Question 125:

  Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

  A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
  B. Build a custom visualforce page for both the change password and Forgot password experiences.
  C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
  D. Build a community builder page for both the change password and Forgot password experiences.
  B. Build a custom visualforce page for both the change password and Forgot password experiences.
  C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.

• Question 126:

  Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  A. Use on-the-fly provisioning
  B. Use just-in-time provisioning
  C. Use salesforce APIs to create users on the fly
  D. Use Identity connect to sync users
  B. Use just-in-time provisioning

• Question 127:

  Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  A. Authentication Token
  B. Session ID
  C. Refresh Token
  D. Access Token
  C. Refresh Token
  D. Access Token

• Question 128:

  Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers

  A. Activate My Domain to Brand each org to the specific business use case.
  B. Implement SP-Initiated Single Sign-on flows to allow deep linking.
  C. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
  D. Implement Delegated Authentication from each org to the LDAP provider.
  A. Activate My Domain to Brand each org to the specific business use case.
  B. Implement SP-Initiated Single Sign-on flows to allow deep linking.

• Question 129:

  Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.

  How should an identity architect implement this requirement?

  A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.
  C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.
  D. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.
  B. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

  ---

  Explanation/Reference:

• Question 130:

  A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self- authorize, and users are permitted to use the apps once they have logged into Salesforce.

  How should an identity architect meet the above requirements with the privately distributed mobile app?

  A. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
  B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.
  C. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
  D. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
  B. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.