Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

• Question 141:

  Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

  A. SP-Initiated with Deep Linking
  B. SP-Initiated
  C. IdP-Initiated
  D. User-Agent
  C. IdP-Initiated

• Question 142:

  Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

  A. Configure SAML SSO settings.
  B. Create a Connected App.
  C. Configure Delegated Authentication.
  D. Set up My Domain.
  A. Configure SAML SSO settings.
  D. Set up My Domain.

• Question 143:

  Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  A. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
  B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  C. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
  B. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.

• Question 144:

  Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
  D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

• Question 145:

  Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.

  What should be enabled in Salesforce as a prerequisite?

  A. My Domain
  B. External Identity
  C. Identity Provider
  D. Multi-Factor Authentication
  A. My Domain

• Question 146:

  Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled "User Provisioning" on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

  A. User Provisioning for Connected Apps does not support role sync.
  B. Required operation(s) was not mapped in User Provisioning Settings.
  C. The Approval queue for User Provisioning Requests is unmonitored.
  D. Salesforce roles have more than three levels in the role hierarchy.
  A. User Provisioning for Connected Apps does not support role sync.

• Question 147:

  A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

  Which two issues would cause these errors?

  Choose 2 answers

  A. The subject element is missing from the assertion sent to salesforce.
  B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
  C. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
  D. The assertion sent to 5alesforce contains an assertion ID previously used.
  A. The subject element is missing from the assertion sent to salesforce.
  D. The assertion sent to 5alesforce contains an assertion ID previously used.

• Question 148:

  Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

  A. Service Provider, because Salesforce is the application for managing ideas.
  B. Connected App, because Salesforce is connected with Employee portal via API.
  C. Identity Provider, because the API calls are authenticated by Salesforce.
  D. An independent system, because Salesforce is not part of the SSO setup.
  D. An independent system, because Salesforce is not part of the SSO setup.

• Question 149:

  Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

  A. Resource deep linking
  B. App launcher
  C. SSO from salesforce1 mobile app.
  D. Login forensics
  A. Resource deep linking
  C. SSO from salesforce1 mobile app.

• Question 150:

  Which two statements are capable of Identity Connect? Choose 2 answers

  A. Synchronization of Salesforce Permission Set Licence Assignments.
  B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
  C. Support multiple orgs connecting to multiple Active Directory servers.
  D. Automated user synchronization and de-activation.
  B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
  D. Automated user synchronization and de-activation.