1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Designer
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :234 Q&As
  • Last Updated
    :Jan 07, 2025

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

  • Question 151:

    A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

    Which authentication mechanism should an identity architect recommend to meet the requirements?

    A. OpenID Connect
    B. User Agent Flow
    C. JWT Bearer Token Flow
    D. Web Server Flow

  • Question 152:

    A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.

    Which Salesforce OAuth authorization flow should be used?

    A. OAuth 2.0 JWT Bearer How
    B. OAuth 2.0 Device Flow
    C. OAuth 2.0 User-Agent Flow
    D. OAuth 2.0 Asset Token Flow

  • Question 153:

    Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.

    What should an identity architect do to fulfill this requirement?

    A. Contact Salesforce Support and enable delegate single sign-on.
    B. Create a custom external authentication provider.
    C. Use certificate-based authentication.
    D. Configure OpenID Connect authentication provider.

  • Question 154:

    Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?

    A. Web Server flow with a Refresh Token.
    B. Mobile Agent flow with a Bearer Token.
    C. User Agent flow with a Refresh Token.
    D. SAML Assertion flow with a Bearer Token.

  • Question 155:

    Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

    A. Web Server flow
    B. JWT Bearer Token flow
    C. Username-Password flow
    D. User Agent flow

  • Question 156:

    Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

    A. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
    B. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
    C. Provisioning API for both Provisioning and Deprovisioning.
    D. Just-in-Time (JIT) for both Provisioning and Deprovisioning.

  • Question 157:

    Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real- time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

    A. The CA-Signed Certificate from the Certificate and Key Management menu.
    B. The default Client Certificate from the Develop--> API Menu.
    C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
    D. The Self-Signed Certificates from the Certificate and Key Management menu.

  • Question 158:

    A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

    Which two considerations should the architect keep in mind?

    Choose 2 answers

    A. AMR field shows the authentication methods used at IdP.
    B. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.
    C. High-assurance sessions must be configured under Session Security Level Policies.
    D. Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.

  • Question 159:

    Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

    A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
    B. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
    C. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
    D. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.

  • Question 160:

    Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

    A. The self-registration process will produce an error to the user.
    B. The self-registration page will ask user to select an account.
    C. The self-registration process will create a person Account record.
    D. The self-registration page will create a new account record.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.