Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

• Question 171:

  Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.

  Which two mechanisms are used to provision agents with the appropriate permissions?

  Choose 2 answers

  A. Use Login Flow in User Context to update role and permission sets.
  B. Use Login Flow in System Context to update role and permission sets.
  C. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.
  D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
  B. Use Login Flow in System Context to update role and permission sets.
  D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.

• Question 172:

  Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

  A. The web application should be hosted on a secure server.
  B. The web server must be able to protect consumer privacy
  C. The flow involves passing the user credentials back and forth.
  D. The flow will not provide an Oauth refresh token back to the server.
  A. The web application should be hosted on a secure server.
  B. The web server must be able to protect consumer privacy

• Question 173:

  Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless expenence. The third- party employee portal only supports OAuth.

  What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?

  A. Configure SSO to use the third party portal as an identity provider.
  B. Create a custom external authentication provider.
  C. Add the third-party portal as a connected app.
  D. Configure Salesforce for Delegated Authentication.
  A. Configure SSO to use the third party portal as an identity provider.

• Question 174:

  Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

  A. Customer Community license
  B. Identity license
  C. Customer Community Plus license
  D. External Identity license
  B. Identity license

• Question 175:

  Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

  A. Financial System
  B. Pingfederate
  C. Salesforce Org 2
  D. Salesforce Org 1
  B. Pingfederate
  D. Salesforce Org 1

• Question 176:

  A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.

  What should be done to improve security?

  A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
  B. Create custom scopes and assign to the connected app.
  C. Define a permission set that grants access to the app and assign to authorized users.
  D. Leverage external objects and data classification policies.
  B. Create custom scopes and assign to the connected app.

• Question 177:

  An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

  1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

  2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

  Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

  

  A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
  B. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
  C. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
  D. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
  A. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.

  ---

  Explanation/Reference:

• Question 178:

  Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

  What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
  C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

  ---

  Explanation/Reference:

• Question 179:

  A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce. What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  A. Use a connected app with user provisioning flow.
  B. Create Canvas app in Salesforce for third-party app to provision users.
  C. Redirect users to the third-party app for registration.
  D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.
  A. Use a connected app with user provisioning flow.

• Question 180:

  Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  C. Use a nightly batch ETL job to sync users between the Customer Community and the e- commerce platform and use SAML to allow SSO.
  D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
  A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.