1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Exam Preparation

IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Details

  • Exam Code
    :IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER
  • Exam Name
    :Salesforce Certified Platform Identity and Access Management Designer
  • Certification
    :Salesforce Certifications
  • Vendor
    :Salesforce
  • Total Questions
    :234 Q&As
  • Last Updated
    :Jan 07, 2025

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Questions & Answers

  • Question 81:

    Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.

    Which two roles are being performed by Salesforce?

    Choose 2 answers

    A. SAML Identity Provider
    B. OAuth Client
    C. OAuth Resource Server
    D. SAML Service Provider

  • Question 82:

    which three are features of federated Single Sign-on solutions? Choose 3 answers

    A. It federates credentials control to authorized applications.
    B. It establishes trust between Identity store and service provider.
    C. It solves all identity and access management problems.
    D. It improves affiliated applications adoption rates.
    E. It enables quick and easy provisioning and deactivating of users.

  • Question 83:

    Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

    A. Trust relationships between Identity Provider and Service Provider are required.
    B. SAML tokens can be in XML or JSON format and can be used interchangeably.
    C. Web applications with no passwords are more secure and stronger against attacks.
    D. Access tokens are used to access resources on the server once the user is authenticated.
    E. Centralized federation provides single point of access, control and auditing.

  • Question 84:

    Northern Trail Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following:

    1.

    Enter a phone number and/or email address

    2.

    Enter a verification code that is to be sent via email or text. What is the recommended approach to fulfill this requirement?

    A. Create a Login Discovery page and provide a Login Discovery Handler Apex class.
    B. Create a custom login page with an Apex controller. The controller has logic to send and verify the identity.
    C. Create an Authentication provider and implement a self-registration handler class.
    D. Create a custom login flow that uses an Apex controller to verify the phone numbers with the company's verification service.

  • Question 85:

    Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.

    How can the Architect meet these requirements?

    A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
    B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
    C. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
    D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

  • Question 86:

    Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.

    What should an identity architect recommend to meet these requirements?

    A. Configure a predefined authentication provider for Amazon.
    B. Create a custom external authentication provider for Amazon.
    C. Configure an OpenID Connect Authentication Provider for Amazon.
    D. Configure Amazon as a connected app.

  • Question 87:

    Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

    A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
    B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
    C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
    D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

  • Question 88:

    Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.

    What should an identity architect use to show which part of the login assertion is fading?

    A. SAML Metadata file importer
    B. Identity Provider Metadata download
    C. Connected App Manager
    D. Security Assertion Markup Language Validator

  • Question 89:

    Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

    A. Id
    B. Web
    C. Api
    D. Custom_permissions

  • Question 90:

    Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.

    What is the potential impact to the architecture if NTO decides to implement this feature?

    A. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
    B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
    C. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.
    D. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.