• Home
  • Blogs
  • [Dec 09, 2022] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question [Q43-Q63]

[Dec 09, 2022] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question [Q43-Q63]

Share

[Dec 09, 2022] Free Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Question

Identity-and-Access-Management-Designer dumps & Salesforce Identity and Access Management Designer sure practice dumps


Certification Path

There is no prerequisite for this exam.

 

NEW QUESTION 43
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  • A. Authentication Token
  • B. Refresh Token
  • C. Access Token
  • D. Session ID

Answer: B,C

 

NEW QUESTION 44
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

  • A. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
  • B. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
  • C. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
  • D. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.

Answer: D

 

NEW QUESTION 45
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

  • A. Authentication Token
  • B. Access Token
  • C. Session ID
  • D. Refresh Token

Answer: A,B

 

NEW QUESTION 46
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

  • A. Delegated Authentication will not work with rest services.
  • B. Delegated Authentication will not work with a.net service.
  • C. Delegated Authentication will continue to work with a.net service.
  • D. Delegated Authentication will continue to work with rest services.

Answer: A,C

 

NEW QUESTION 47
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers

  • A. Select the "Configurable Self-Reg Page" option under Login & Registration.
  • B. Set jp an external login page and call Salesforce APIs for user creation.
  • C. Customize me self-registration Apex handler to create only the user record.
  • D. Enable "Allow customers and partners to self-register".
  • E. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.

Answer: A,C,D

 

NEW QUESTION 48
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

  • A. The self-registration page will create a new account record.
  • B. The self-registration process will produce an error to the user.
  • C. The self-registration process will create a person Account record.
  • D. The self-registration page will ask user to select an account.

Answer: B

 

NEW QUESTION 49
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
  • B. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at

Answer: C

Explanation:
first login.

 

NEW QUESTION 50
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

  • A. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
  • B. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
  • C. Salesforce Org1 and PingFederate are acting as Identity Providers.
  • D. Financial System and CPQ System are the only Service Providers.

Answer: C

 

NEW QUESTION 51
Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

  • A. Start URL on identity provider
  • B. Identity-provider-initiated SSO
  • C. Web server Oauth SSO flow.
  • D. Service-provider-initiated SSO

Answer: D

 

NEW QUESTION 52
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

  • A. User Agent Flow
  • B. JWT Bearer Token Flow
  • C. OpenID Connect
  • D. Web Server Flow

Answer: D

 

NEW QUESTION 53
Universal Containers built a custom mobile app for their field reps to create orders in Salesforce. OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.
What should the logout function perform in this scenario, where user sessions are refreshed automatically?

  • A. Invoke the revocation URL and pass the access token.
  • B. Clear out all the tokens to stop auto session refresh.
  • C. Invoke the revocation URL and pass the refresh token.
  • D. Clear out the client Id to stop auto session refresh.

Answer: C

 

NEW QUESTION 54
How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

  • A. Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
  • B. Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
  • C. Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
  • D. Remove the Login page from the list of Authentication Services on the My Domain configuration.

Answer: D

 

NEW QUESTION 55
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

  • A. State
  • B. Redirect_uri
  • C. Callback_uri
  • D. Scope

Answer: B

 

NEW QUESTION 56
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow the employees to post ideas from the Employee portal. When clicking some links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with relevant pages.
What scope should be requested when using the OAuth token to meet this requirement?

  • A. web
  • B. full
  • C. api
  • D. Visualforce

Answer: A

Explanation:
Explanation

 

NEW QUESTION 57
What item should an Architect consider when designing a Delegated Authentication implementation?

  • A. The Web service should implement a custom password decryption method.
  • B. The Web service should be able to accept one to four input method parameters.
  • C. The Web service should be secured with TLS using Salesforce trusted certificates.
  • D. The web service should use the Salesforce Federation ID to identify the user.

Answer: A

 

NEW QUESTION 58
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

  • A. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
  • B. Confirm performance considerations with Salesforce Customer Support due to high peaks.
  • C. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
  • D. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.

Answer: B

 

NEW QUESTION 59
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

  • A. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
  • B. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
  • C. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
  • D. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.

Answer: A

 

NEW QUESTION 60
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. To use dynamic branding, the community must be built with the Customer Account Portal template.
  • B. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • C. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

Answer: A,B

 

NEW QUESTION 61
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does thatdecision impact their SSO implementation?

  • A. Neithersp - nor IDP - initiated SSO will work
  • B. Sp-Initiated SSO will not work
  • C. IDP - initiated SSO will not work
  • D. Either sp - or IDP - initiated SSO will work

Answer: B

 

NEW QUESTION 62
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grants an Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?

  • A. 1, 4, 5, 2, 3
  • B. 2, 1, 3, 4, 5
  • C. 4,5,2, 3, 1
  • D. 4, 1, 5, 2, 3

Answer: C

 

NEW QUESTION 63
......


The benefit in Obtaining the Identity-and-Access-Management-Designer Exam Certification

  • After completing the Salesforce Certified Identity and Access Management Designer certification Candidate becomes a solid, well-rounded Salesforce Certified Identity and Access Management Designer.
  • When an organization hiring or promotion an employee, then the decision is made by human resources. Now while Candidate may have an IT background, they do their decisions in a way that takes into record many different factors. One thing is candidates have formal credentials, such as the Salesforce Certified Identity and Access Management Designer.
  • If the Candidate has the desire to move up to a higher-paying position in an organization. This certification will help as always.
  • A candidate might have incredible IT skills. Employers that do the hiring need to make decisions based on limited information and as it always. When they view the official Salesforce Certified Identity and Access Management Designer certification, they can be guaranteed that a candidate has achieved a certain level of competence.

How to book the Identity-and-Access-Management-Designer Exam

These are following steps for registering the Identity-and-Access-Management-Designer Exam. Step 1: Visit to Webassessor Exam Registration Step 2: Signup/Login to Webassessor Step 3: Select the onsite proctored or online proctored delivery method of Certification Exam Step 4: Select Date, time and confirm with a payment method

For more information, please click here.

 

Salesforce Identity-and-Access-Management-Designer Actual Questions and Braindumps: https://www.test4sure.com/Identity-and-Access-Management-Designer-pass4sure-vce.html

Pass Identity-and-Access-Management-Designer Exam with Updated Identity-and-Access-Management-Designer Exam Dumps PDF 2022: https://drive.google.com/open?id=10e78cxgodkfJDm4Ft3mCRhSzrk8NTc8M

Related Blogs

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.