Up To Date Identity-and-Access-Management-Designer Free Practice Questions For Salesforce Certified Identity And Access Management Designer (SP19) Certification

NEW QUESTION 1
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers

• A. Public Group Assignment
• B. Granting report folder access
• C. Role Assignment
• D. Custom permission assignment
• E. Permission sets assignment

Answer: ACE

NEW QUESTION 2
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

• A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
• B. Use the Activations feature to meet the compliance requirement to track device information.
• C. Use the Login History object to track information about devices from which users log in.
• D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

Answer: B

NEW QUESTION 3
A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

• A. OAuth 2.0 JWT Bearer How
• B. OAuth 2.0 Device Flow
• C. OAuth 2.0 User-Agent Flow
• D. OAuth 2.0 Asset Token Flow

Answer: B

NEW QUESTION 4
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

• A. Redirect_uri
• B. State
• C. Scope
• D. Callback_uri

Answer: A

NEW QUESTION 5
Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.
What should be done to fulfill the requirement? Choose 2 answers

• A. Setup Salesforce as an identity provider (IdP) for order Tracking.
• B. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,
• C. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login.
• D. Setup Order Tracking as a Canvas app in 5alesforce to POST IdP initiated SAML assertion.

Answer: AB

NEW QUESTION 6
Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

• A. Include client ID and client secret in the login header callout.
• B. Set up a proxy server for the login service in the DMZ.
• C. Require the use of Salesforce security Tokens on password.
• D. Enforce mutual Authentication between systems using SSL.

Answer: C

NEW QUESTION 7
Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

• A. Configure the Embedded Web Browser to use My Domain URL.
• B. Configure the Salesforce1 App to use the MY Domain URL.
• C. Use the existing SAML-SSO flow along with User Agent Flow.
• D. Use the existing SAML SSO flow along with Web Server Flow.

Answer: BC

NEW QUESTION 8
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

• A. Disallow the use of Single Sign-on for any users of the mobile app.
• B. Require High Assurance sessions in order to use the Connected App.
• C. Set Login IP Ranges to the internal network for all of the app users Profiles.
• D. Use Google Authenticator as an additional part of the login process

Answer: BD

NEW QUESTION 9
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers

• A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization anunderstanding of the user's login activity across all its digital properties and applications.
• C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity,even if it spans multiple corporate brands and user experiences.
• D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: BC

NEW QUESTION 10
Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.
NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.
What should an Identity architect do to fulfill the requirement?

• A. Configure an authentication provider for Social Login using Google and a custom registration handler.
• B. Implement a Just-in-Time handler class that has logic to create cases upon first login.
• C. Create an authentication provider for Social Login using Google and leverage standard registration handler.
• D. Implement a login flow with a record create component for Case.

Answer: D

NEW QUESTION 11
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

• A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
• B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
• C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
• D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Answer: B

NEW QUESTION 12
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

• A. The self-registration process will produce an error to the user.
• B. The self-registration page will ask user to select an account.
• C. The self-registration process will create a person Account record.
• D. The self-registration page will create a new account record.

Answer: A

NEW QUESTION 13
A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa? Choose 3 answers

• A. username and password + SMS passcode
• B. Username and password + secunty key
• C. Third-party single sign-on with Mobile Authenticator app
• D. Certificate-based Authentication
• E. Lightning Login

Answer: BCE

NEW QUESTION 14
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

• A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
• B. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
• C. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
• D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Answer: D

NEW QUESTION 15
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements? Choose 2 answers

• A. salesforce Canvas
• B. Identity Connect
• C. Connected Apps
• D. App Launcher

Answer: AD

NEW QUESTION 16
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
* 1. User Authenticates and Authorizes Access
* 2. Request an Access Token
* 3. Salesforce Grants an Access Token
* 4. Request an Authorization Code
* 5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?

• A. 1, 4, 5, 2, 3
• B. 4, 1, 5, 2, 3
• C. 2, 1, 3, 4, 5
• D. 4,5,2, 3, 1

Answer: D

NEW QUESTION 17
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?

• A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
• B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
• C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
• D. Allow partners to register through the IdP and create partner users in Salesforce through an API.

Answer: B

NEW QUESTION 18
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?

• A. Financial System
• B. Pingfederate
• C. Salesforce Org 2
• D. Salesforce Org 1

Answer: BD

NEW QUESTION 19
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers

• A. Create a custom external authentication provider for Facebook.
• B. Configure a predefined authentication provider for Facebook.
• C. Create a custom external authentication provider for Twitter.
• D. Configure a predefined authentication provider for Twitter.

Answer: BD

NEW QUESTION 20
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

• A. Web Application flow
• B. SAML Bearer Assertion flow
• C. User-Agent flow
• D. Web Server flow

Answer: D

NEW QUESTION 21
......