Testking offers free demo for Identity-and-Access-Management-Designer exam. "Salesforce Certified Identity and Access Management Designer (SP19)", also known as Identity-and-Access-Management-Designer exam, is a Salesforce Certification. This set of posts, Passing the Salesforce Identity-and-Access-Management-Designer exam, will help you answer those questions. The Identity-and-Access-Management-Designer Questions & Answers covers all the knowledge points of the real exam. 100% real Salesforce Identity-and-Access-Management-Designer exams and revised by experts!

Free demo questions for Salesforce Identity-and-Access-Management-Designer Exam Dumps Below:

NEW QUESTION 1
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

  • A. Entity id
  • B. Issuer
  • C. Identity provider login URL
  • D. SAML identity location

Answer: A

NEW QUESTION 2
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

  • A. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
  • B. Use Login Flows to add a screen that shows personalized alerts.
  • C. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
  • D. Create custom metadata that stores user alerts and use a LWC to display alerts.

Answer: B

NEW QUESTION 3
which three are features of federated Single Sign-on solutions? Choose 3 answers

  • A. It federates credentials control to authorized applications.
  • B. It establishes trust between Identity store and service provider.
  • C. It solves all identity and access management problems.
  • D. It improves affiliated applications adoption rates.
  • E. It enables quick and easy provisioning and deactivating of users.

Answer: BCE

NEW QUESTION 4
Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.
What should an identity architect do to fulfill this requirement?

  • A. Contact Salesforce Support and enable delegate single sign-on.
  • B. Create a custom external authentication provider.
  • C. Use certificate-based authentication.
  • D. Configure OpenID Connect authentication provider.

Answer: B

NEW QUESTION 5
Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

  • A. Custom_permissions
  • B. Api
  • C. Refresh_token
  • D. Full

Answer: BC

NEW QUESTION 6
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

  • A. The Connected App settings "All users may self-authorize" is enabled.
  • B. The Salesforce Administrators have revoked the OAuth authorization.
  • C. The Users do not have the correct permission set assigned to them.
  • D. The User of High Assurance sessions are required for the Connected App.

Answer: C

NEW QUESTION 7
Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

  • A. Configure SAML SSO settings.
  • B. Configure Delegated Authentication
  • C. Create a connected App
  • D. Set up my domain

Answer: AD

NEW QUESTION 8
Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

  • A. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.
  • B. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.
  • C. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloudfunctionality available to the user.
  • D. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs tomatch the number on the contact record.

Answer: C

NEW QUESTION 9
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • A. The Identity Provider is also used to SSO into five other applications.
  • B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • C. The Issuer Certificate from the Identity Provider expired two weeks ago.
  • D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC

NEW QUESTION 10
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?

  • A. Check the Refresh Token policy defined in the Salesforce Connected App.
  • B. Validate that the users are checking the box to remember their passwords.
  • C. Verify that the Callback URL is correctly pointing to the new URI Scheme.
  • D. Confirm that the access Token's Time-To-Live policy has been set appropriately.

Answer: A

NEW QUESTION 11
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

  • A. Delegated Authentication is enabled or disabled for the entire Salesforce org.
  • B. UC will be required to develop and support a custom SOAP web service.
  • C. Salesforce users will be locked out of Salesforce if the web service goes down.
  • D. The web service must reside on a public cloud service, such as Heroku.

Answer: BC

NEW QUESTION 12
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The use of high assurance sections are required for the connected App.
  • B. The users do not have the correct permission set assigned to them.
  • C. The connected App setting "All users may self-authorize" is enabled.
  • D. The salesforce administrators gave revoked the Oauth authorization.

Answer: B

NEW QUESTION 13
In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

  • A. RedirectURL
  • B. RelayState
  • C. DisplayState
  • D. StartURL

Answer: B

NEW QUESTION 14
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use on-the-fly provisioning
  • B. Use just-in-time provisioning
  • C. Use salesforce APIs to create users on the fly
  • D. Use Identity connect to sync users

Answer: B

NEW QUESTION 15
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

  • A. Query using OpenID Connect discovery endpoint.
  • B. A Leverage OpenID Connect Token Introspection.
  • C. Create a custom OAuth scope.
  • D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer: B

NEW QUESTION 16
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

  • A. Disallow the use of single Sign-on for any users of the mobile app.
  • B. Require high assurance sessions in order to use the connected App
  • C. Use Google Authenticator as an additional part of the logical processes.
  • D. Set login IP ranges to the internal network for all of the app users profiles.

Answer: BC

NEW QUESTION 17
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

  • A. Redirect_uri
  • B. State
  • C. Scope
  • D. Callback_uri

Answer: A

NEW QUESTION 18
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

  • A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revokedImmediately.
  • B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existingSalesforce users in First-in, First-out (FIFO) fashion.
  • C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platformout-of-the-box.
  • D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce,thus providing SSO as a default feature.

Answer: A

NEW QUESTION 19
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  • A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
  • B. Ensure the same username is allowed in multiple orgs by contacting salesforce support.
  • C. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  • D. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.

Answer: C

NEW QUESTION 20
......

Thanks for reading the newest Identity-and-Access-Management-Designer exam dumps! We recommend you to try the PREMIUM Downloadfreepdf.net Identity-and-Access-Management-Designer dumps in VCE and PDF here: https://www.downloadfreepdf.net/Identity-and-Access-Management-Designer-pdf-download.html (196 Q&As Dumps)