Top Identity And Access Management Designer Dumps Questions [2022] For Exam Preparation

1. Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.

Which two actions should the Architect recommend to UC? Choose 2 answers

2. Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community .

What SSO flow should an architect recommend?

3. Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels. The label generator application uses OAuth to provide users access .

What license type should an Architect recommend for the customers?

4. A group of users try to access one of universal containers connected apps and receive the following error message: "Failed: Not approved for access".

What is most likely to cause of the issue?

5. Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts .

How can the Architect meet these requirements?

6. A global company's Salesforce Identity Architect is reviewing its Salesforce production org

login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

Which two issues would cause these errors? Choose 2 answers

7. Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization .

Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?

8. Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.

Which two settings need to be configured in the connect app to support this requirement? Choose 2 answers

9. Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users .

Which 2 actions should an architect recommend to UC? Choose 2 answers

10. Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org .

How does that decision impact their SSO implementation?

11. Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory (AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users .

Which three actions can AD groups control through identity connect? Choose 3 answers

12. Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow? Choose 3 answers

13. Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs .

Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

14. Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system .

What is the most likely reason for this behaviour?

15. universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team .

What would be the recommended solution to grant mobile app access to sales users?

16. Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.

What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

17. Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure .

What certificate is sent along with the Outbound Message?

18. How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

19. Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app .

Which two are recommendations to make the UC? Choose 2 answers

20. Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless .

Which action should an architect recommend?

21. Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application .

What implementation should an Architect recommend to UC?

22. Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.

NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.

What should an Identity architect do to fulfill the requirement?

23. Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app .

Which two scope values should an Architect recommend to UC? Choose 2 answers.

24. Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app .

Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

25. Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

26. Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication .

What Oauth flow would be recommended in this scenario?

27. Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.

How should an identity architect configure AWS to authenticate and authorize Salesforce users?

28. Universal containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use salesforce ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to salesforce through API. UC decides to use an API user using Oauth Username - password flow for the connection .

How can the connection to salesforce be restricted only to the employee portal server?

29. Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API .

What is the role of Salesforce in the context of SSO, based on this scenario?

30. Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location .

Which two options should an architect recommend? Choose 2 answers

31. An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers .

What SAML SSO setting in Salesforce provides this capability?

32. Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

33. Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking?

34. Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure .

Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

35. Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.

How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

36. Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO .

What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

37. Universal containers (UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure .

Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

38. Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

Which license should the identity architect recommend to fulfill this requirement?

39. Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wants to ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.

What should be done to fulfill the requirement?

Choose 2 answers

40. An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce .

What is the probable cause of this behaviour?

41. Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs .

How should UC'S architect enable this behavior?

42. Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

43. Salesforce Grants Authorization Code

What is the correct sequence for the authorization flow?

44. In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

45. The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied .

Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

46. Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.

A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.

NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.

what should an identity architect do to fulfill the above requirements?

47. Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again .

What Oauth flows should be considered to support this requirement?

48. Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden .

Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps? Choose 2 answers

49. An architect needs to set up a Facebook Authentication provider as login option for a salesforce customer Community .

What portion of the authentication provider setup associates a Facebook user with a salesforce user?

50. Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce .

What recommendation should an architect make to meet this requirement?

51. Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

52. Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page .

What is the likely cause of the issue?

53. Universal containers (UC) has implemented SAML -based single Sign-on for their salesforce application. UC is using pingfederate as the Identity provider. To access salesforce, Users usually navigate to a bookmarked link to my domain URL .

What type of single Sign-on is this?

54. A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.

Which Salesforce OAuth authorization flow should be used?

55. Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well .

What is the recommended solution as Architect should consider?

56. Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.

What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

57. Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use password less login, allowing customers to login with a one-time passcode sent to them via email or SMS.

How should the quantity of required Identity Verification Credits be estimated?

58. Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login .

What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

59. customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record .

What item should an architect advise the identity team at UC to investigate first?

60. Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory .

What is the role of Active Directory in this scenario?

61. Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce? Choose 2 answers

62. Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible .

Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

63. Universal containers (UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application .

How can an architect support fingerprints as a form of identification for salesforce Authentication?

64. Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process .

Which two considerations should an architect point out to UC? Choose 2 answers

65. Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org .

What action should the IT team take while implementing the second org?

66. Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the login service and salesforce .

What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

67. A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

What should be used to fulfill this requirement?

68. Which three types of attacks would a 2-Factor Authentication solution help garden against?

69. Universal Containers (UC) uses Salesforce as a CRM and identity provider (IdP) for their Sales Team to seamlessly login to intemaJ portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees.

Which Salesforce license is required to fulfill this requirement?

70. Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.

How should an identity architect implement this requirement?