2021 Verified Identity-and-Access-Management-Designer dumps Q&As on your Salesforce Identity and Access Management Designer Exam Questions Certain Success!
Identity-and-Access-Management-Designer Exam Dumps - 100% Marks In Identity-and-Access-Management-Designer Exam!
Salesforce Identity-and-Access-Management-Designer Exam
Salesforce Identity-and-Access-Management-Designer Exam is related to Salesforce Certified Identity and Access Management Designer (WI19) Certification. This exam validates the Candidate ability in assessing identity architecture and designing secure, high-performance access management solutions on the Lightning Platform.
Who should take the Identity-and-Access-Management-Designer exam
Salesforce Certified Identity and Access Management Designer (WI19) certification is an internationally-recognized validation that identifies persons who earn it as possessing skilled as a Salesforce Certified Identity and Access Management Designer (WI19). if a candidate wants significant improvement in career growth needs enhanced knowledge, skills, and talents. The Salesforce Identity-and-Access-Management-Designer Exam provides proof of this advanced knowledge and skill. If a candidate has knowledge of associated technologies and skills that are required to pass the Salesforce Identity-and-Access-Management-Designer Exam then he should take this exam.
NEW QUESTION 83
Universal containers (UC) has a classified information system that it's call centre team uses only when they are working on a case with a record type of "classified". They are only allowed to access the system when they own an open "classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO with salesforce as the IDP, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying access to the classified information system based on the open "classified" case record criteria?
- A. Use a custom connected App handler using apex to dynamically allow access to the system based on whether the staff owns any open "classified" cases.
- B. Use salesforce reports to identify users that currently owns open "classified" cases and should be granted access to the classified information system.
- C. Use apex trigger on case to dynamically assign permission sets that grant access when a user is assigned with an open "classified" case, and remove it when the case is closed.
- D. Use custom SAML jit provisioning to dynamically query the user's open "classified" cases when attempting to access the classified information system
Answer: A
NEW QUESTION 84
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements?
Choose 2 answers
- A. salesforce Canvas
- B. Connected Apps
- C. Identity Connect
- D. App Launcher
Answer: A,D
NEW QUESTION 85
what item should an architect consider when designing a Delegated Authentication implementation?
- A. The web service should implement a custom password decryption method.
- B. The web service should be able to accept one to four input method parameters.
- C. The web service should be secured with TLS using Salesforce trusted certificates.
- D. The web service should use the salesforce Federation ID to identify the user.
Answer: C
NEW QUESTION 86
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers
- A. Access Token
- B. Authentication Token
- C. Refresh Token
- D. Session ID
Answer: A,B
NEW QUESTION 87
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?
- A. Use Active Directory Federation Service (ADFS) as the Identity Provider.
- B. Use Microsoft Access control Service as the Authentication provider.
- C. Use Active Directory with Reverse Proxy as the Identity Provider.
- D. Use Salesforce Identity Connect as the Identity Provider.
Answer: D
NEW QUESTION 88
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers
- A. Use a self-signed certificate for salesforce and a self-signed cert for the external system
- B. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
- C. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
- D. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system
Answer: A,D
NEW QUESTION 89
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?
- A. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
- B. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
- C. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
- D. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
Answer: D
NEW QUESTION 90
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers
- A. The clock on the Identity Provider server is twenty minutes behind Salesforce.
- B. The Identity Provider is also used to SSO into five other applications.
- C. The Issuer Certificate from the Identity Provider expired two weeks ago.
- D. The default language for the Identity Provider and Salesforce are Different.
Answer: C,D
NEW QUESTION 91
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location.
Which two options should an architect recommend? Choose 2 answers
- A. Relax the ip restriction in the connect app settings for the salesforce1 mobile app
- B. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
- C. Remove existing restrictions on ip ranges for all types of user access.
- D. Use login flow to bypass ip range restriction for the mobile app.
Answer: A,D
NEW QUESTION 92
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?
- A. Create a Connected App that supports the User-Agent OAuth Flow.
- B. Create a Connected App that supports the Web Server OAuth Flow.
- C. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
- D. Create a Connected App that supports the Refresh Token OAuth Flow.
Answer: C
NEW QUESTION 93
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers
- A. Salesforce license for sales users and platform license for Marketing users.
- B. Salesforce license for sales users and Identity license for Marketing users
- C. Salesforce license for sales users and External Identity license for Marketing users
- D. Identity license for sales users and Identity connect license for Marketing users
Answer: A,B
NEW QUESTION 94
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grants an Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?
- A. 1, 4, 5, 2, 3
- B. 4,5,2, 3, 1
- C. 2, 1, 3, 4, 5
- D. 4, 1, 5, 2, 3
Answer: B
NEW QUESTION 95
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
- A. Set login IP ranges to the internal network for all of the app users profiles.
- B. Use Google Authenticator as an additional part of the logical processes.
- C. Require high assurance sessions in order to use the connected App
- D. Disallow the use of single Sign-on for any users of the mobile app.
Answer: B,C
NEW QUESTION 96
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?
- A. The Oauth authorizations are being revoked by a nightly batch job.
- B. The app is requesting too many access Tokens in a 24-hour period
- C. The users forget to check the box to remember their credentials.
- D. The refresh token expiration policy is set incorrectly in salesforce
Answer: D
NEW QUESTION 97
A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.
The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.
What should an Identity architect do to meet this requirement?
- A. Configure the company firewall to allow traffic from Salesforce IP ranges.
- B. Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
- C. Upload a third-party certificate from Salesforce into the on-premise server.
- D. Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
Answer: A
NEW QUESTION 98
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The CA-signed Certificate from the Certificate and Key Management Menu.
- B. The Self-signed Certificates from the Certificate & Key Management menu.
- C. The default client Certificate from the Develop--> API menu.
- D. The default client Certificate or the Certificate and Key Management menu.
Answer: C
NEW QUESTION 99
Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers
- A. Configure SAML SSO settings.
- B. Create a Connected App.
- C. Set up My Domain.
- D. Configure Delegated Authentication.
Answer: A,C
NEW QUESTION 100
Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers
- A. Remove existing restrictions on IP ranges for all types of user access.
- B. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.
- C. Use Login Flow to bypass IP range restriction for the mobile app.
- D. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.
Answer: B,D
NEW QUESTION 101
Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers
- A. Build a custom Web service that is supported by Delegated Authentication.
- B. Use a professional social media such as LinkedIn as an Authentication provider
- C. Implement the Openid protocol and configure an Authentication provider
- D. Build a custom web page that uses the identity store and calls frontdoor.jsp
Answer: A,C
NEW QUESTION 102
......
Pass Your Identity-and-Access-Management-Designer Exam Easily With 100% Exam Passing Guarantee: https://www.dumpstillvalid.com/Identity-and-Access-Management-Designer-prep4sure-review.html
Exam Dumps Use Real Salesforce Identity and Access Management Designer Dumps With 192 Questions: https://drive.google.com/open?id=1ikCxldtp2DyPvRlRWvXpAD3VT7UWiSfM
