A Review Of Best Quality Identity-and-Access-Management-Designer Free Samples

NEW QUESTION 1
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

• A. Use Active Directory with Reverse Proxy as the Identity Provider.
• B. Use Microsoft Access control Service as the Authentication provider.
• C. Use Active Directory Federation Service (ADFS) as the Identity Provider.
• D. Use Salesforce Identity Connect as the Identity Provider.

Answer: D

NEW QUESTION 2
Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?

• A. SAML Metadata file importer
• B. Identity Provider Metadata download
• C. Connected App Manager
• D. Security Assertion Markup Language Validator

Answer: D

NEW QUESTION 3
A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

• A. The Connected App settings "All users may self-authorize" is enabled.
• B. The Salesforce Administrators have revoked the OAuth authorization.
• C. The Users do not have the correct permission set assigned to them.
• D. The User of High Assurance sessions are required for the Connected App.

Answer: C

NEW QUESTION 4
Universal containers (UC) would like to enable self - registration for their salesforce partner community users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

• A. Modify the communitiesselfregcontroller to assign the profile and account.
• B. Modify the selfregistration trigger to assign profile and account.
• C. Configure registration for communities to use a custom visualforce page.
• D. Configure registration for communities to use a custom apex controller.

Answer: AC

NEW QUESTION 5
A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

• A. OAuth 2.0 Asset Token Flow
• B. OAuth 2.0 Device Authentication Row
• C. OAuth 2.0 JWT Bearer Token Flow
• D. OAuth 2.0 SAML Bearer Assertion Flow

Answer: A

NEW QUESTION 6
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

• A. Access Tokens
• B. Mobile pins
• C. Refresh Tokens
• D. Scopes

Answer: D

NEW QUESTION 7
Ttie executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience.
What should be used and considered before recommending it as a solution on the Salesforce Platform?

• A. OpenID Connect Web Server Flo
• B. Determine if the service provider is secure enough to store the client secret on.
• C. Embedded Logi
• D. Identify what level of UI customization will be required to make it match the service providers look and feel.
• E. Salesforce REST api
• F. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.
• G. Embedded Logi
• H. Consider whether or not it relies on third party cookies which can cause browser compatibility issues.

Answer: C

NEW QUESTION 8
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?

• A. Neithersp - nor IDP - initiated SSO will work
• B. Either sp - or IDP - initiated SSO will work
• C. IDP - initiated SSO will not work
• D. Sp-Initiated SSO will not work

Answer: D

NEW QUESTION 9
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

• A. Query using OpenID Connect discovery endpoint.
• B. A Leverage OpenID Connect Token Introspection.
• C. Create a custom OAuth scope.
• D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer: B

NEW QUESTION 10
Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

• A. Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
• B. Enable the "Enforce Ip restrictions" settings in the connected App.
• C. Enable the "All users may self-authorize" setting in the Connected App.
• D. Enable the "High Assurance session required" setting in the Connected App.

Answer: AC

NEW QUESTION 11
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

• A. Refresh token
• B. API
• C. full
• D. Web

Answer: AB

NEW QUESTION 12
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

• A. The self-registration process will produce an error to the user.
• B. The self-registration page will ask user to select an account.
• C. The self-registration process will create a person Account record.
• D. The self-registration page will create a new account record.

Answer: A

NEW QUESTION 13
Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

• A. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
• B. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
• C. Provisioning API for both Provisioning and Deprovisioning.
• D. Just-in-Time (JIT) for both Provisioning and Deprovisioning.

Answer: D

NEW QUESTION 14
Universal Containers (UC) has a Desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and salesforce should be seamless. What Authorization flow should the Architect recommend?

• A. JWT Bearer Token flow
• B. Web Server Authentication Flow
• C. User Agent Flow
• D. Username and Password Flow

Answer: C

NEW QUESTION 15
Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

• A. Authentication Token
• B. Session ID
• C. Refresh Token
• D. Access Token

Answer: CD

NEW QUESTION 16
Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

• A. User-Agent
• B. IDP-initiated
• C. Sp-Initiated
• D. Web server

Answer: B

NEW QUESTION 17
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

• A. Use a connected app with user provisioning flow.
• B. Create Canvas app in Salesforce for third-party app to provision users.
• C. Redirect users to the third-party app for registration.
• D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

Answer: A

NEW QUESTION 18
......