This page was exported from Top Exam Collection [ http://blog.topexamcollection.com ] Export date:Thu Apr 3 21:10:59 2025 / +0000 GMT ___________________________________________________ Title: Nov-2022 Get Totally Free Updates on Identity-and-Access-Management-Designer Dumps PDF Questions [Q47-Q61] --------------------------------------------------- Nov-2022 Get Totally Free Updates on Identity-and-Access-Management-Designer Dumps PDF Questions Prepare With Top Rated High-quality Identity-and-Access-Management-Designer Dumps For Success in Identity-and-Access-Management-Designer Exam What is the duration of the Identity-and-Access-Management-Designer Exam Passing Score: 65%Number of Questions: 60Format: Multiple choices, multiple answersLength of Examination: 120 minutes   NEW QUESTION 47Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?  Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.  Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.  Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.  Use the custom 2FA system for on-premise applications and native 2FA for Salesforce. NEW QUESTION 48Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.What should an identity architect use to show which part of the login assertion is fading?  SAML Metadata file importer  Identity Provider Metadata download  Connected App Manager  Security Assertion Markup Language Validator NEW QUESTION 49Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers  Refresh token  API  full  Web NEW QUESTION 50The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?  Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.  Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.  Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.  Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission. NEW QUESTION 51Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?  Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.  Implement Delegated Authentication that will update the user profiles as necessary.  Create an Apex scheduled job in one org that will synchronize the other org’s profiles.  Implement an OAuth JWT flow to pass the profile credentials between systems. Explanation/Reference:NEW QUESTION 52Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were a part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app.What should the Architect at UC first investigate?  Check the Refresh Token Policy defined in the Salesforce Connected App.  Confirm that the Access Token’s Time-To-Live policy has been set appropriately.  Verify that the Callback URL is correctly pointing to the new URI Scheme.  Validate that the users are checking the box to remember their passwords. Explanation/Reference:NEW QUESTION 53A company’s external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.What should be done to improve security?  Select “Admin approved users are pre-authonzed” and assign specific profiles.  Create custom scopes and assign to the connected app.  Define a permission set that grants access to the app and assign to authorized users.  Leverage external objects and data classification policies. NEW QUESTION 54Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user:How can this requirement be met?  Use the updateUser method on the registration Handler Class.  Develop a scheduled job that calls out to Facebook on a nightly basis.  Use information in the signed Request that is received from facebook.  Use SAML Just-In-Time Provisioning between Facebook and Salesforce. NEW QUESTION 55Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?  The CA-Signed Certificate from the Certificate and Key Management menu.  The default Client Certificate from the Develop–> API Menu.  The default Client Certificate or a Certificate from Certificate and Key Management menu.  The Self-Signed Certificates from the Certificate & Key Management menu. NEW QUESTION 56Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers  Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system  Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system  Use a self-signed certificate for salesforce and a self-signed cert for the external system  Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system NEW QUESTION 57A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.What is recommended to ensure these requirements are met ?  Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.  Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.  Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.  Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce- NEW QUESTION 58Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC’s Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers  Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.  Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.  Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.  Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners. NEW QUESTION 59Universal containers(UC) has implemented SAML-BASED single Sign-on for their salesforce application and is planning to provide access to salesforce on mobile devices using the salesforce1 mobile app. UC wants to ensure that single Sign-on is used for accessing the salesforce1 mobile app. Which two recommendations should the architect make? Choose 2 answers  Use the existing SAML SSO flow along with user agent flow.  Configure the embedded Web browser to use my domain URL.  Use the existing SAML SSO flow along with Web server flow  Configure the salesforce1 app to use the my domain URL NEW QUESTION 60Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case?Choose 2 answers  The Identity Provider can authenticate multiple applications.  The Identity Provider can authenticate multiple social media accounts.  The Identity provider can store credentials for multiple applications.  The Identity Provider can centralize enterprise password policy. NEW QUESTION 61Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers  Delegated Authentication will not work with a.net service.  Delegated Authentication will continue to work with rest services.  Delegated Authentication will continue to work with a.net service.  Delegated Authentication will not work with rest services.  Loading … Get 100% Success with Latest Salesforce Identity and Access Management Designer Identity-and-Access-Management-Designer Exam Dumps: https://www.topexamcollection.com/Identity-and-Access-Management-Designer-vce-collection.html --------------------------------------------------- Images: https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif https://blog.topexamcollection.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-11-13 13:45:03 Post date GMT: 2022-11-13 13:45:03 Post modified date: 2022-11-13 13:45:03 Post modified date GMT: 2022-11-13 13:45:03