Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • [Q18-Q42] Pass Your Identity-and-Access-Management-Designer Exam Easily With 100% Exam Passing Guarantee [2022]

[Q18-Q42] Pass Your Identity-and-Access-Management-Designer Exam Easily With 100% Exam Passing Guarantee [2022]

Share

Pass Your Identity-and-Access-Management-Designer Exam Easily With 100% Exam Passing Guarantee [2022]

Identity-and-Access-Management-Designer Dumps are Available for Instant Access from TestSimulate


How to study the Identity-and-Access-Management-Designer Exam

There are two main types of resources for preparation of certification exams first there are the study guides and the books that are detailed and suitable for building knowledge from ground up then there are video tutorial and lectures that can somehow ease the pain of through study and are comparatively less boring for some candidates yet these demand time and concentration from the learner. Smart Candidates who want to build a solid foundation in all exam topics and related technologies usually combine video lectures with study guides to reap the benefits of both but there is one crucial preparation tool as often overlooked by most candidates the practice exams. Practice exams are built to make students comfortable with the real exam environment. Statistics have shown that most students fail not due to that preparation but due to exam anxiety the fear of the unknown. TestSimulate expert team recommends you to prepare some notes on these topics along with it don't forget to practice Salesforce Identity-and-Access-Management-Designer exam dumps which been written by our expert team, Both these will help you a lot to clear this exam with good marks.

 

NEW QUESTION 18
Universal Containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use Salesforce Ideas and provide the ability for employees to post ideas from the company portal. They use SAML-based SSO to get into the Company portal and would like to leverage it to access Salesforce.
Most of the users don't exist in Salesforce and they would like the user records created in Salesforce Communities the first time they try to access Salesforce.
What recommendation should an Architect make to meet this requirement?

  • A. Use Just-in-Time provisioning.
  • B. Use Salesforce APIs to create users on the fly.
  • C. Use Identity Connect to sync users.
  • D. Use On-the-Fly provisioning.

Answer: A

 

NEW QUESTION 19
Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.
How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

  • A. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
  • B. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.
  • C. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
  • D. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.

Answer: B

 

NEW QUESTION 20
A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

  • A. Setup Salesforce as a Service Provider to the existing IdP.
  • B. Setup Salesforce as an IdP to authenticate against the LDAP directory.
  • C. Setup Salesforce as an Authentication Provider to the existing IdP.
  • D. Use Salesforce connect to synchronize LDAP passwords to Salesforce.

Answer: A

 

NEW QUESTION 21
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

  • A. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
  • B. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
  • C. Select "Enable as a Canvas Personal App" in the connected app settings.
  • D. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

Answer: A,B

 

NEW QUESTION 22
Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?

  • A. Add the Employee portal's IP Address to the trusted IP range for the Connected App.
  • B. Use a digital certificate signed by the Employee portal server.
  • C. Add the Employee portal's IP address to the Login IP range on the user profile.? May two answers
  • D. Use a dedicated profile for the user the Employee portal user.

Answer: A

 

NEW QUESTION 23
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

  • A. Configure a predefined authentication provider for Facebook.
  • B. Create a custom external authentication provider for Facebook.
  • C. Configure a predefined authentication provider for Twitter.
  • D. Create a custom external authentication provider for Twitter.

Answer: A,C

 

NEW QUESTION 24
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

  • A. Access Tokens
  • B. Refresh Tokens
  • C. Scopes
  • D. Mobile pins

Answer: C

 

NEW QUESTION 25
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

  • A. Reference to a URL redirect parameter at the service provider.
  • B. Reference to the login address URL of the identity Provider.
  • C. Reference to the login address URL of the service provider.
  • D. Reference to a URL redirect parameter at the identity provider.

Answer: A

 

NEW QUESTION 26
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

  • A. Require the use of Salesforce security tokens on passwords.
  • B. Include Client Id and Client Secret in the login header callout.
  • C. Enforce mutual authentication between systems using SSL.
  • D. Set up a proxy service for the login service in the DMZ.

Answer: A

 

NEW QUESTION 27
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

  • A. SP-initiated SSO will NOT work
  • B. Either SP- or IdP-initiated SSO will work.
  • C. Neither SP- nor IdP-initiated SSO will work.
  • D. IdP-initiated SSO will NOT work.

Answer: C

 

NEW QUESTION 28
Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

  • A. SAML Bearer Assertion flow
  • B. User-Agent flow
  • C. Web Application flow
  • D. Web Server flow

Answer: D

 

NEW QUESTION 29
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use salesforce APIs to create users on the fly
  • B. Use just-in-time provisioning
  • C. Use Identity connect to sync users
  • D. Use on-the-fly provisioning

Answer: B

 

NEW QUESTION 30
Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

  • A. Salesforce Identity is not needed since NTO uses Microsoft AD.
  • B. Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
  • C. A Salesforce Identity can be included but NTO will require Identity Connect.
  • D. Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.

Answer: C

 

NEW QUESTION 31
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

  • A. Complete my domain and Identity provider setup.
  • B. Associate user profiles with the connected Apps.
  • C. Create connected apps for the external applications.
  • D. Create named credentials for each external system.
  • E. Complete single Sign-on settings in security controls.

Answer: A,B,C

 

NEW QUESTION 32
Universal Containers (UC) would like to enable SAML-based SSO for a Salesforce Partner Community. UC has an existing LDAP identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the Partner Community.
What SSO flow should an Architect recommend?

  • A. Web Server
  • B. SP-Initiated
  • C. User-Agent
  • D. IdP-Initiated

Answer: D

 

NEW QUESTION 33
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers

  • A. To use dynamic branding, the community must be built with the Customer Account Portal template.
  • B. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
  • C. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
  • D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

Answer: A,B

 

NEW QUESTION 34
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

  • A. Define a permission set that grants access to the app and assign to authorized users.
  • B. Create custom scopes and assign to the connected app.
  • C. Select "Admin approved users are pre-authonzed" and assign specific profiles.
  • D. Leverage external objects and data classification policies.

Answer: B

 

NEW QUESTION 35
Containers (UC) has multiple Salesforce Orgs and would like to use a single Identity Provider to access all of their orgs. How should UC's Architect enable this behaviour?

  • A. Ensure the same username is allowed in multiple orgs by contacting Salesforce Support.
  • B. Ensure that users have the same Email Value in their user records in all of UC's Salesforce orgs.
  • C. Ensure that users have the same Federation ID value in their User records in all of UC's Salesforce orgs
  • D. Ensure that users have the same Alias value in their user records in all of UC's Salesforce orgs.

Answer: C

 

NEW QUESTION 36
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65* set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

  • A. SP-initiated SSO will NOT work
  • B. Either SP- or IdP-initiated SSO will work.
  • C. Neither SP- nor IdP-initiated SSO will work.
  • D. IdP-initiated SSO will NOT work.

Answer: C

 

NEW QUESTION 37
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

  • A. Create a user and a related contact.
  • B. Create only a contact.
  • C. Create a person account.
  • D. Create a contactless user.

Answer: A

 

NEW QUESTION 38
Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

  • A. Salesforce is the service provider and Facebook is the identity provider
  • B. Facebook is the service provider and salesforce is the identity provider
  • C. Salesforce is the service provider and Google is the identity provider
  • D. Google is the service provider and Facebook is the identity provider

Answer: A,C

 

NEW QUESTION 39
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?

  • A. Create a Connected App that supports the Refresh Token OAuth Flow.
  • B. Create a Connected App that supports the User-Agent OAuth Flow.
  • C. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
  • D. Create a Connected App that supports the Web Server OAuth Flow.

Answer: C

 

NEW QUESTION 40
Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC? (Choose two.)

  • A. Modify the CommunitiesSelfRegController to assign the Profile and Account.
  • B. Modify the SelfRegistration trigger to assign Profile and Account.
  • C. Configure Registration for Communities to use a custom Visualforce Page.
  • D. Configure Registration for Communities to use a custom Apex Controller.

Answer: A,C

 

NEW QUESTION 41
Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA.
UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees'
Choose 2 answers

  • A. Identity and Identity Connect licenses
  • B. Company Community and Identity licenses
  • C. Chatter Only and Identity licenses
  • D. Salesforce and Identity Connect licenses

Answer: A,D

 

NEW QUESTION 42
......

Study resources for the Valid Identity-and-Access-Management-Designer Braindumps: https://www.testsimulate.com/Identity-and-Access-Management-Designer-study-materials.html

Related Blogs

more
Go To Identity-and-Access-Management-Designer Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.