Free Download Certified-Identity-And-Access-Management-Designer Examp Dump: Salesforce.Certified-Identity-And-Access-Management-Designer.Test4Prep.2020-03-17.36q.vcex

File Info

Exam	Certified Identity and Access Management Designer
Number	Certified-Identity-And-Access-Management-Designer
File Name	Salesforce.Certified-Identity-And-Access-Management-Designer.Test4Prep.2020-03-17.36q.vcex
Size	27 KB
Posted	Mar 17, 2020
Download	Salesforce.Certified-Identity-And-Access-Management-Designer.Test4Prep.2020-03-17.36q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%

Demo Questions

Question 1

Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.

Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

Delegated Authentication will continue to work with REST services.
Delegated Authentication will continue to work with a .Net service.
Delegated Authentication will not work with REST services.
Delegated Authentication will not work with a .Net service.

Correct answer: BC

Question 2

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?

Apply the “Two-factor Authentication for User Interface Logins” permission and Login IP Ranges for all Profiles.
Add the company's list of network IP addresses to the Login Range list under 2FA Setup.
Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.

Correct answer: C

Question 3

The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.

Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)

JWT Bearer Token
Web Server
Username-Password
User-Agent

Correct answer: BD

Question 4

An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.

What SAML SSO setting in Salesforce provides this capability?

SAML Identity Location
Identity Provider Login URL
Entity Id
Issuer

Correct answer: C

Question 5

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.

How can UC's middleware authenticate to Salesforce while adhering to this requirement?

Create a Connected App that supports the Refresh Token OAuth Flow.
Create a Connected App that supports the JWT Bearer Token OAuth Flow.
Create a Connected App that supports the User-Agent OAuth Flow.
Create a Connected App that supports the Web Server OAuth Flow.

Correct answer: B

Question 6

Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.

What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

Implement JIT provisioning on the SAML IdP that will pass the ProfileID in each assertion.
Implement Delegated Authentication that will update the user profiles as necessary.
Create an Apex scheduled job in one org that will synchronize the other org's profiles.
Implement an OAuth JWT flow to pass the profile credentials between systems.

Correct answer: A

Question 7

What item should an Architect consider when designing a Delegated Authentication implementation?

The web service should be secured with TLS using Salesforce trusted certificates.
The web service should be able to accept one to four input method parameters.
The web service should use the Salesforce Federation ID to identify the user.
The web service should implement a custom password decryption method.

Correct answer: A

Question 8

Universal Containers has built a custom token-based Two-Factor Authentication system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-Factor login process for it, as well.

What is the recommended solution an Architect should consider?

Replace the custom 2FA system with an AppExchange App that supports on-premise applications and Salesforce.
Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

Correct answer: D

Question 9

An Architect has successfully configured SAML-based SSO for Universal Containers. SSO has been working for 3 months when Universal Containers manually adds a batch of new users to Salesforce. The new users receive an error from Salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access Salesforce.

What is the likely cause of this behavior?

The new users do NOT have the SSO permission enabled on their profiles.
The Federation ID field on the new User records is NOT correctly set.
The administrator forgot to reset the new user's Salesforce password.
The My Domain capability is NOT enabled on the new user's profile.

Correct answer: B

Question 10

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a Connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app.

Which two solutions should be recommended? (Choose two.)