File Info
| Exam | Certified Identity and Access Management Designer |
| Number | Certified-Identity-And-Access-Management-Designer |
| File Name | Salesforce.Certified-Identity-And-Access-Management-Designer.VCEplus.2020-03-19.60q.vcex |
| Size | 40 KB |
| Posted | Mar 19, 2020 |
| Download | Salesforce.Certified-Identity-And-Access-Management-Designer.VCEplus.2020-03-19.60q.vcex |
How to open VCEX & EXAM Files?
Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.
Coupon: MASTEREXAM
With discount: 20%
Demo Questions
Question 1
Universal Containers (UC) has decided to build a new, highly sensitive application on the Lightning platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/password to authenticate to this application.
How can an Architect support fingerprints as a form of identification for Salesforce authentication?
- Use Custom Login Flows with callouts to a third-party fingerprint scanning application.
- Use Salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
- Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
- Use an AppExchange product that does fingerprint scanning with native Salesforce Identity Confirmation.
Correct answer: D
Question 2
Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be RESTful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)
- Delegated Authentication will continue to work with REST services.
- Delegated Authentication will continue to work with a .Net service.
- Delegated Authentication will not work with REST services.
- Delegated Authentication will not work with a .Net service.
Correct answer: BC
Question 3
How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?
- Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
- Add the company's list of network IP addresses to the Login Range list under 2FA Setup.
- Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
- Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
Correct answer: C
Question 4
What is a role of an Identity Provider in a Single Sign-on setup using SAML?
- Consume assertion
- Revoke assertion
- Validate assertion
- Create assertion
Correct answer: D
Question 5
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?
- Require the use of Salesforce security tokens on passwords.
- Enforce mutual authentication between systems using SSL.
- Set up a proxy service for the login service in the DMZ.
- Include Client Id and Client Secret in the login header callout.
Correct answer: AB
Question 6
Universal Containers (UC) has decided to use Identity Connect as its Identity Provider. UC uses Active Directory (AD) and has a team that is very familiar and comfortable with managing AD groups. UC would like to use AD Groups to help configure Salesforce users.
Which three actions can AD Groups control through Identity Connect? (Choose three.)
- Public Group Assignment
- Role Assignment
- Custom Permissions Assignment
- Granting Report Folder Access
- Permission Sets Assignment
Correct answer: ABE
Question 7
The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)
- JWT Bearer Token
- Web Server
- Username-Password
- User-Agent
Correct answer: BD
Question 8
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?
- SAML Identity Location
- Identity Provider Login URL
- Entity Id
- Issuer
Correct answer: C
Question 9
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?
- Create a Connected App that supports the Refresh Token OAuth Flow.
- Create a Connected App that supports the JWT Bearer Token OAuth Flow.
- Create a Connected App that supports the User-Agent OAuth Flow.
- Create a Connected App that supports the Web Server OAuth Flow.
Correct answer: B
Question 10
Customer Service Representatives at Universal Containers (UC) are complaining that whenever they click on links to case records and are asked to log in with SAML SSO, they are being redirected to the Salesforce Home tab and not the specific case record.
What item should an Architect advise the identity team at UC to investigate first?
- My Domain is configured and active within Salesforce.
- The users have the correct Federation ID within Salesforce.
- The Salesforce SSO settings are using HTTP POST.
- The Identity Provider is correctly preserving the RelayState.
Correct answer: D
