Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

When designing a multi-branded Customer Identity and Access Management solution on the Salesforce Platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?

AThe Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.

BProvide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.

CAdd a custom parameter to the service provider's OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.

DThe Audience ID, which can be set in a shared cookie.

Answer : A

Question 2

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.

What should an identity architect recommend to prevent this from happening in the future?

ACreate a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

BConfigure an authentication provider to delegate authentication to the LDAP directory.

Cuse a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

DSetup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer : B

Question 3

A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.

Which Salesforce feature should be used to debug the issue?

AApex Exception Email

BView Setup Audit Trail

CDebug Logs

DLogin History

Answer : D

Question 4

An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly knot as G Suite).

An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce.

Which solution is recommended to meet this requirement?

AConfigure user Provisioning for Connected Apps.

BUpdate the Security Assertion Markup Language Just-in-Time (SAML JIt; handler in Salesforce for user provisioning and de-provisioning.

CBuild a custom REST endpoint in Salesforce that Google Workspace can poll against.

DBuild an Apex trigger on the useriogin object to make asynchronous callouts to Google APIs.

Answer : A

Question 5

Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow uses the OAuth 2.0 authorization code grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

AVerification URL

BClient Secret

CAccess Token

DScopes

Answer : B, C, D

Question 6

A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

Which two considerations should the architect keep in mind?

Choose 2 answers

AAMR field shows the authentication methods used at IdP.

BBoth OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

CHigh-assurance sessions must be configured under Session Security Level Policies.

DDependency on what is supported by OpenID Connect (OIDC) implementation at IdP.

Answer : A, B

Question 7

A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:

1) Customer purchases the device.

2) Customer registers the device using their mobile app.

3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.

Which OAuth flow should be used to meet these requirements?

AOAuth 2.0 Asset Token Flow

BOAuth 2.0 Username-Password Flow

COAuth 2.0 User-Agent Flow

DOAuth 2.0 SAML Bearer Assertion Flow

Answer : A

Salesforce Identity-and-Access-Management-designer Identity and Access Management Designer Exam Practice Test