Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce,

Which Salesforce OAuth authorization flow should be used?

AOAuth 2.0 SAML Bearer Assertion Flow

BA SAML Assertion Row

COAuth 2.0 User-Agent Flow

DOAuth 2.0 JWT Bearer Flow

Answer : B

Question 2

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.

What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

AEnsure that there is an HTTPS connection between IDP and SP.

BEnsure that on the SSO settings page, the 'Request Signing Certificate' field has a self-signed certificate.

CEnsure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

DEncrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

Answer : D

Question 3

A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.

Which feature should an identity architect recommend to meet the requirements?

AIntegrate with social websites (Facebook, Linkedin. Twitter)

BUse an external Identity Provider

CCreate a custom Lightning Web Component

DUse Login Discovery

Answer : D

Question 4

Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.

After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.

Which three steps should an identity architect follow to implement the outlined requirements?

Choose 3 answers

AEnable 'Allow customers and partners to self-register'.

BSelect the 'Configurable Self-Reg Page' option under Login & Registration.

CSet jp an external login page and call Salesforce APIs for user creation.

DCustomize the self-registration Apex handler to temporarily associate the user to a shared single contact record.

ECustomize me self-registration Apex handler to create only the user record.

Answer : A, B, E

Question 5

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

AReview the User record and evaluate the login and transaction history.

BDownload the Setup Audit Trail and review all recent activities performed by the user.

CDownload the Identity Provider Event Log and evaluate the details of activities performed by the user.

DDownload the Login History and evaluate the details of logins performed by the user.

Answer : D

Question 6

A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

Which two considerations should the architect keep in mind?

Choose 2 answers

AAMR field shows the authentication methods used at IdP.

BBoth OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

CHigh-assurance sessions must be configured under Session Security Level Policies.

DDependency on what is supported by OpenID Connect (OIDC) implementation at IdP.

Answer : A, B

Question 7

A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:

1) Customer purchases the device.

2) Customer registers the device using their mobile app.

3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.

Which OAuth flow should be used to meet these requirements?

AOAuth 2.0 Asset Token Flow

BOAuth 2.0 Username-Password Flow

COAuth 2.0 User-Agent Flow

DOAuth 2.0 SAML Bearer Assertion Flow

Answer : A

Salesforce Identity-and-Access-Management-designer Identity and Access Management Designer Exam Practice Test