Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.

Which configuration will meet this requirement?

ACreate and assign a permission set to all employees that includes 'MFA for User Interface Logins.'

BCreate a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

CEnable 'MFA for User Interface Logins' for your organization from Setup -> Identity Verification.

DFor all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

Answer : C

Question 2

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:

1. Users should not have to login every time they use the app.

2. The app should be able to make calls to the Salesforce REST API.

3. End users should NOT see the OAuth approval page.

How should the identity architect configure the Salesforce connected app to meet the requirements?

AEnable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to 'Admin Pre-Approved'.

BEnable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved'.

CEnable the Full Access Scope and then set the connected app access settings to 'Admin Pre-Approved'.

DEnable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to 'User may self authorize'.

Answer : A

Question 3

Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.

NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.

What should an Identity Architect do to provision, deprovision and authenticate users?

ASalesforce Identity is not needed since NTO uses Microsoft AD.

BSalesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.

CSalesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.

DA Salesforce Identity can be included but NTO will require Identity Connect.

Answer : D

Question 4

Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.

UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.

Which of the following license types should be used to meet the requirement?

AExternal Apps License

BPartner Community License

CPartner Community Login License

DCustomer Community plus Login License

Answer : D

Question 5

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.

Which authentication mechanism should an identity architect recommend to meet the requirements?

AOpenID Connect

BUser Agent Flow

CJWT Bearer Token Flow

DWeb Server Flow

Answer : D

Question 6

The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.

The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.

Which two solutions should the IAM specialist recommend?

Choose 2 answers

AUse Experience Builder to build branded Reset and Forgot Password pages.

BBuild custom pages for branding requirements in Experience Cloud.

CBuild custom site pages for reset and forgot password features.

DLogin & Registration pages can be branded in the Community Administration settings.

Answer : A, D

Question 7

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.

Which Salesforce license should UC utilize to implement this use case?

AIdentity Only

BSalesforce Platform

CExternal Identity

DPartner Community

Answer : C

Salesforce Identity and Access Management Designer Exam Practice Test