Salesforce Identity-and-Access-Management-designer Exam Questions Instant Access

Question 1

Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.

Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.

What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

AMerge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.

BDelete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

CContacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.

DEnable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.

Answer : C

Question 2

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

AUse SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

BUse SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

CUse SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

DUse SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer : C

Question 3

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

AReview the User record and evaluate the login and transaction history.

BDownload the Setup Audit Trail and review all recent activities performed by the user.

CDownload the Identity Provider Event Log and evaluate the details of activities performed by the user.

DDownload the Login History and evaluate the details of logins performed by the user.

Answer : D

Question 4

A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.

The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.

What should an Identity architect do to meet this requirement?

AUse open SSL to generate a Self-signed Certificate and upload it to the on-premise app.

BConfigure the company firewall to allow traffic from Salesforce IP ranges.

CGenerate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.

DUpload a third-party certificate from Salesforce into the on-premise server.

Answer : B

Question 5

Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

ADisallow the use of single Sign-on for any users of the mobile app.

BRequire high assurance sessions in order to use the connected App

CUse Google Authenticator as an additional part of the logical processes.

DSet login IP ranges to the internal network for all of the app users profiles.

Answer : B, C

Question 6

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.

How should a partner identity be provisioned in Salesforce for this solution?

ACreate only a contact.

BCreate a contactless user.

CCreate a user and a related contact.

DCreate a person account.

Answer : C

Question 7

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

AThe Oauth authorizations are being revoked by a nightly batch job.

BThe refresh token expiration policy is set incorrectly in salesforce

CThe app is requesting too many access Tokens in a 24-hour period

DThe users forget to check the box to remember their credentials.

Answer : B

Salesforce Identity and Access Management Designer Identity-and-Access-Management-designer Exam Questions