Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

AId

BWeb

CApi

DCustom_permissions

Answer : D

Question 2

A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC or SAML?

AOIDC is more secure than SAML and therefore is the obvious choice.

BThe SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.

CIf the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.

DThey are equivalent protocols and there is no real reason to choose one over the other.

Answer : B

Question 3

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

AReview the User record and evaluate the login and transaction history.

BDownload the Setup Audit Trail and review all recent activities performed by the user.

CDownload the Identity Provider Event Log and evaluate the details of activities performed by the user.

DDownload the Login History and evaluate the details of logins performed by the user.

Answer : D

Question 4

Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty dat

a. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers

AUse open-ended security questions and complex password requirements

BPrimarily use lookup and picklist fields on the self registration page.

CRequire a captcha at the end of the self-registration process.

DUse hidden fields populated via java script events in the self-registration page.

Answer : C, D

Question 5

What item should an Architect consider when designing a Delegated Authentication implementation?

AThe Web service should be secured with TLS using Salesforce trusted certificates.

BThe Web service should be able to accept one to four input method parameters.

CThe web service should use the Salesforce Federation ID to identify the user.

DThe Web service should implement a custom password decryption method.

Answer : A

Question 6

How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

AUse visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.

BEnable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.

CRemove the Login page from the list of Authentication Services on the My Domain configuration.

DSet the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

Answer : C

Question 7

Universal Containers (UC) has a Customer Community that uses Facebook for Authentication. UC would like to ensure that Changes in the Facebook profile are reflected on the appropriate Customer Community user: How can this requirement be met?

AUse the updateUser method on the registration Handler Class.

BDevelop a scheduled job that calls out to Facebook on a nightly basis.

CUse information in the signed Request that is received from facebook.

DUse SAML Just-In-Time Provisioning between Facebook and Salesforce.

Answer : A

Salesforce Identity-and-Access-Management-designer Identity and Access Management Designer Exam Practice Test