Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

AWeb Application flow

BSAML Bearer Assertion flow

CUser-Agent flow

DWeb Server flow

Answer : D

Question 2

Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?

ACreate a Canvas app and use Signed Requests to authenticate the users.

BRewrite the web application as a set of Visualforce pages and Apex code.

CConfigure the web application as an item in the Salesforce App Launcher.

DAdd the web application as a ConnectedApp using OAuth User-Agent flow.

Answer : A

Question 3

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.

What should a identity architect recommend to create partners?

AOn successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.

BCreate a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.

CCreate a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.

DAllow partners to register through the IdP and create partner users in Salesforce through an API.

Answer : B

Question 4

Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

ARelax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.

BRemove existing restrictions on IP ranges for all types of user access.

CRelax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.

DUse Login Flow to bypass IP range restriction for the mobile app.

Answer : A, C

Question 5

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:

1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.

2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).

Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

AA Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.

BConfigure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.

CConfigure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.

DDeploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.

Answer : A

Question 6

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

AThe CA-Signed Certificate from the Certificate and Key Management menu.

BThe default Client Certificate from the Develop--> API Menu.

CThe default Client Certificate or a Certificate from Certificate and Key Management menu.

DThe Self-Signed Certificates from the Certificate & Key Management menu.

Answer : B

Question 7

A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.

Which action will accomplish this?

AUse a HTTP POST to request the refresh token for the current user.

BUse a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.

CUse a HTTP POST to make a call to the revoke token endpoint.

DEnable Single Logout with a secure logout URL.

Answer : C

Salesforce Identity and Access Management Designer Identity-and-Access-Management-designer Exam Practice Test