Salesforce Identity-and-Access-Management-designer Exam Practice Test Instant Access

Question 1

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

AUse the custom 2FA system for on-premise applications and native 2FA for Salesforce.

BReplace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

CUse Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

DReplace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Answer : D

Question 2

Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce,

Which Salesforce OAuth authorization flow should be used?

AOAuth 2.0 SAML Bearer Assertion Flow

BA SAML Assertion Row

COAuth 2.0 User-Agent Flow

DOAuth 2.0 JWT Bearer Flow

Answer : B

Question 3

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

AGoogle is the service provider and Facebook is the identity provider

BSalesforce is the service provider and Google is the identity provider

CFacebook is the service provider and salesforce is the identity provider

DSalesforce is the service provider and Facebook is the identity provider

Answer : B, D

Question 4

Universal Containers (UC) has a classified information system that its call center team uses only when they are working on a case with a record type "Classified". They are only allowed to access the system when they own an open "Classified" case, and their access to the system is removed at all other times. They would like to implement SAML SSO eith Salesforce as the Idp, and automatically allow or deny the staff's access to the classified information system based on whether they currently own an open "Classified" case record when they try to access the system using SSO. What is the recommended solution for automatically allowing or denying the access to the classified information system based on the open "classified" case record criteria?

AUse Salesforce reports to identify users that currently owns open 'Classified' cases and should be granted access to the Classified information system.

BUse Apex trigger on case to dynamically assign permission Sets that Grant access when an user is assigned with an open 'Classified' case, and remove it when the case is closed.

CUse Custom SAML JIT Provisioning to dynamically query the user's open 'Classified' cases when attempting to access the classified information system.

DUse a Common Connected App Handler using Apex to dynamically allow access to the system based on whether the staff owns any open 'Classified' Cases.

Answer : D

Question 5

In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

ARedirectURL

BRelayState

CDisplayState

DStartURL

Answer : B

Question 6

Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.

After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.

Which three steps should an identity architect follow to implement the outlined requirements?

Choose 3 answers

AEnable 'Allow customers and partners to self-register'.

BSelect the 'Configurable Self-Reg Page' option under Login & Registration.

CSet jp an external login page and call Salesforce APIs for user creation.

DCustomize the self-registration Apex handler to temporarily associate the user to a shared single contact record.

ECustomize me self-registration Apex handler to create only the user record.

Answer : A, B, E

Question 7

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.

How should the quantity of required Identity Verification Credits be estimated?

AEach community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.

BIdentity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.

CIdentity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins
that will incur a verification challenge.

DIdentity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Answer : B

Salesforce Identity and Access Management Designer Identity-and-Access-Management-designer Exam Practice Test