Salesforce Identity-and-Access-Management-Designer Identity and Access Management Designer Exam Exam Practice Test Questions

• Question 1

  Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?

  • SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
  • Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
  • Provisioning API for both Provisioning and Deprovisioning.
  • Just-in-Time (JIT) for both Provisioning and Deprovisioning.

  Show Answer Answer: D Next

• Question 2

  A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.Which Salesforce feature should be used to debug the issue?

  • Apex Exception Email
  • View Setup Audit Trail
  • Debug Logs
  • Login History

  Show Answer Answer: D Next

• Question 3

  Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

  • JWT Bearer Token flow
  • Refresh Token flow
  • SAML Bearer Assertion flow
  • Web Service flow

  Show Answer Answer: A, C Next

• Question 4

  How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

  • Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
  • Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
  • Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
  • Apply the 'Two-factor Authentication for User Interface Logins' permission and Login IP Ranges for all Profiles.

  Show Answer Answer: A Next

• Question 5

  architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

  • The Identity Provider is also used to SSO into five other applications.
  • The clock on the Identity Provider server is twenty minutes behind Salesforce.
  • The Issuer Certificate from the Identity Provider expired two weeks ago.
  • The default language for the Identity Provider and Salesforce are Different.

  Show Answer Answer: B, C Next