• Home
  • Articles
  • [Full-Version] 2023 Updated Salesforce Study Guide Identity-and-Access-Management-Designer Dumps Questions [Q22-Q41]

[Full-Version] 2023 Updated Salesforce Study Guide Identity-and-Access-Management-Designer Dumps Questions [Q22-Q41]

Share

[Full-Version] 2023 Updated Salesforce Study Guide Identity-and-Access-Management-Designer Dumps Questions

Newest Identity-and-Access-Management-Designer Exam Dumps Achieve Success in Actual Identity-and-Access-Management-Designer Exam


How to book the Identity-and-Access-Management-Designer Exam

These are following steps for registering the Identity-and-Access-Management-Designer Exam. Step 1: Visit to Webassessor Exam Registration Step 2: Signup/Login to Webassessor Step 3: Select the onsite proctored or online proctored delivery method of Certification Exam Step 4: Select Date, time and confirm with a payment method

For more information, please click here.


Salesforce Identity and Access Management Designer certification is a valuable credential for professionals who work with Salesforce products and services. Salesforce Certified Identity and Access Management Designer certification demonstrates the individual's ability to design and implement secure and scalable IAM solutions on the Salesforce platform. Salesforce Certified Identity and Access Management Designer certification also indicates that the individual has a deep understanding of the best practices and standards in the IAM domain.


To prepare for the Salesforce Identity-and-Access-Management-Designer Exam, candidates can take the official Salesforce training courses or study independently using the Salesforce documentation and other online resources. Upon passing the exam, candidates will receive the Salesforce Certified Identity and Access Management Designer certification, which demonstrates their expertise in designing and implementing secure and scalable identity and access management solutions in the Salesforce ecosystem.

 

NEW QUESTION # 22
Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  • A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  • B. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
  • C. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  • D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.

Answer: A


NEW QUESTION # 23
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

  • A. Salesforce license for sales users and External Identity license for Marketing users
  • B. Identity license for sales users and Identity connect license for Marketing users
  • C. Salesforce license for sales users and Identity license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

Answer: C,D


NEW QUESTION # 24
Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company's internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

  • A. An independent system, because Salesforce is not part of the SSO setup.
  • B. Identity Provider, because the API calls are authenticated by Salesforce.
  • C. Service Provider, because Salesforce is the application for managing ideas.
  • D. Connected App, because Salesforce is connected with Employee portal via API.

Answer: A


NEW QUESTION # 25
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers

  • A. Salesforce license for sales users and Identity license for Marketing users
  • B. Identity license for sales users and Identity connect license for Marketing users
  • C. Salesforce license for sales users and External Identity license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

Answer: C,D


NEW QUESTION # 26
Universal Containers (UC) is building an authenticated Customer Community for its customers. UC does not want customer credentials stored in Salesforce and is confident its customers would be willing to use their social media credentials to authenticate to the Community.
Which two actions should an Architect recommend UC to take? (Choose two.)

  • A. Use Delegated Authentication to call the Twitter login API to authenticate users.
  • B. Configure an Authentication Provider for LinkedIn social media accounts.
  • C. Create a custom Apex Registration Handler to handle new and existing users.
  • D. Configure SSO settings for Facebook to serve as a SAML Identity Provider.

Answer: B,C


NEW QUESTION # 27
Universal Containers (UC) is successfully using Delegated Authentication for their Salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company web services be REST-ful and written in .Net.
Which two considerations should the UC Architect provide to the new CIO? (Choose two.)

  • A. Delegated Authentication will not work with a .Net service.
  • B. Delegated Authentication will continue to work with a .Net service.
  • C. Delegated Authentication will not work with REST services.
  • D. Delegated Authentication will continue to work with REST services.

Answer: B,C


NEW QUESTION # 28
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers

  • A. Salesforce Trigger & Field on Contact Object
  • B. Salesforce Identity Connect
  • C. Configure Cloud Provider Load Balancer
  • D. Active Directory Password Sync Plugin

Answer: B,D


NEW QUESTION # 29
Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.
Mow can a guest register using data previously collected during order placement?

  • A. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.
  • B. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
  • C. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.
  • D. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.

Answer: B


NEW QUESTION # 30
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

  • A. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
  • B. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
  • C. Use custom login flows with callouts to a third-party fingerprint scanning application.
  • D. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

Answer: C


NEW QUESTION # 31
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a Connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app.
Which two solutions should be recommended? (Choose two.)

  • A. Require High Assurance sessions in order to use the Connected App.
  • B. Set Login IP Ranges to the internal network for all of the app users' Profiles.
  • C. Disallow the use of Single Sign-on for any users of the mobile app.
  • D. Use Google Authenticator as an additional part of the login process.

Answer: A,D


NEW QUESTION # 32
Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.
Which Salesforce license should UC utilize to implement this use case?

  • A. External Identity
  • B. Identity Only
  • C. Salesforce Platform
  • D. Partner Community

Answer: A


NEW QUESTION # 33
which three are features of federated Single Sign-on solutions? Choose 3 answers

  • A. It enables quick and easy provisioning and deactivating of users.
  • B. It improves affiliated applications adoption rates.
  • C. It federates credentials control to authorized applications.
  • D. It solves all identity and access management problems.
  • E. It establishes trust between Identity store and service provider.

Answer: A,D,E


NEW QUESTION # 34
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

  • A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
  • B. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.
  • C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
  • D. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Answer: C


NEW QUESTION # 35
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

  • A. The user has not been granted the "Enable single Sign-on" permission
  • B. The "Redirect to identity provider" option has not been selected the SAML configuration.
  • C. The user has not configured the salesforce1 mobile app to use my domain for login
  • D. The "Redirect to Identity Provider" option has been selected in the my domain configuration.

Answer: C


NEW QUESTION # 36
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

  • A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
  • B. Use the Activations feature to meet the compliance requirement to track device information.
  • C. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
  • D. Use the Login History object to track information about devices from which users log in.

Answer: B


NEW QUESTION # 37
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

  • A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
  • B. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
  • C. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
  • D. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

Answer: C,D


NEW QUESTION # 38
Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.
Which two actions should the Architect recommend to UC? (Choose two.)

  • A. Configure Registration for Communities to use a custom Visualforce Page.
  • B. Modify the SelfRegistration trigger to assign Profile and Account.
  • C. Configure Registration for Communities to use a custom Apex Controller.
  • D. Modify the CommunitiesSelfRegController to assign the Profile and Account.

Answer: A,D


NEW QUESTION # 39
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
  • B. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • C. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  • D. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.

Answer: C


NEW QUESTION # 40
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauth refresh token flow
  • B. Oauthjwt bearer token flow
  • C. Oauth SAML bearer assertion flow
  • D. Oauth Username-password flow

Answer: B,C


NEW QUESTION # 41
......

Updated Salesforce Identity-and-Access-Management-Designer Dumps – Check Free Identity-and-Access-Management-Designer Exam Dumps: https://testking.realvce.com/Identity-and-Access-Management-Designer-VCE-file.html

Related Articles

more
Salesforce Identity-and-Access-Management-Designer Certification Practice Exam

Choosing our valid dumps VCE will help you surely pass exams and gain success. RealVCE not only provides professional real exam dumps VCE and Testking practice test VCE but also golden customer service.

Latest Real Exam VCE

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy