Free Identity and Access Management Designer Exam Identity-and-Access-Management-Designer Exam Practice Test

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?

• The self-registration process will produce an error to the user.
• The self-registration page will ask user to select an account.
• The self-registration process will create a person Account record.
• The self-registration page will create a new account record.

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

• Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.
• Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.
• Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.
• Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

• Salesforce license for sales users and Identity license for Marketing users
• Salesforce license for sales users and External Identity license for Marketing users
• Identity license for sales users and Identity connect license for Marketing users
• Salesforce license for sales users and platform license for Marketing users.

An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their Customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into.Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

• Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.
• Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows.
• Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.
• Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.

Universal Containers (UC) would like to enable self-registration for their Salesforce Partner Community Users. UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate Profile and Account values.Which two actions should the Architect recommend to UC1Choose 2 answers

• Configure Registration for Communities to use a custom Visualforce Page.
• Modify the SelfRegistration trigger to assign Profile and Account.
• Modify the CommunitiesSelfRegController to assign the Profile and Account.
• Configure Registration for Communities to use a custom Apex Controller.

Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
• Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
• Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.What should be done to improve security?

• Select 'Admin approved users are pre-authonzed' and assign specific profiles.
• Create custom scopes and assign to the connected app.
• Define a permission set that grants access to the app and assign to authorized users.
• Leverage external objects and data classification policies.

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

• Web server
• Jwt bearer token
• User-Agent
• Username-password

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

• Users leaving laptops unattended and not logging out of Salesforce.
• Users accessing Salesforce from a public Wi-Fi access point.
• Users choosing passwords that are the same as their Facebook password.
• Users creating simple-to-guess password reset questions.