Free Identity and Access Management Designer Exam Identity-and-Access-Management-Designer Exam Practice Test

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

• Users leaving laptops unattended and not logging out of Salesforce.
• Users accessing Salesforce from a public Wi-Fi access point.
• Users choosing passwords that are the same as their Facebook password.
• Users creating simple-to-guess password reset questions.

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .Which two options allow the Identity Architect to fulfill the requirements?Choose 2 answers

• Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
• Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
• Redirect the user to a custom page that allows the user to select an existing social identity for login.
• Use the custom registration handler to link social identities to Salesforce identities.

Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.What type of authentication flow is required to support deep linking'

• Web Server OAuth SSO flow
• Service-Provider-Initiated SSO
• Identity-Provider-initiated SSO
• StartURL on Identity Provider

Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.What should an Identity Architect do to provision, deprovision and authenticate users?

• Salesforce Identity is not needed since NTO uses Microsoft AD.
• Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.
• Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
• A Salesforce Identity can be included but NTO will require Identity Connect.

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled ''User Provisioning'' on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

• User Provisioning for Connected Apps does not support role sync.
• Required operation(s) was not mapped in User Provisioning Settings.
• The Approval queue for User Provisioning Requests is unmonitored.
• Salesforce roles have more than three levels in the role hierarchy.

Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.Which three steps need to be configured to enable self-registration using person accounts?Choose 3 answers

• Enable access to person and business account record types under Public Access Settings.
• Contact Salesforce Support to enable business accounts.
• Under Login and Registration settings, ensure that the default account field is empty.
• Contact Salesforce Support to enable person accounts.
• Set organization-wide default sharing for Contact to Public Read Only.

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.How can the Architect meet these requirements?

• Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
• Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
• Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
• Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

• Configure SAML SSO settings.
• Create a Connected App.
• Configure Delegated Authentication.
• Set up My Domain.

The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

• Web server
• Jwt bearer token
• User-Agent
• Username-password

Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to 65 set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?

• IdP-initiated SSO will NOT work.
• Neither SP- nor IdP-initiated SSO will work.
• Either SP- or IdP-initiated SSO will work.
• SP-initiated SSO will NOT work