Free 2023 Identity and Access Management Designer Identity-and-Access-Management-Architect dumps are available on Google Drive shared by PremiumVCEDump
Welcome to download the newest PremiumVCEDump Identity-and-Access-Management-Architect PDF dumps: https://www.premiumvcedump.com/Salesforce/valid-Identity-and-Access-Management-Architect-premium-vce-exam-dumps.html ( 245 Q&As)
NEW QUESTION # 139
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers
- A. The Identity Provider is also used to SSO into five other applications.
- B. The Issuer Certificate from the Identity Provider expired two weeks ago.
- C. The default language for the Identity Provider and Salesforce are Different.
- D. The clock on the Identity Provider server is twenty minutes behind Salesforce.
Answer: B,D
NEW QUESTION # 140
Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?
- A. Configure an authentication provider to delegate authentication to the LDAP directory.
- B. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
- C. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
- D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.
Answer: A
NEW QUESTION # 141
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups.
Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
- A. Use Identity connect to sync users from Active Directory to salesforce
- B. Use the salesforce REST API to sync users from active directory to salesforce
- C. Use Active Directory Federation Services to sync users from active directory to salesforce.
- D. Use an app exchange product to sync users from Active Directory to salesforce.
Answer: A,D
NEW QUESTION # 142
Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce?
Choose 2 answers
- A. Request Salesforce Support to enable delegated authentication.
- B. Once SSO is enabled, users are only able to login using Salesforce credentials.
- C. Assign user "is Single Sign-on Enabled" permission via profile or permission set.
- D. Enable My Domain and select "Prevent login from https://login.salesforce.com".
Answer: C,D
NEW QUESTION # 143
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?
- A. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
- B. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
- C. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
- D. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
Answer: C
NEW QUESTION # 144
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
- A. Identity Connect License
- B. Identity Only License
- C. Identity Verification Credits Add-on License
- D. External Identity License
Answer: B
NEW QUESTION # 145
A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation in the community.
Which should be used to satisfy this requirement?
- A. OAuth Device Flow
- B. Named Credentials
- C. Login Flows
- D. Single Sign-On Settings
Answer: A
NEW QUESTION # 146
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers
- A. Resource deep linking
- B. Login forensics
- C. App launcher
- D. SSO from salesforce1 mobile app.
Answer: A,D
NEW QUESTION # 147
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?
- A. Canvas App Integration
- B. OAuth Tokens
- C. Connected App and OAuth scopes
- D. Authentication Providers
Answer: C
NEW QUESTION # 148
A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:
1) Customer purchases the device.
2) Customer registers the device using their mobile app.
3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.
Which OAuth flow should be used to meet these requirements?
- A. OAuth 2.0 User-Agent Flow
- B. OAuth 2.0 Asset Token Flow
- C. OAuth 2.0 Username-Password Flow
- D. OAuth 2.0 SAML Bearer Assertion Flow
Answer: B
NEW QUESTION # 149
A real estate company wants to provide its customers a digital space to design their interior decoration options.
To simplify the registration to gain access to the community site (built in Experience Cloud), the CTO has requested that the IT/Development team provide the option for customers to use their existing social-media credentials to register and access.
The IT lead has approached the Salesforce Identity and Access Management (IAM) architect for technical direction on implementing the social sign-on (for Facebook, Twitter, and a new provider that supports standard OpenID Connect (OIDC)).
Which two recommendations should the Salesforce IAM architect make to the IT Lead?
Choose 2 answers
- A. Use declarative registration handler process builder/flow to create, update users and contacts.
- B. Apex coding skills are needed for registration handler to create and update users.
- C. For supporting OIDC it is necessary to enable Security Assertion Markup Language (SAML) with Just-in-Time provisioning (JIT) and OAuth 2.0.
- D. Authentication provider configuration is required each social sign-on providers; and enable Authentication providers in community.
Answer: B,D
NEW QUESTION # 150
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'
- A. StartURL on Identity Provider
- B. Service-Provider-Initiated SSO
- C. Identity-Provider-initiated SSO
- D. Web Server OAuth SSO flow
Answer: B
NEW QUESTION # 151
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
- A. Use Google Authenticator as an additional part of the login process
- B. Require High Assurance sessions in order to use the Connected App.
- C. Set Login IP Ranges to the internal network for all of the app users Profiles.
- D. Disallow the use of Single Sign-on for any users of the mobile app.
Answer: A,B
NEW QUESTION # 152
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
- A. OAuth Username-Password Flow
- B. OAuth Refresh Token FLow
- C. OAuth SAML Bearer Assertion FLow
- D. OAuth JWT Bearer Token FLow
Answer: C,D
NEW QUESTION # 153
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers
- A. The Use Digital Signature option in the connected app.
- B. The "edair_api" OAuth scope m the connected app.
- C. The "web" OAuth scope in the connected app,
- D. The "api" OAuth scope in the connected app.
Answer: A,D
NEW QUESTION # 154
......
Tested Material Used To Identity-and-Access-Management-Architect: https://www.premiumvcedump.com/Salesforce/valid-Identity-and-Access-Management-Architect-premium-vce-exam-dumps.html
Following are some new Identity-and-Access-Management-Architect Real Exam Questions!: https://drive.google.com/open?id=1QTMzEXe8Dy9xQXX0hNTaB4P0anEEBEXH