Identity-and-Access-Management-Designer | The Down To Date Guide To Identity-and-Access-Management-Designer Actual Exam

NEW QUESTION 1
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers

• A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization anunderstanding of the user's login activity across all its digital properties and applications.
• C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity,even if it spans multiple corporate brands and user experiences.
• D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: BC

NEW QUESTION 2
Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.
What role does identity Connect play in the outlined requirements?

• A. Service Provider
• B. Single Sign-On
• C. Identity Provider
• D. User Management

Answer: D

NEW QUESTION 3
A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation In the community.
Which should be used to satisfy this requirement?

• A. Named Credentials
• B. Login Flows
• C. OAuth Device Plow
• D. Single Sign-On Settings

Answer: C

NEW QUESTION 4
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers. What SAML SSO setting in Salesforce provides this capability?

• A. Identity Provider Login URL.
• B. Issuer.
• C. Entity Id
• D. SAML Identity Location.

Answer: C

NEW QUESTION 5
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

• A. Resource deep linking
• B. App launcher
• C. SSO from salesforce1 mobile app.
• D. Login forensics

Answer: AC

NEW QUESTION 6
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers

• A. App Launcher
• B. Resource deep linking
• C. SSO from Salesforce Mobile App
• D. Login Forensics

Answer: BC

NEW QUESTION 7
Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

• A. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
• B. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
• C. Use a self-signed certificate for salesforce and a self-signed cert for the external system
• D. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

Answer: CD

NEW QUESTION 8
A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.
Which action will accomplish this?

• A. Use a HTTP POST to request the refresh token for the current user.
• B. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.
• C. Use a HTTP POST to make a call to the revoke token endpoint.
• D. Enable Single Logout with a secure logout URL.

Answer: C

NEW QUESTION 9
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

• A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
• B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
• C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
• D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Answer: B

NEW QUESTION 10
An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute.
What should the IAM do to fulfill this requirement?

• A. Configure both the community and the commerce sites as OAuth2 RPs (relying party) with an external identity provider.
• B. Configure community as a Security Assertion Markup Language (SAML) identity provider and enable Just-in-Time Provisioning to B2C Commerce.
• C. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case.
• D. Confirm performance considerations with Salesforce Customer Support due to high peaks.

Answer: D

NEW QUESTION 11
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

• A. Trust relationships between Identity Provider and Service Provider are required.
• B. SAML tokens can be in XML or JSON format and can be used interchangeably.
• C. Web applications with no passwords are more secure and stronger against attacks.
• D. Access tokens are used to access resources on the server once the user is authenticated.
• E. Centralized federation provides single point of access, control and auditing.

Answer: ADE

NEW QUESTION 12
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site? Choose 2 answers

• A. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
• B. To use dynamic branding, the community must be built with the Customer Account Portal template.
• C. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
• D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

Answer: BC

NEW QUESTION 13
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

• A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
• B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
• C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
• D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Answer: C

NEW QUESTION 14
Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

• A. Configure the custom employee app as a connected app.
• B. Configure AWS as an OpenID Connect Provider.
• C. Create a custom external authentication provider.
• D. Develop a custom Auth server in AWS.

Answer: B

NEW QUESTION 15
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
* 1. The development team has decided to use a Canvas app to expose the pricing application to agents.
* 2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

• A. Select "Enable as a Canvas Personal App" in the connected app settings.
• B. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
• C. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
• D. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

Answer: CD

NEW QUESTION 16
......