Identity-and-Access-Management-Designer | What Vivid Identity-and-Access-Management-Designer Free Practice Test Is

NEW QUESTION 1
Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

• A. Identity store
• B. Authentication store
• C. Identity provider
• D. Service provider

Answer: C

NEW QUESTION 2
Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

• A. Delegated Authentication will not work with a.net service.
• B. Delegated Authentication will continue to work with rest services.
• C. Delegated Authentication will continue to work with a.net service.
• D. Delegated Authentication will not work with rest services.

Answer: CD

NEW QUESTION 3
Universal containers wants to implement SAML SSO for their internal salesforce users using a third-party IDP. After some evaluation, UC decides not to set up my domain for their salesforce.org. How does that decision impact their SSO implementation?

• A. Neithersp - nor IDP - initiated SSO will work
• B. Either sp - or IDP - initiated SSO will work
• C. IDP - initiated SSO will not work
• D. Sp-Initiated SSO will not work

Answer: D

NEW QUESTION 4
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• B. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
• C. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Answer: C

NEW QUESTION 5
Universal Containers (UC) has a desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and Salesforce should be seamless. What Authorization flow should the Architect recommend?

• A. JWT Bearer Token Flow
• B. Web Server Authentication Flow
• C. User Agent Flow
• D. Username and Password Flow

Answer: C

NEW QUESTION 6
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

• A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
• B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
• C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
• D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user atfirst login.

Answer: C

NEW QUESTION 7
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

• A. Call SOAP API upsertQ on user object.
• B. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
• C. Run registration handler on incoming OAuth responses.
• D. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

Answer: C

NEW QUESTION 8
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

• A. Users leaving laptops unattended and not logging out of Salesforce.
• B. Users accessing Salesforce from a public Wi-Fi access point.
• C. Users choosing passwords that are the same as their Facebook password.
• D. Users creating simple-to-guess password reset questions.

Answer: BC

NEW QUESTION 9
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers

• A. Activate My Domain to Brand each org to the specific business use case.
• B. Implement SP-Initiated Single Sign-on flows to allow deep linking.
• C. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
• D. Implement Delegated Authentication from each org to the LDAP provider.

Answer: AB

NEW QUESTION 10
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees. In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

• A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
• B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
• C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
• D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

Answer: BD

NEW QUESTION 11
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

• A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
• B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

Answer: BD

NEW QUESTION 12
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

• A. Identity Connect will not support user provisioning in UC's current environment.
• B. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
• C. Identity Connect will only support SP-initiated SAML flows in UC's current environment.
• D. Identity connect is not compatible with UC's current identity environment.

Answer: A

NEW QUESTION 13
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

• A. The web service needs to include Source IP as a method parameter.
• B. UC should whitelist all salesforce ip ranges on their corporate firewall.
• C. The web service can be written using either the soap or rest protocol.
• D. Delegated Authentication is enabled for the system administrator profile.
• E. The return type of the Web service method should be a Boolean value

Answer: ABE

NEW QUESTION 14
An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.
Which Salesforce OAuth authorization flow should be used7

• A. OAuth 2-0 SAML Bearer Assertion Flow
• B. OAuth 2.0 JWT Bearer Flow
• C. SAML Assertion Flow
• D. OAuth 2.0 User-Agent Flow

Answer: C

NEW QUESTION 15
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

• A. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
• B. The user has not configured the salesforce1 mobile app to use my domain for login
• C. The "Redirect to identity provider" option has not been selected the SAML configuration.
• D. The user has not been granted the "Enable single Sign-on" permission

Answer: B

NEW QUESTION 16
......