What High Value Identity-and-Access-Management-Designer Brain Dumps Is

NEW QUESTION 1
Universal Containers (UC) wants its users to access Salesforce and other SSO-enabled applications from a custom web page that UC magnets. UC wants its users to use the same set of credentials to access each of the applications. what SAML SSO flow should an Architect recommend for UC?

• A. SP-Initiated with Deep Linking
• B. SP-Initiated
• C. IdP-Initiated
• D. User-Agent

Answer: C

NEW QUESTION 2
Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

• A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience.
• B. Build a custom visualforce page for both the change password and Forgot password experiences.
• C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience.
• D. Build a community builder page for both the change password and Forgot password experiences.

Answer: BC

NEW QUESTION 3
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?

• A. Canvas App Integration
• B. OAuth Tokens
• C. Authentication Providers
• D. Connected App and OAuth scopes

Answer: D

NEW QUESTION 4
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

• A. The administrator forgot to reset the new user's salesforce password.
• B. The Federation ID field on the new user records is not correctly set
• C. The my domain capability is not enabled on the new user's profile.
• D. The new users do not have the SSO permission enabled on their profiles.

Answer: B

NEW QUESTION 5
Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?

• A. Create a Canvas app and use Signed Requests to authenticate the users.
• B. Rewrite the web application as a set of Visualforce pages and Apex code.
• C. Configure the web application as an item in the Salesforce App Launcher.
• D. Add the web application as a ConnectedApp using OAuth User-Agent flow.

Answer: A

NEW QUESTION 6
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement? Choose 2 answers

• A. The Use Digital Signature option in the connected app.
• B. The "web" OAuth scope in the connected app,
• C. The "api" OAuth scope in the connected app.
• D. The "edair_api" OAuth scope m the connected app.

Answer: AC

NEW QUESTION 7
A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

• A. Login Forensics
• B. Login Report
• C. Login Inspector
• D. Login History

Answer: A

NEW QUESTION 8
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

• A. Access Tokens
• B. Mobile pins
• C. Refresh Tokens
• D. Scopes

Answer: D

NEW QUESTION 9
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: D

NEW QUESTION 10
Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

• A. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.
• B. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• C. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.
• D. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

Answer: BD

NEW QUESTION 11
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication? Choose 2 answers

• A. Salesforce license for sales users and Identity license for Marketing users
• B. Salesforce license for sales users and External Identity license for Marketing users
• C. Identity license for sales users and Identity connect license for Marketing users
• D. Salesforce license for sales users and platform license for Marketing users.

Answer: AD

NEW QUESTION 12
A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.

What is recommended to ensure these requirements are met ?

• A. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
• B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
• C. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
• D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce

Answer: B

NEW QUESTION 13
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

• A. The Identity Provider can authenticate multiple applications.
• B. The Identity Provider can authenticate multiple social media accounts.
• C. The Identity provider can store credentials for multiple applications.
• D. The Identity Provider can centralize enterprise password policy.

Answer: AD

NEW QUESTION 14
Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropnate approval in the Salesforce org.
Which three steps should the identity architect use to implement this requirement? Choose 3 answers

• A. Create an approval process for a custom object associated with the provisioning flow.
• B. Create a connected app for Concur in Salesforce.
• C. Enable User Provisioning for the connected app.
• D. Create an approval process for user object associated with the provisioning flow.
• E. Create an approval process for UserProvisionlngRequest object associated with the provisioning flow.

Answer: BCE

NEW QUESTION 15
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

• A. The CA-Signed Certificate from the Certificate and Key Management menu.
• B. The default Client Certificate from the Develop--> API Menu.
• C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
• D. The Self-Signed Certificates from the Certificate & Key Management menu.

Answer: B

NEW QUESTION 16
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?

• A. Require the use of Salesforce security tokens on passwords.
• B. Enforce mutual authentication between systems using SSL.
• C. Include Client Id and Client Secret in the login header callout.
• D. Set up a proxy service for the login service in the DMZ.

Answer: A

NEW QUESTION 17
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

• A. Add each connected App to the App Launcher with a Start URL.
• B. Set up an Auth Provider for each External Application.
• C. Set up Salesforce as a SAML Idp with My Domain.
• D. Set up Identity Connect to Synchronize user data.
• E. Create a Connected App for each external application.

Answer: ACE

NEW QUESTION 18
Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

• A. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
• B. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.
• C. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
• D. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

Answer: C

NEW QUESTION 19
......