IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Online Practice Questions and Answers

Northern Trail Outfitters recently acquired a company. Each company will retain its Identity Provider (IdP). Both companies rely extensively on Salesforce processes that send emails to users to take specific actions in Salesforce.

How should the combined companys' employees collaborate in a single Salesforce org, yet authenticate to the appropriate IdP?

A. Configure unique MyDomains for each company and have generated links use the appropriate MyDomam in the URL.

B. Have generated links append a querystnng parameter indicating the IdP. The login service will redirect to the appropriate IdP.

C. Have generated links be prefixed with the appropriate IdP URL to invoke an IdP-initiated Security Assertion Markup Language flow when clicked.

D. Enable each IdP as a login option in the MyDomain Authentication Service settings. Users will then click on the appropriate IdP button.

A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be invalidated.

Which action will accomplish this?

A. Use a HTTP POST to request the refresh token for the current user.

B. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current OAuth token.

C. Use a HTTP POST to make a call to the revoke token endpoint.

D. Enable Single Logout with a secure logout URL.

Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

A. Associate user profiles with the connected Apps.

B. Complete my domain and Identity provider setup.

C. Create connected apps for the external applications.

D. Complete single Sign-on settings in security controls.

E. Create named credentials for each external system.

Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?

A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.

B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.

C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.

D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.

Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.

Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.

B. Use the Apex Just-m-Time handler to query custom SAML attributes and set permission sets.

C. Use a login flow to query custom SAML attributes and set permission sets.

D. Use a login flow to query standard SAML attributes and set permission sets.

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

What should be used to fulfill this requirement?

A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

B. Use the Activations feature to meet the compliance requirement to track device information.

C. Use the Login History object to track information about devices from which users log in.

D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

A. Reference to a URL redirect parameter at the identity provider.

B. Reference to a URL redirect parameter at the service provider.

C. Reference to the login address URL of the service provider.

D. Reference to the login address URL of the identity Provider.

Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers

A. Public Group Assignment

B. Granting report folder access

C. Role Assignment

D. Custom permission assignment

E. Permission sets assignment

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.

What should an identity architect recommend?

A. Setup Salesforce as a Service Provider to the existing IdP.

B. Setup Salesforce as an IdP to authenticate against the LDAP directory.

C. Use Salesforce connect to synchronize LDAP passwords to Salesforce.

D. Setup Salesforce as an Authentication Provider to the existing IdP.

Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.

Which two Salesforce tools should an identity architect recommend to satisfy the requirements?

Choose 2 answers

A. salesforce Canvas

B. Identity Connect

C. Connected Apps

D. App Launcher