Free IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Braindumps (page: 30)

Page 29 of 59

The security team at Universal containers(UC) has identified exporting reports as a high- risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials.
What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

  1. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grantsthe Export Reports permission.
  2. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
  3. Use SAML Federated Authentication and block access to reports when accesses through astandard assurance session.
  4. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Answer(s): C



An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).

Mow can end users change their password?

  1. Users once logged In, can go to the Change Password screen in Salesforce.
  2. Users can click on the "Forgot your Password" link on the Salesforce.com login page.
  3. Users can request the Salesforce Admin to reset their password.
  4. Users can change it on the enterprise LDAP authentication portal.

Answer(s): C



Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).

Which three OAuth concepts apply to this flow?

Choose 3 answers

  1. Client ID
  2. Refresh Token
  3. Authorization Code
  4. Verification Code
  5. Scopes

Answer(s): A,B,E



Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store.
What type of Authentication flow is required to support deep linking?

  1. Web server Oauth SSO flow.
  2. Identity-provider-initiated SSO
  3. Service-provider-initiated SSO
  4. StartURL on identity provider

Answer(s): C






Post your Comments and Discuss Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam with other Community members:

Exam Discussions & Posts