Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. Salesforce
  5. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Free IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam Braindumps (page: 31)

Page 30 of 59
PDF with 230 Questions

A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).

When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDCor SAML?

  1. OIDC is more secure than SAML and therefore is the obvious choice.
  2. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.
  3. If the user has a session on Salesforce, you donot want them to be prompted for a username and password when they login to the SP.
  4. They are equivalent protocols and there is no real reason to choose one over the other.

Answer(s): B



Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher.
Which three steps must be completed in salesforce to accomplish the goal?

  1. Associate user profiles with the connected Apps.
  2. Complete my domain and Identity provider setup.
  3. Create connected appsfor the external applications.
  4. Complete single Sign-on settings in security controls.
  5. Create named credentials for each external system.

Answer(s): A,B,C



Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

The chief security officer is rolling out an org wide compliance policy to enforce re- venfication of devices if an employee has not logged in from that device in the last week.

Which connected app setting should be leveraged to complywith this policy change?

  1. Scope - Deny refresh_token scope for this connected app.
  2. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
  3. Session Policy - Set timeout value of the connected app to 7 days.
  4. PermittedUser - Ask admins to maintain a list of users who are permitted based on last login date.

Answer(s): B



Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, whouse SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.

Which two mechanisms are used to provision agents with the appropriate permissions?

Choose 2 answers

  1. Use Login Flow in User Context to update role and permission sets.
  2. Use Login Flow in System Context to update role and permission sets.
  3. Use SAML Just-m-Time (JIT) Handler class run as current user to update roleand permission sets.
  4. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.

Answer(s): B,D






Post your Comments and Discuss Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam with other Community members:

Exam Discussions & Posts