Identity-and-Access-Management-Designer試験無料問題集（245題）「Salesforce Certified Identity and Access Management Designer 認定」

出題：1

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.
What should NTO's first step be in gathering signals that could indicate account compromise?

A. Review the User record and evaluate the login and transaction history.

B. Download the Identity Provider Event Log and evaluate the details of activities performed by the user.

C. Download the Setup Audit Trail and review all recent activities performed by the user.

D. Download the Login History and evaluate the details of logins performed by the user.

正解：D 解答を投票する

出題：2

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

A. Web applications with no passwords are more secure and stronger against attacks.

B. Access tokens are used to access resources on the server once the user is authenticated.

C. Trust relationships between Identity Provider and Service Provider are required.

D. Centralized federation provides single point of access, control and auditing.

E. SAML tokens can be in XML or JSON format and can be used interchangeably.

正解：B,C,D 解答を投票する

出題：3

Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record.
What should be enabled in Salesforce as a prerequisite?

A. External Identity

B. Multi-Factor Authentication

C. Identity Provider

D. My Domain

正解：D 解答を投票する

出題：4

Northern Trail Outfitters want to allow its consumer to self-register on it business-to-consumer (B2C) portal that is built on Experience Cloud. The identity architect has recommended to use Person Accounts.
Which three steps need to be configured to enable self-registration using person accounts?
Choose 3 answers

A. Enable access to person and business account record types under Public Access Settings.

B. Contact Salesforce Support to enable person accounts.

C. Under Login and Registration settings, ensure that the default account field is empty.

D. Contact Salesforce Support to enable business accounts.

E. Set organization-wide default sharing for Contact to Public Read Only.

正解：A,B,C 解答を投票する

出題：5

Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?

A. The app is requesting too many access Tokens in a 24-hour period

B. The refresh token expiration policy is set incorrectly in salesforce

C. The Oauth authorizations are being revoked by a nightly batch job.

D. The users forget to check the box to remember their credentials.

正解：B 解答を投票する

出題：6

A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers

A. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

B. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

C. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.

D. Select "Enable as a Canvas Personal App" in the connected app settings.

正解：B,C 解答を投票する

出題：7

Universal Containers (UC) is both a Salesforce and Google Apps customer. The UC IT team would like to manage the users for both systems in a single place to reduce administrative burden. Which two optimal ways can the IT team provision users and allow Single Sign-on between Salesforce and Google Apps ? Choose 2 answers

A. Use Identity Connect as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

B. Use Salesforce as the Identity Provider and Google Apps as a Service Provider and configure User Provisioning for Connected Apps.

C. Build a custom app running on Heroku as the Identity Provider that can sync user information between Salesforce and Google Apps.

D. Use a third-party product as the Identity Provider for both Salesforce and Google Apps and manage the provisioning from there.

正解：B,D 解答を投票する

出題：8

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers

A. A custom registration handier can be set.

B. The default login user can be set.

C. The default authentication provider certificate can be set.

D. A custom error URL can be set.

正解：A,D 解答を投票する

出題：9

Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

A. Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.

B. Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.

C. Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.

D. Use a Salesforce Login Flow to call out to a web service and create the user on the fly.

正解：A 解答を投票する

出題：10

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A. Login Inspector

B. Login Forensics

C. Login History

D. Login Report

正解：B 解答を投票する

出題：11

Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

A. Modify the existing Communities registration controller to assign different profiles.

B. Create an After Insert Apex trigger on the user object to assign specific custom permissions.

C. Modify the Community pages to utilize specific fields on the User and Contact records.

D. Create separate login flows corresponding to the different community user personas.

正解：C 解答を投票する

出題：12

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

A. Salesforce Org1 and PingFederate are acting as Identity Providers.

B. Financial System and CPQ System are the only Service Providers.

C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.

D. Salesforce Org1 and Salesforce Org2 are the only Service Providers.

正解：A 解答を投票する

出題：13

Universal Containers (UC) employees have Salesforce access from restricted IP ranges only, to protect against unauthorised access. UC wants to roll out the Salesforce1 mobile app and make it accessible from any location. Which two options should an Architect recommend? Choose 2 answers

A. Relax the IP restriction with a second factor in the Connect App settings for Salesforce1 mobile app.

B. Use Login Flow to bypass IP range restriction for the mobile app.

C. Relax the IP restrictions in the Connect App settings for the Salesforce1 mobile app.

D. Remove existing restrictions on IP ranges for all types of user access.

正解：A,C 解答を投票する

出題：14

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

B. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

C. Use the Login History object to track information about devices from which users log in.

D. Use the Activations feature to meet the compliance requirement to track device information.

正解：D 解答を投票する

Identity-and-Access-Management-Designer試験無料問題集「Salesforce Certified Identity and Access Management Designer 認定」