Identity-and-Access-Management-Designer試験無料問題集（245題）「Salesforce Certified Identity and Access Management Designer 認定」

出題：1

A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:
1) Customer purchases the device.
2) Customer registers the device using their mobile app.
3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.
Which OAuth flow should be used to meet these requirements?

A. OAuth 2.0 SAML Bearer Assertion Flow

B. OAuth 2.0 Username-Password Flow

C. OAuth 2.0 Asset Token Flow

D. OAuth 2.0 User-Agent Flow

正解：C 解答を投票する

出題：2

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

A. Configure Delegated Authentication

B. Configure SAML SSO settings.

C. Set up my domain

D. Create a connected App

正解：B,C 解答を投票する

出題：3

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

A. OAuth 2.0 Asset Token Flow

B. OAuth 2.0 JWT Bearer How

C. OAuth 2.0 User-Agent Flow

D. OAuth 2.0 Device Flow

正解：D 解答を投票する

出題：4

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

A. Create a Connected App.

B. Configure Delegated Authentication.

C. Set up My Domain.

D. Configure SAML SSO settings.

正解：C,D 解答を投票する

出題：5

A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

A. View Setup Audit Trail

B. Login History

C. Debug Logs

D. Apex Exception Email

正解：B 解答を投票する

出題：6

Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

A. Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

B. Use a self-signed certificate for salesforce and a self-signed cert for the external system

C. Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system

D. Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system

正解：A,B 解答を投票する

出題：7

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.
What should an identity architect recommend?

A. Setup Salesforce as an IdP to authenticate against the LDAP directory.

B. Use Salesforce connect to synchronize LDAP passwords to Salesforce.

C. Setup Salesforce as an Authentication Provider to the existing IdP.

D. Setup Salesforce as a Service Provider to the existing IdP.

正解：D 解答を投票する

出題：8

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

A. Reference to the login address URL of the service provider.

B. Reference to a URL redirect parameter at the identity provider.

C. Reference to a URL redirect parameter at the service provider.

D. Reference to the login address URL of the identity Provider.

正解：C 解答を投票する

出題：9

Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups. The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?

A. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.

B. Use a login flow to query custom SAML attributes and set permission sets.

C. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.

D. Use a login flow to query standard SAML attributes and set permission sets.

正解：A 解答を投票する

出題：10

Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

A. Refresh Token

B. Authentication Token

C. Access Token

D. Session ID

正解：A,C 解答を投票する

出題：11

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA.
UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees'
Choose 2 answers

A. Chatter Only and Identity licenses

B. Identity and Identity Connect licenses

C. Salesforce and Identity Connect licenses

D. Company Community and Identity licenses

正解：B,C 解答を投票する

出題：12

A global company is using the Salesforce Platform as an Identity Provider and needs to integrate a third-party application with its Experience Cloud customer portal.
Which two features should be utilized to provide users with login and identity services for the third-party application?
Choose 2 answers

A. Use Delegated Authentication.

B. External a Data source with Named Principal identity type.

C. Use the App Launcher with single sign-on (SSO).

D. Use a connected app.

正解：C,D 解答を投票する

出題：13

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

A. SAML Bearer Assertion flow

B. Web Application flow

C. Web Server flow

D. User-Agent flow

正解：C 解答を投票する

出題：14

Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.

B. Create an apex scheduled job in one org that will synchronize the other orgs profile.

C. Implement Delegated Authentication that will update the user profiles as necessary.

D. Implement an Oauthjwt flow to pass the profile credentials between systems.

正解：A 解答を投票する

出題：15

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

A. Salesforce Username

B. User Email Address

C. User Full Name

D. Federation ID

E. Salesforce User ID

正解：B,C,D 解答を投票する

出題：16

Containers (UC) has implemented SAML-based single Sign-on for their Salesforce application and is planning to provide access to Salesforce on mobile devices using the Salesforce1 mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce1 mobile App. Which two recommendations should the Architect make? Choose 2 Answers

A. Use the existing SAML SSO flow along with Web Server Flow.

B. Configure the Embedded Web Browser to use My Domain URL.

C. Configure the Salesforce1 App to use the MY Domain URL.

D. Use the existing SAML-SSO flow along with User Agent Flow.

正解：C,D 解答を投票する

Identity-and-Access-Management-Designer試験無料問題集「Salesforce Certified Identity and Access Management Designer 認定」