Identity-and-Access-Management-Designer Salesforce Exam Questions and Free Practice Test

Question 37

Universal Containers (UC) wants to build a mobile application that twill be making calls to the Salesforce REST API. UC's Salesforce implementation relies heavily on custom objects and custom Apex code. UC does not want its users to have to enter credentials every time they use the app. Which two scope values should an Architect recommend to UC? Choose 2 answers.

A. Custom_permissions

B. Api

C. Refresh_token

D. Full

Correct Answer:BC

Question 38

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

Correct Answer:AC

Question 39

Universal containers (UC) wants to integrate a Web application with salesforce. The UC team has implemented the Oauth web-server Authentication flow for authentication process. Which two considerations should an architect point out to UC? Choose 2 answers

A. The web application should be hosted on a secure server.

B. The web server must be able to protect consumer privacy

C. The flow involves passing the user credentials back and forth.

D. The flow will not provide an Oauth refresh token back to the server.

Correct Answer:AB

Question 40

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

A. Select "Admin approved users are pre-authonzed" and assign specific profiles.

B. Create custom scopes and assign to the connected app.

C. Define a permission set that grants access to the app and assign to authorized users.

D. Leverage external objects and data classification policies.

Correct Answer:B

Question 41

architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

A. The Identity Provider is also used to SSO into five other applications.

B. The clock on the Identity Provider server is twenty minutes behind Salesforce.

C. The Issuer Certificate from the Identity Provider expired two weeks ago.

D. The default language for the Identity Provider and Salesforce are Different.

Correct Answer:BC

Question 42

Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement? Choose 2 answers

A. The Use Digital Signature option in the connected app.

B. The "web" OAuth scope in the connected app,

C. The "api" OAuth scope in the connected app.

D. The "edair_api" OAuth scope m the connected app.

Correct Answer:AC

START Identity-and-Access-Management-Designer EXAM