Identity-and-Access-Management-Designer Salesforce Exam Questions and Free Practice Test

Question 49

How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

A. Call SOAP API upsertQ on user object.

B. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

C. Run registration handler on incoming OAuth responses.

D. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

Correct Answer:C

Question 50

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers

A. Create a custom external authentication provider for Facebook.

B. Configure a predefined authentication provider for Facebook.

C. Create a custom external authentication provider for Twitter.

D. Configure a predefined authentication provider for Twitter.

Correct Answer:BD

Question 51

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

A. Identity Connect will not support user provisioning in UC's current environment.

B. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.

C. Identity Connect will only support SP-initiated SAML flows in UC's current environment.

D. Identity connect is not compatible with UC's current identity environment.

Correct Answer:A

Question 52

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

A. Reference to a URL redirect parameter at the identity provider.

B. Reference to a URL redirect parameter at the service provider.

C. Reference to the login address URL of the service provider.

D. Reference to the login address URL of the identity Provider.

Correct Answer:B

Question 53

Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

A. Service Provider, because Salesforce is the application for managing ideas.

B. Connected App, because Salesforce is connected with Employee portal via API.

C. Identity Provider, because the API calls are authenticated by Salesforce.

D. An independent system, because Salesforce is not part of the SSO setup.

Correct Answer:D

Question 54

In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.

B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA

C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.

D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Correct Answer:C

START Identity-and-Access-Management-Designer EXAM