Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam (page: 7)
Salesforce Certified Identity and Access Management Designer
Updated on: 09-Feb-2026

Viewing Page 7 of 48
IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER PDF 230 Questions

Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third- party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy.
Which two options should an architect recommend to UC? Choose 2 answers

  1. Use a professional social media such as LinkedIn as an Authentication provider
  2. Build a custom web page that uses the identity store and calls frontdoor.jsp
  3. Build a custom Web service that is supported by Delegated Authentication.
  4. Implement the Openid protocol and configure an Authentication provider

Answer(s): C,D



Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

The chief security officer is rolling out an org wide compliance policy to enforce re- venfication of devices if an employee has not logged in from that device in the last week.

Which connected app setting should be leveraged to complywith this policy change?

  1. Scope - Deny refresh_token scope for this connected app.
  2. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
  3. Session Policy - Set timeout value of the connected app to 7 days.
  4. PermittedUser - Ask admins to maintain a list of users who are permitted based on last login date.

Answer(s): B



Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, whouse SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.

Which two mechanisms are used to provision agents with the appropriate permissions?

Choose 2 answers

  1. Use Login Flow in User Context to update role and permission sets.
  2. Use Login Flow in System Context to update role and permission sets.
  3. Use SAML Just-m-Time (JIT) Handler class run as current user to update roleand permission sets.
  4. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.

Answer(s): B,D



Universal Containers (UC)has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  1. Use SAMLJIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  2. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  3. Use a nightly batch ETL job to sync users between the Customer Community and the e- commerce platform and use SAML to allow SSO.
  4. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allowSSO.

Answer(s): A



Northern TrailOutfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

Which license should the identity architect recommend to fulfill this requirement?

  1. Identity Only License
  2. External Identity License
  3. Identity Verification Credits Add-on License
  4. Identity Connect License

Answer(s): A



Viewing Page 7 of 48



Share your comments for Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam with other users:

Japles 5/23/2023 9:46:00 PM

password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
Anonymous


Faritha 8/10/2023 6:00:00 PM

for question 4, the righr answer is :recover automatically from failures
UNITED STATES


Anonymous 9/14/2023 4:27:00 AM

question number 4s answer is 3, option c. i
UNITED STATES


p das 12/7/2023 11:41:00 PM

very good questions
UNITED STATES


Anna 1/5/2024 1:12:00 AM

i am confused about the answers to the questions. are the answers correct?
KOREA REPUBLIC OF


Bhavya 9/13/2023 10:15:00 AM

very usefull
Anonymous


Rahul Kumar 8/31/2023 12:30:00 PM

need certification.
CANADA


Diran Ole 9/17/2023 5:15:00 PM

great exam prep
CANADA


Venkata Subbarao Bandaru 6/24/2023 8:45:00 AM

i require dump
Anonymous


D 7/15/2023 1:38:00 AM

good morning, could you please upload this exam again,
Anonymous


Ann 9/15/2023 5:39:00 PM

hi can you please upload the dumps for sap contingent module. thanks
AUSTRALIA


Sridhar 1/16/2024 9:19:00 PM

good questions
Anonymous


Summer 10/4/2023 9:57:00 PM

looking forward to the real exam
Anonymous


vv 12/2/2023 2:45:00 PM

good ones for exam preparation
UNITED STATES


Danny Zas 9/15/2023 4:45:00 AM

this is a good experience
UNITED STATES


SM 1211 10/12/2023 10:06:00 PM

hi everyone
UNITED STATES


A 10/2/2023 6:08:00 PM

waiting for the dump. please upload.
UNITED STATES


Anonymous 7/16/2023 11:05:00 AM

upload cks exam questions
Anonymous


Johan 12/13/2023 8:16:00 AM

awesome training material
NETHERLANDS


PC 7/28/2023 3:49:00 PM

where is dump
Anonymous


YoloStar Yoloing 10/22/2023 9:58:00 PM

q. 289 - the correct answer should be b not d, since the question asks for the most secure way to provide access to a s3 bucket (a single one), and by principle of the least privilege you should not be giving access to all buckets.
Anonymous


Zelalem Nega 5/14/2023 12:45:00 PM

please i need if possible h12-831,
UNITED KINGDOM


unknown-R 11/23/2023 7:36:00 AM

good collection of questions and solution for pl500 certification
UNITED STATES


Swaminathan 5/11/2023 9:59:00 AM

i would like to appear the exam.
Anonymous


Veenu 10/24/2023 6:26:00 AM

i am very happy as i cleared my comptia a+ 220-1101 exam. i studied from as it has all exam dumps and mock tests available. i got 91% on the test.
Anonymous


Karan 5/17/2023 4:26:00 AM

need this dump
Anonymous


Ramesh Kutumbaka 12/30/2023 11:17:00 PM

its really good to eventuate knowledge before appearing for the actual exam.
Anonymous


anonymous 7/20/2023 10:31:00 PM

this is great
CANADA


Xenofon 6/26/2023 9:35:00 AM

please i want the questions to pass the exam
UNITED STATES


Diego 1/21/2024 8:21:00 PM

i need to pass exam
Anonymous


Vichhai 12/25/2023 3:25:00 AM

great, i appreciate it.
AUSTRALIA


P Simon 8/25/2023 2:39:00 AM

please could you upload (isc)2 certified in cybersecurity (cc) exam questions
SOUTH AFRICA


Karim 10/8/2023 8:34:00 PM

good questions, wrong answers
Anonymous


Itumeleng 1/6/2024 12:53:00 PM

im preparing for exams
Anonymous