Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Salesforce
  3. IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER

Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER Exam (page: 7)
Salesforce Certified Identity and Access Management Designer
Updated on: 25-Dec-2025

Viewing Page 7 of 48
IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER PDF 230 Questions

Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third- party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy.
Which two options should an architect recommend to UC? Choose 2 answers

  1. Use a professional social media such as LinkedIn as an Authentication provider
  2. Build a custom web page that uses the identity store and calls frontdoor.jsp
  3. Build a custom Web service that is supported by Delegated Authentication.
  4. Implement the Openid protocol and configure an Authentication provider

Answer(s): C,D



Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.

The chief security officer is rolling out an org wide compliance policy to enforce re- venfication of devices if an employee has not logged in from that device in the last week.

Which connected app setting should be leveraged to complywith this policy change?

  1. Scope - Deny refresh_token scope for this connected app.
  2. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
  3. Session Policy - Set timeout value of the connected app to 7 days.
  4. PermittedUser - Ask admins to maintain a list of users who are permitted based on last login date.

Answer(s): B



Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, whouse SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.

Which two mechanisms are used to provision agents with the appropriate permissions?

Choose 2 answers

  1. Use Login Flow in User Context to update role and permission sets.
  2. Use Login Flow in System Context to update role and permission sets.
  3. Use SAML Just-m-Time (JIT) Handler class run as current user to update roleand permission sets.
  4. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.

Answer(s): B,D



Universal Containers (UC)has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

  1. Use SAMLJIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
  2. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.
  3. Use a nightly batch ETL job to sync users between the Customer Community and the e- commerce platform and use SAML to allow SSO.
  4. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allowSSO.

Answer(s): A



Northern TrailOutfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.

Which license should the identity architect recommend to fulfill this requirement?

  1. Identity Only License
  2. External Identity License
  3. Identity Verification Credits Add-on License
  4. Identity Connect License

Answer(s): A



Viewing Page 7 of 48



Share your comments for Salesforce IDENTITY-AND-ACCESS-MANAGEMENT-DESIGNER exam with other users:

luke 9/26/2023 10:52:00 AM

good content
Anonymous


zazza 6/16/2023 9:08:00 AM

question 21 answer is alerts
ITALY


Abwoch Peter 7/4/2023 3:08:00 AM

am preparing for exam
Anonymous


mohamed 9/12/2023 5:26:00 AM

good one thanks
EGYPT


Mfc 10/23/2023 3:35:00 PM

only got thru 5 questions, need more to evaluate
Anonymous


Whizzle 7/24/2023 6:19:00 AM

q26 should be b
Anonymous


sarra 1/17/2024 3:44:00 AM

the aaa triad in information security is authentication, accounting and authorisation so the answer should be d 1, 3 and 5.
UNITED KINGDOM


DBS 5/14/2023 12:56:00 PM

need to attend this
UNITED STATES


Da_costa 8/1/2023 5:28:00 PM

these are free brain dumps i understand, how can one get free pdf
Anonymous


vikas 10/28/2023 6:57:00 AM

provide access
EUROPEAN UNION


Abdullah 9/29/2023 2:06:00 AM

good morning
Anonymous


Raj 6/26/2023 3:12:00 PM

please upload the ncp-mci 6.5 dumps, really need to practice this one. thanks guys
Anonymous


Miguel 10/5/2023 12:21:00 PM

question 16: https://help.salesforce.com/s/articleview?id=sf.care_console_overview.htm&type=5
SPAIN


Hiren Ladva 7/8/2023 10:34:00 PM

yes i m prepared exam
Anonymous


oliverjames 10/24/2023 5:37:00 AM

my experience was great with this site as i studied for the ms-900 from here and got 900/1000 on the test. my main focus was on the tutorials which were provided and practice questions. thanks!
GERMANY


Bhuddhiman 7/20/2023 11:52:00 AM

great course
UNITED STATES


Anuj 1/14/2024 4:07:00 PM

very good question
Anonymous


Saravana Kumar TS 12/8/2023 9:49:00 AM

question: 93 which statement is true regarding the result? sales contain 6 columns and values contain 7 columns so c is not right answer.
INDIA


Lue 3/30/2023 11:43:00 PM

highly recommend just passed my exam.
CANADA


DC 1/7/2024 10:17:00 AM

great practice! thanks
UNITED STATES


Anonymus 11/9/2023 5:41:00 AM

anyone who wrote this exam recently?
SOUTH AFRICA


Khalid Javid 11/17/2023 3:46:00 PM

kindly share the dump
Anonymous


Na 8/9/2023 8:39:00 AM

could you please upload cfe fraud prevention and deterrence questions? it will be very much helpful.
Anonymous


shime 10/23/2023 10:03:00 AM

this is really very very helpful for mcd level 1
ETHIOPIA


Vnu 6/3/2023 2:39:00 AM

very helpful!
Anonymous


Steve 8/17/2023 2:19:00 PM

question #18s answer should be a, not d. this should be corrected. it should be minvalidityperiod
CANADA


RITEISH 12/24/2023 4:33:00 AM

thanks for the exact solution
Anonymous


SB 10/15/2023 7:58:00 AM

need to refer the questions and have to give the exam
INDIA


Mike Derfalem 7/16/2023 7:59:00 PM

i need it right now if it was possible please
Anonymous


Isak 7/6/2023 3:21:00 AM

i need it very much please share it in the fastest time.
Anonymous


Maria 6/23/2023 11:40:00 AM

correct answer is d for student.java program
IRELAND


Nagendra Pedipina 7/12/2023 9:10:00 AM

q:37 c is correct
INDIA


John 9/16/2023 9:37:00 PM

q6 exam topic: terramearth, c: correct answer: copy 1petabyte to encrypted usb device ???
GERMANY


SAM 12/4/2023 12:56:00 AM

explained answers
INDIA