Salesforce Certified Identity and Access Management Designer - Certified Identity and Access Management Designer Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: Exam A)
Universal Containers (UC) has decided to use Identity Connect as its Identity Provider. UC uses Active Directory (AD) and has a team that is very familiar and comfortable with managing AD groups. UC would like to use AD Groups to help configure Salesforce users.
Which three actions can AD Groups control through Identity Connect? (Choose three.)
Which three actions can AD Groups control through Identity Connect? (Choose three.)
A. Public Group Assignment
B. Role Assignment
C. Custom Permissions Assignment
D. Granting Report Folder Access
E. Permission Sets Assignment
Answer: ABE
Question #7 (Topic: Exam A)
The CIO of Universal Containers (UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize OAuth 2.0. UC has enlisted an Architect to analyze all of the applications that use OAuth flows to see where refresh tokens can be applied.
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)
Which two OAuth flows should the Architect consider in their evaluation? (Choose two.)
A. JWT Bearer Token
B. Web Server
C. Username-Password
D. User-Agent
Answer: BD
Question #8 (Topic: Exam A)
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?
What SAML SSO setting in Salesforce provides this capability?
A. SAML Identity Location
B. Identity Provider Login URL
C. Entity Id
D. Issuer
Answer: C
Question #9 (Topic: Exam A)
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system.
How can UC's middleware authenticate to Salesforce while adhering to this requirement?
How can UC's middleware authenticate to Salesforce while adhering to this requirement?
A. Create a Connected App that supports the Refresh Token OAuth Flow.
B. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
C. Create a Connected App that supports the User-Agent OAuth Flow.
D. Create a Connected App that supports the Web Server OAuth Flow.
Answer: B
Question #10 (Topic: Exam A)
Customer Service Representatives at Universal Containers (UC) are complaining that whenever they click on links to case records and are asked to log in with SAML SSO, they are being redirected to the Salesforce Home tab and not the specific case record.
What item should an Architect advise the identity team at UC to investigate first?
What item should an Architect advise the identity team at UC to investigate first?
A. My Domain is configured and active within Salesforce.
B. The users have the correct Federation ID within Salesforce.
C. The Salesforce SSO settings are using HTTP POST.
D. The Identity Provider is correctly preserving the RelayState.
Answer: D
