[2023年12月09日] 最速準備で試験合格!Identity-and-Access-Management-Designer問題の事前予備
Identity-and-Access-Management-DesignerのPDF問題集リアル2023最近更新された問題
Salesforce Identity-and-Access-Management-Designer認定試験は、Salesforceエコシステム内のアイデンティティとアクセス管理に特化した専門家を対象に設計されています。この認定は、セキュアで効率的なアイデンティティとアクセス管理ソリューションの設計と実装における候補者の知識と専門知識を検証します。この試験は、認定を受けたいSalesforce環境でアーキテクト、コンサルタント、または管理者として働く人に最適です。
質問 # 15
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?
- A. JWT Bearer Token Flow
- B. User Agent Flow
- C. OpenID Connect
- D. Web Server Flow
正解:D
質問 # 16
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
- A. OAuth JWT Bearer Token FLow
- B. OAuth Username-Password Flow
- C. OAuth Refresh Token FLow
- D. OAuth SAML Bearer Assertion FLow
正解:A、B
質問 # 17
Universal Containers (UC) wants to build a custom mobile app for their field reps to create orders in salesforce. After the first time the users log in, they must be able to access salesforce upon opening the mobile app without being prompted to log in again. What Oauth flows should be considered to support this requirement?
- A. Web Server flow with a Refresh Token.
- B. User Agent flow with a Refresh Token.
- C. SAML Assertion flow with a Bearer Token.
- D. Mobile Agent flow with a Bearer Token.
正解:B
質問 # 18
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers
- A. The sidebar of a Salesforce Console as a console component.
- B. In the mobile navigation menu on Salesforce for Android.
- C. Included in the Call Control Tool that's part of Open CTI.
- D. As part of the body of a Salesforce Knowledge article.
正解:A、D
質問 # 19
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints? Choose 2 answers
- A. Activate My Domain to Brand each org to the specific business use case.
- B. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
- C. Implement Delegated Authentication from each org to the LDAP provider.
- D. Implement SP-Initiated Single Sign-on flows to allow deep linking.
正解:A、D
質問 # 20
Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?
- A. Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
- B. Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.
- C. Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
- D. Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
正解:A
質問 # 21
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?
- A. Run registration handler on incoming OAuth responses.
- B. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
- C. Call SOAP API upsertQ on user object.
- D. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
正解:A
質問 # 22
Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?
- A. Use a dedicated profile for the user the Employee portal user.
- B. Add the Employee portal's IP Address to the trusted IP range for the Connected App.
- C. Add the Employee portal's IP address to the Login IP range on the user profile.? May two answers
- D. Use a digital certificate signed by the Employee portal server.
正解:B
質問 # 23
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?
- A. External Identity License
- B. Identity Only License
- C. Identity Connect License
- D. Identity Verification Credits Add-on License
正解:B
質問 # 24
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.
What role combination is represented by the systems in this scenario''
- A. Salesforce Org1 and PingFederate are acting as Identity Providers.
- B. Financial System and CPQ System are the only Service Providers.
- C. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
- D. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
正解:A
質問 # 25
Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.
Which two page types are valid login page types for the site?
Choose 2 answers
- A. lightning Experience Page
- B. Embedded Login Page
- C. Experience Builder Page
- D. Login Discovery Page
正解:B、D
質問 # 26
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were a part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app.
What should the Architect at UC first investigate?
- A. Validate that the users are checking the box to remember their passwords.
- B. Confirm that the Access Token's Time-To-Live policy has been set appropriately.
- C. Check the Refresh Token Policy defined in the Salesforce Connected App.
- D. Verify that the Callback URL is correctly pointing to the new URI Scheme.
正解:C
質問 # 27
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The default client Certificate from the Develop--> API menu.
- B. The Self-signed Certificates from the Certificate & Key Management menu.
- C. The CA-signed Certificate from the Certificate and Key Management Menu.
- D. The default client Certificate or the Certificate and Key Management menu.
正解:A
質問 # 28
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?
- A. Scope
- B. Callback_uri
- C. State
- D. Redirect_uri
正解:D
質問 # 29
Universal containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to salesforce to upload the e-signatures as a file attachment and uses Oauth protocol for both Authentication and authorization. What is the most recommended and secure Oauth scope setting that an architect should recommend?
- A. Web
- B. Id
- C. Custom_permissions
- D. API
正解:D
質問 # 30
Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?
- A. Authentication store
- B. Identity store
- C. Identity provider
- D. Service provider
正解:C
質問 # 31
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?
- A. Implement multi-factor authentication for the Salesforce org.
- B. Implement 2FA authentication for the Salesforce org.
- C. Set trusted IP ranges for the organization.
- D. Implement an single sign-on for Salesforce using an external identity provider.
正解:C
質問 # 32
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?
- A. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
- B. Create custom metadata that stores user alerts and use a LWC to display alerts.
- C. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
- D. Use Login Flows to add a screen that shows personalized alerts.
正解:D
質問 # 33
The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?
- A. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
- B. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.
- C. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
- D. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
正解:A
質問 # 34
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?
- A. Configure an OpenID Connect Authentication Provider for Amazon.
- B. Create a custom external authentication provider for Amazon.
- C. Configure a predefined authentication provider for Amazon.
- D. Configure Amazon as a connected app.
正解:A
質問 # 35
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financialsystem, and CPQ system. Below is the SSO implementation landscape.
What role combination is represented by the systems in this scenario''
- A. Salesforce Org1 and PingFederate are acting as Identity Providers.
- B. Financial System and CPQ System are the only Service Providers.
- C. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
- D. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
正解:A
質問 # 36
Northern Trail Outfitters (NTO) leverages Microsoft Active Directory (AD) for management of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce.
NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisiorung of users in Salesforce.
What role does identity Connect play in the outlined requirements?
- A. User Management
- B. Single Sign-On
- C. Identity Provider
- D. Service Provider
正解:A
質問 # 37
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers
- A. The web service must reside on a public cloud service, such as Heroku.
- B. Delegated Authentication is enabled or disabled for the entire Salesforce org.
- C. UC will be required to develop and support a custom SOAP web service.
- D. Salesforce users will be locked out of Salesforce if the web service goes down.
正解:C、D
質問 # 38
A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification.
Which feature should an identity architect recommend to meet the requirements?
- A. Use an external Identity Provider
- B. Use Login Discovery
- C. Integrate with social websites (Facebook, Linkedin. Twitter)
- D. Create a custom Lightning Web Component
正解:B
質問 # 39
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?
- A. OAuth 2.0 SAML Bearer Assertion Flow
- B. OAuth 2.0 JWT Bearer Flow
- C. OAuth 2.0 User-Agent Flow
- D. A SAML Assertion Row
正解:D
質問 # 40
......
Identity-and-Access-Management-Designer問題集と練習テスト(245試験問題):https://jp.fast2test.com/Identity-and-Access-Management-Designer-premium-file.html
リリースSalesforce Identity-and-Access-Management-Designer更新された問題PDF:https://drive.google.com/open?id=1GyhAUg2udg9dTwlP4iAw4i3qes4IhdDV