Identity-and-Access-Management-Designer Free Practice Test

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

1. A. Validate token
2. B. Create token
3. C. Consume token
4. D. Revoke token

Correct Answer: B

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?

1. A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
2. B. Create custom scopes and assign to the connected app.
3. C. Define a permission set that grants access to the app and assign to authorized users.
4. D. Leverage external objects and data classification policies.

Correct Answer: B

After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

1. A. Require users to provide their RSA token along with their credentials.
2. B. Require users to supply their email and phone number, which gets validated.
3. C. Require users to enter a second password after the first Authentication
4. D. Require users to use a biometric reader as well as their password

Correct Answer: AD

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

1. A. The web service needs to include Source IP as a method parameter.
2. B. UC should whitelist all salesforce ip ranges on their corporate firewall.
3. C. The web service can be written using either the soap or rest protocol.
4. D. Delegated Authentication is enabled for the system administrator profile.
5. E. The return type of the Web service method should be a Boolean value

Correct Answer: ABE

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

1. A. Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.
2. B. Enable the "Enforce Ip restrictions" settings in the connected App.
3. C. Enable the "All users may self-authorize" setting in the Connected App.
4. D. Enable the "High Assurance session required" setting in the Connected App.

Correct Answer: AC