Identity-and-Access-Management-Designer Free Practice Test

Universal containers (UC) would like to enable SAML-BASED SSO for a salesforce partner community. UC has an existing ldap identity store and a third-party portal. They would like to use the existing portal as the primary site these users access, but also want to allow seamless access to the partner community. What SSO flow should an architect recommend?

1. A. User-Agent
2. B. IDP-initiated
3. C. Sp-Initiated
4. D. Web server

Correct Answer: B

Which two considerations should be made when implementing Delegated Authentication? Choose 2 answers

1. A. The authentication web service can include custom attributes.
2. B. It can be used to authenticate API clients and mobile apps.
3. C. It requires trusted IP ranges at the User Profile level.
4. D. Salesforce servers receive but do not validate a user’s credentials.
5. E. Just-in-time Provisioning can be configured for new users.

Correct Answer: BE

Universal Containers (UC) uses a home-grown Employee portal for their employees to collaborate. UC decides to use Salesforce Ideas to allow employees to post Ideas from the Employee portal. When users click on some of the links in the Employee portal, the users should be redirected to Salesforce, authenticated, and presented with the relevant pages. What OAuth flow is best suited for this scenario?

1. A. Web Application flow
2. B. SAML Bearer Assertion flow
3. C. User-Agent flow
4. D. Web Server flow

Correct Answer: D

which three are features of federated Single Sign-on solutions? Choose 3 answers

1. A. It federates credentials control to authorized applications.
2. B. It establishes trust between Identity store and service provider.
3. C. It solves all identity and access management problems.
4. D. It improves affiliated applications adoption rates.
5. E. It enables quick and easy provisioning and deactivating of users.

Correct Answer: BCE

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

1. A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
2. B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
3. C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
4. D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user atfirst login.

Correct Answer: C