Identity-and-Access-Management-Designer Free Practice Test

A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?

1. A. The use of high assurance sections are required for the connected App.
2. B. The users do not have the correct permission set assigned to them.
3. C. The connected App setting "All users may self-authorize" is enabled.
4. D. The salesforce administrators gave revoked the Oauth authorization.

Correct Answer: B

Containers (UC) uses a legacy Employee portal for their employees to collaborate. Employees access the portal from their company’s internal website via SSO. It is set up to work with SiteMinder and Active Directory. The Employee portal has features to support posing ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to integrate Employee portal ideas with Salesforce idea through the API. What is the role of Salesforce in the context of SSO, based on this scenario?

1. A. Service Provider, because Salesforce is the application for managing ideas.
2. B. Connected App, because Salesforce is connected with Employee portal via API.
3. C. Identity Provider, because the API calls are authenticated by Salesforce.
4. D. An independent system, because Salesforce is not part of the SSO setup.

Correct Answer: D

Universal containers (UC) wants users to authenticate into their salesforce org using credentials stored in a custom identity store. UC does not want to purchase or use a third-party Identity provider. Additionally, UC is extremely wary of social media and does not consider it to be trust worthy. Which two options should an architect recommend to UC? Choose 2 answers

1. A. Use a professional social media such as LinkedIn as an Authentication provider
2. B. Build a custom web page that uses the identity store and calls frontdoor.jsp
3. C. Build a custom Web service that is supported by Delegated Authentication.
4. D. Implement the Openid protocol and configure an Authentication provider

Correct Answer: CD

Which two statements are capable of Identity Connect? Choose 2 answers

1. A. Synchronization of Salesforce Permission Set Licence Assignments.
2. B. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
3. C. Support multiple orgs connecting to multiple Active Directory servers.
4. D. Automated user synchronization and de-activation.

Correct Answer: BD

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

1. A. Query using OpenID Connect discovery endpoint.
2. B. A Leverage OpenID Connect Token Introspection.
3. C. Create a custom OAuth scope.
4. D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Correct Answer: B