Free Identity-and-Access-Management-Designer Exam Dumps

Question 31

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

A. Query using OpenID Connect discovery endpoint.
B. A Leverage OpenID Connect Token Introspection.
C. Create a custom OAuth scope.
D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Correct Answer:B

Question 32

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

A. Validate token
B. Create token
C. Consume token
D. Revoke token

Correct Answer:B

Question 33

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

A. The Self-signed Certificates from the Certificate & Key Management menu.
B. The default client Certificate from the Develop--> API menu.
C. The default client Certificate or the Certificate and Key Management menu.
D. The CA-signed Certificate from the Certificate and Key Management Menu.

Correct Answer:B

Question 34

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors? Choose 2 answers

A. The subject element is missing from the assertion sent to salesforce.
B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
C. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
D. The assertion sent to 5alesforce contains an assertion ID previously used.

Correct Answer:AD

Question 35

Universal Containers (UC) implemented SSO to a third-party system for their Salesforce users to access the App Launcher. UC enabled “User Provisioning” on the Connected App so that changes to user accounts can be synched between Salesforce and the third party system. However, UC quickly notices that changes to user roles in Salesforce are not getting synched to the third-party system. What is the most likely reason for this behaviour?

A. User Provisioning for Connected Apps does not support role sync.
B. Required operation(s) was not mapped in User Provisioning Settings.
C. The Approval queue for User Provisioning Requests is unmonitored.
D. Salesforce roles have more than three levels in the role hierarchy.

Correct Answer:A