السؤال #1

Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

A. Web server Oauth SSO flow

B. Identity-provider-initiated SSO

C. Service-provider-initiated SSO

D. Start URL on identity provider

عرض الإجابة

اجابة صحيحة: C

السؤال #2

Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

A. Google is the identity provider

B. Salesforce is the identity provider

C. Google is the service provider

D. Salesforce is the service provider

عرض الإجابة

اجابة صحيحة: D

السؤال #3

Under which scenario Web Server flow will be used?

A. Used for web applications when server-side code needs to interact with APIS

B. Used for server-side components when page needs to be rendered

C. Used for mobile applications and testing legacy Integrations

D. Used for verifying Access protected resources

عرض الإجابة

اجابة صحيحة: A

السؤال #4

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.What should be used to fulfill this requirement?

A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information

B. Use the Activations feature to meet the compliance requirement to track device information

C. Use the Login History object to track information about devices from which users log in

D. Use Login Flows to capture device from which users log in and store device and user information in a custom object

عرض الإجابة

اجابة صحيحة: B

السؤال #5

What item should an Architect consider when designing a Delegated Authentication implementation?

A. The Web service should be secured with TLS using Salesforce trusted certificates

B. The Web service should be able to accept one to four input method parameters

C. The web service should use the Salesforce Federation ID to identify the user

D. The Web service should implement a custom password decryption method

عرض الإجابة

اجابة صحيحة: A

السؤال #6

An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:1. Users should not have to login every time they use the app. 2.The app should be able to make calls to the Salesforce REST API. 3. End users should NOT see the OAuth approval page.How should the identity architect configure the Salesforce connected app to meet the requirements?

A. Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre- Approved"

B. Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved"

C. Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved"

D. Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize"

عرض الإجابة

اجابة صحيحة: A

السؤال #7

Universal containers (UC) wants to implement a partner community. As part of their implementation, UC would like to modify both the Forgot password and change password experience with custom branding for their partner community users. Which 2 actions should an architect recommend to UC? Choose 2 answers

A. Build a community builder page for the change password experience and Custom Visualforce page for the Forgot password experience

B. Build a custom visualforce page for both the change password and Forgot password experiences

C. Build a custom visualforce page for the change password experience and a community builder page for the Forgot password experience

D. Build a community builder page for both the change password and Forgot password experiences

عرض الإجابة

اجابة صحيحة: BC

السؤال #8

Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?

A. Identity Connect will not support user provisioning in UC's current environment

B. Identity Connect will only support Idp-initiated SAML flows in UC's current environment

C. Identity Connect will only support SP-initiated SAML flows in UC's current environment

D. Identity connect is not compatible with UC's current identity environment

عرض الإجابة

اجابة صحيحة: A

السؤال #9

Which three are features of federated Single sign-on solutions? Choose 3 Answers

A. It establishes trust between Identity Store and Service Provider

B. It federates credentials control to authorized applications

C. It solves all identity and access management problems

D. It improves affiliated applications adoption rates

E. It enables quick and easy provisioning and deactivating of users

عرض الإجابة

اجابة صحيحة: ADE

السؤال #10

What are three capabilities of Delegated Authentication? Choose 3 answers

A. It can be assigned by Custom Permissions

B. It can connect to SOAP services

C. It can be assigned by Permission Sets

D. It can be assigned by Profiles

E. It can connect to REST services

عرض الإجابة

اجابة صحيحة: BCE

السؤال #11

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.What should an identity architect recommend to prevent this from happening in th

A. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP

B. Configure an authentication provider to delegate authentication to the LDAP directory

C. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce

D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication

عرض الإجابة

اجابة صحيحة: B

السؤال #12

Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.Which two mechanisms are used to provision agents with the appropriate permissions?Choose 2 answers

A. Use Login Flow in User Context to update role and permission sets

B. Use Login Flow in System Context to update role and permission sets

C. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets

D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets

عرض الإجابة

اجابة صحيحة: BD

السؤال #13

Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.Which three steps should an identity architect take to implement social sign-on?Choose 3 answers

A. Register both Facebook and Linkedln as connected apps

B. Create authentication providers for both Facebook and Linkedln

C. Check "Facebook" and "Linkedln" under Login Page Setup

D. Enable "Federated Single Sign-On Using SAML"

E. Update the default registration handlers to create and update users

عرض الإجابة

اجابة صحيحة: BCE

السؤال #14

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:1.The customer should be able to login with any of their social identities, however salesforce should only have one user per customer. 2.Once the customer has been identified with a social identity, they should not be required to authonze Salesforce. 3.The customers personal details from the social sign on need to be captured when the customer logs i

A. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community

B. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details

C. Redirect the user to a custom page that allows the user to select an existing social identity for login

D. Use the custom registration handler to link social identities to Salesforce identities

عرض الإجابة

اجابة صحيحة: BD

السؤال #15

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESRful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

A. Delegated Authentication will not work with a

B. Delegated Authentication will continue to work with rest services

C. Delegated Authentication will continue to work with a

D. Delegated Authentication will not work with rest services

عرض الإجابة

اجابة صحيحة: CD

السؤال #16

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.What should be done to improve security?

A. Select "Admin approved users are pre-authonzed" and assign specific profiles

B. Create custom scopes and assign to the connected app

C. Define a permission set that grants access to the app and assign to authorized users

D. Leverage external objects and data classification policies

عرض الإجابة

اجابة صحيحة: B

السؤال #17

Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers

A. OAuth Refresh Token FLow

B. OAuth Username-Password Flow

C. OAuth SAML Bearer Assertion FLow

D. OAuth JWT Bearer Token FLow

عرض الإجابة

اجابة صحيحة: CD

السؤال #18

Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.Which two Salesforce lic

A. Company Community and Identity licenses

B. Identity and Identity Connect licenses

C. Chatter Only and Identity licenses

D. Salesforce and Identity Connect licenses

عرض الإجابة

اجابة صحيحة: BD

السؤال #19

A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.Which two steps should an identity architect recommend?Choose 2 answers

A. Implement Auth

B. Create and update methods

C. Implement RegistrationHandler Interface

D. Implement SesslonManagement Class

عرض الإجابة

اجابة صحيحة: AB

السؤال #20

An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).Which feature of Identity Connect is applicable for this scenano?

A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately

B. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion

C. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box

D. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature

عرض الإجابة

اجابة صحيحة: A

السؤال #21

Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the custom

A. Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site

B. Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO

C. Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO

D. Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO

عرض الإجابة

اجابة صحيحة: A

السؤال #22

In an SP-Initiated SAML SSO setup where the user tries to access a resource on the Service Provider, What HTTP param should be used when submitting a SAML Request to the Idp to ensure the user is returned to the intended resourse after authentication?

A. RedirectURL

B. RelayState

C. DisplayState

D. StartURL

عرض الإجابة

اجابة صحيحة: B

السؤال #23

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS. How should the quantity of required Identity Verification Credits be estimated?

A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed

B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users

C. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge

D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses

عرض الإجابة

اجابة صحيحة: B

السؤال #24

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against Its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as passwords as possible.What should an identity architect recommend?

A. Setup Salesforce as a Service Provider to the existing IdP

B. Setup Salesforce as an IdP to authenticate against the LDAP directory

C. Use Salesforce connect to synchronize LDAP passwords to Salesforce

D. Setup Salesforce as an Authentication Provider to the existing IdP

عرض الإجابة

اجابة صحيحة: A

السؤال #25

Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.What role combination is represented by the systems in this scenario''

A. Financial System and CPQ System are the only Service Providers

B. Salesforce Org1 and Salesforce Org2 are the only Service Providers

C. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers

D. Salesforce Org1 and PingFederate are acting as Identity Providers

عرض الإجابة

اجابة صحيحة: D

السؤال #26

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.What should a identity architect recommend to create partners?

A. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping

B. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store

C. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs

D. Allow partners to register through the IdP and create partner users in Salesforce through an API

عرض الإجابة

اجابة صحيحة: B

السؤال #27

Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

A. OAuth 2

B. A SAML Assertion Row

C. OAuth 2

D. OAuth 2

عرض الإجابة

اجابة صحيحة: B

السؤال #28

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Jav a. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

A. Delegated Authentication will continue to work with rest services

B. Delegated Authentication will not work with rest services

C. Delegated Authentication will not work with a

D. Delegated Authentication will continue to work with a

عرض الإجابة

اجابة صحيحة: BD

السؤال #29

Universal Containers (UC) uses Salesforce for its customer service agents. UC has a proprietary system for order tracking which supports Security Assertion Markup Language (SAML) based single sign-on. The VP of customer service wantsto ensure only active Salesforce users should be able to access the order tracking system which is only visible within Salesforce.What should be done to fulfill the requirement?Choose 2 answers

A. Setup Salesforce as an identity provider (IdP) for order Tracking

B. Set up the Corporate Identity store as an identity provider (IdP) for Order Tracking,

C. Customize Order Tracking to initiate a REST call to validate users in Salesforce after login

D. Setup Order Tracking as a Canvas app in Salesforce to POST IdP initiated SAML assertion

عرض الإجابة

اجابة صحيحة: AB

السؤال #30

Universal Containers (UC) has a custom, internal - only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A. Disallow the use of Single Sign - on for any users of the mobile app

B. Require High Assurance sessions in order to use the Connected App

C. Set Login IP Ranges to the internal network for all of the app users Profiles

D. Use Google Authenticator as an additional part of the login process

عرض الإجابة

اجابة صحيحة: BD

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

View The Updated Salesforce Exam Questions

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

View The Updated Salesforce Exam Questions

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان