Identity-and-Access-Management-Designer | High Value Salesforce Identity-and-Access-Management-Designer Training Tools Online

NEW QUESTION 1
Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?

• A. Web
• B. Full
• C. API
• D. Visualforce

Answer: A

NEW QUESTION 2
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
• D. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.

Answer: D

NEW QUESTION 3
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

• A. Associate user profiles with the connected Apps.
• B. Complete my domain and Identity provider setup.
• C. Create connected apps for the external applications.
• D. Complete single Sign-on settings in security controls.
• E. Create named credentials for each external system.

Answer: ABC

NEW QUESTION 4
architect is troubleshooting some SAML-based SSO errors during testing. The Architect confirmed that all of the Salesforce SSO settings are correct. Which two issues outside of the Salesforce SSO settings are most likely contributing to the SSO errors the Architect is encountering? Choose 2 Answers

• A. The Identity Provider is also used to SSO into five other applications.
• B. The clock on the Identity Provider server is twenty minutes behind Salesforce.
• C. The Issuer Certificate from the Identity Provider expired two weeks ago.
• D. The default language for the Identity Provider and Salesforce are Different.

Answer: BC

NEW QUESTION 5
Universal Containers built a custom mobile app for their field reps to create orders in Salesforce. OAuth is used for authenticating mobile users. The app is built in such a way that when a user session expires after Initial login, a new access token is obtained automatically without forcing the user to log in again. While that improved the field reps' productivity, UC realized that they need a "logout" feature.
What should the logout function perform in this scenario, where user sessions are refreshed automatically?

• A. Invoke the revocation URL and pass the refresh token.
• B. Clear out the client Id to stop auto session refresh.
• C. Invoke the revocation URL and pass the access token.
• D. Clear out all the tokens to stop auto session refresh.

Answer: A

NEW QUESTION 6
Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC’s middleware authenticate to Salesforce while adhering to this requirement?

• A. Create a Connected App that supports the JWT Bearer Token OAuth Flow.
• B. Create a Connected App that supports the Refresh Token OAuth Flow
• C. Create a Connected App that supports the Web Server OAuth Flow.
• D. Create a Connected App that supports the User-Agent OAuth Flow.

Answer: A

NEW QUESTION 7
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

• A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
• B. Create separate login flows corresponding to the different community user personas.
• C. Modify the Community pages to utilize specific fields on the User and Contact records.
• D. Modify the existing Communities registration controller to assign different profiles.

Answer: C

NEW QUESTION 8
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

• A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
• B. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
• C. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
• D. Use custom login flows with callouts to a third-party fingerprint scanning application.

Answer: D

NEW QUESTION 9
A farming enterprise offers smart farming technology to rts farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the Installed sensors. They have engaged a salesforce Architect to propose an appropnate way to generate sensor Information In Salesforce.
Which OAuth flow should the architect recommend?

• A. OAuth 2.0 Asset Token Flow
• B. OAuth 2.0 Device Authentication Row
• C. OAuth 2.0 JWT Bearer Token Flow
• D. OAuth 2.0 SAML Bearer Assertion Flow

Answer: A

NEW QUESTION 10
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

• A. Use on-the-fly provisioning
• B. Use just-in-time provisioning
• C. Use salesforce APIs to create users on the fly
• D. Use Identity connect to sync users

Answer: B

NEW QUESTION 11
Universal containers (UC) built a customer Community for customers to buy products, review orders, and
manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

• A. Google is the service provider and Facebook is the identity provider
• B. Salesforce is the service provider and Google is the identity provider
• C. Facebook is the service provider and salesforce is the identity provider
• D. Salesforce is the service provider and Facebook is the identity provider

Answer: BD

NEW QUESTION 12
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

• A. Create a custom application on Heroku that manages the sign-on process from Facebook.
• B. Use JIT Provisioning to automatically create the account in the accounting system.
• C. Add an Apex callout in the registration handler of the authorization provider.
• D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Answer: C

NEW QUESTION 13
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

• A. Use a connected app with user provisioning flow.
• B. Create Canvas app in Salesforce for third-party app to provision users.
• C. Redirect users to the third-party app for registration.
• D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

Answer: A

NEW QUESTION 14
Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

• A. Query using OpenID Connect discovery endpoint.
• B. A Leverage OpenID Connect Token Introspection.
• C. Create a custom OAuth scope.
• D. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

Answer: B

NEW QUESTION 15
A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:
* 1. The customer should be able to login with any of their social identities, however salesforce should only have one user per customer.
* 2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.
* 3. The customers personal details from the social sign on need to be captured when the customer logs into Salesforce using their social Identity.
* 3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce.
Which two options allow the Identity Architect to fulfill the requirements? Choose 2 answers

• A. Use Login Flows to call an authentication registration handler to provision the user before logging the user into the community.
• B. Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.
• C. Redirect the user to a custom page that allows the user to select an existing social identity for login.
• D. Use the custom registration handler to link social identities to Salesforce identities.

Answer: BD

NEW QUESTION 16
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

• A. Use Active Directory with Reverse Proxy as the Identity Provider.
• B. Use Microsoft Access control Service as the Authentication provider.
• C. Use Active Directory Federation Service (ADFS) as the Identity Provider.
• D. Use Salesforce Identity Connect as the Identity Provider.

Answer: D

NEW QUESTION 17
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers

• A. Use the salesforce REST API to sync users from active directory to salesforce
• B. Use an app exchange product to sync users from Active Directory to salesforce.
• C. Use Active Directory Federation Services to sync users from active directory to salesforce.
• D. Use Identity connect to sync users from Active Directory to salesforce

Answer: BD

NEW QUESTION 18
Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

• A. Disallow the use of Single Sign-on for any users of the mobile app.
• B. Require High Assurance sessions in order to use the Connected App.
• C. Set Login IP Ranges to the internal network for all of the app users Profiles.
• D. Use Google Authenticator as an additional part of the login process

Answer: BD

NEW QUESTION 19
Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

• A. Refresh token
• B. API
• C. full
• D. Web

Answer: AB

NEW QUESTION 20
......