최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

문제1

A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend?
Choose 2 answers

A. Implement RegistrationHandler Interface.

B. Implement SesslonManagement Class.

C. Implement Auth.SamlJitHandler Interface.

D. Create and update methods.

정답: C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce?
Choose 2 answers

A. Users choosing passwords that are the same as their Facebook password.

B. Users accessing Salesforce from a public Wi-Fi access point.

C. Users creating simple-to-guess password reset questions.

D. Users leaving laptops unattended and not logging out of Salesforce.

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

A. Resource deep linking

B. SSO from salesforce1 mobile app.

C. Login forensics

D. App launcher

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

A. Build an integration that queries LDAP periodically and creates new active users in Salesforce.

B. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

D. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

A. Ensure that there is an HTTPS connection between IDP and SP.

B. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.

C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.

D. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

A. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.

B. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

C. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."

D. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제7

An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

A. Entity id

B. Identity provider login URL

C. Issuer

D. SAML identity location

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement?
Choose 2 answers

A. Manage which connected apps a user has access to by assigning authentication providers to the user's profile.

B. Set each of the Connected App access settings to Admin Pre-Approved.

C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.

D. Assign the connected app to the customer community, and enable the users profile in the Community settings.

정답: B,C

설명: (DumpTOP 회원만 볼 수 있음)

문제9

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?

A. Web Server Flow

B. OpenID Connect

C. User Agent Flow

D. JWT Bearer Token Flow

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제10

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

A. Validate token

B. Create token

C. Consume token

D. Revoke token

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

A. Identity store

B. Identity provider

C. Authentication store

D. Service provider

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

A. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

B. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

C. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

D. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

A. The CA-Signed Certificate from the Certificate and Key Management menu.

B. The default Client Certificate or a Certificate from Certificate and Key Management menu.

C. The default Client Certificate from the Develop--> API Menu.

D. The Self-Signed Certificates from the Certificate & Key Management menu.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제14

Universal Containers (UC) has built a custom time tracking app for its employee. UC wants to leverage Salesforce Identity to control access to the custom app.
At a minimum, which Salesforce license is required to support this requirement?

A. Identity Verification

B. External Identity

C. Identity Only

D. Identity Connect

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제15

Universal Containers (UC) uses middleware to integrate multiple systems with Salesforce. UC has a strict, new requirement that usernames and passwords cannot be stored in any UC system. How can UC's middleware authenticate to Salesforce while adhering to this requirement?

A. Create a Connected App that supports the JWT Bearer Token OAuth Flow.

B. Create a Connected App that supports the Refresh Token OAuth Flow

C. Create a Connected App that supports the Web Server OAuth Flow.

D. Create a Connected App that supports the User-Agent OAuth Flow.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제16

A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A. Login Inspector

B. Login Forensics

C. Login Report

D. Login History

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제17

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.
Which two connected app options need to be configured to fulfill this use case?
Choose 2 answers

A. Set the Refresh Token Policy to expire refresh token after 3 months.

B. Set Permitted Users to "All users may self-authorize".

C. Set Permitted Users to "Admin approved users are pre-authorized".

D. Set the Session Timeout value to 3 months.

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제18

Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce?
Choose 2 answers

A. OAuth Resource Server

B. SAML Identity Provider

C. OAuth Client

D. SAML Service Provider

정답: C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제19

Universal containers (UC) would like to enable self - registration for their salesforce partner community users.
UC wants to capture some custom data elements from the partner user, and based on these data elements, wants to assign the appropriate profile and account values. Which two actions should the architect recommend to UC? Choose 2 answers

A. Configure registration for communities to use a custom apex controller.

B. Configure registration for communities to use a custom visualforce page.

C. Modify the selfregistration trigger to assign profile and account.

D. Modify the communitiesselfregcontroller to assign the profile and account.

정답: B,D

설명: (DumpTOP 회원만 볼 수 있음)

최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

우리와 연락하기

유용한 링크

최신 업데이트