최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

문제1

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

A. OAuth 2.0 Asset Token Flow

B. OAuth 2.0 JWT Bearer How

C. OAuth 2.0 User-Agent Flow

D. OAuth 2.0 Device Flow

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

A. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

B. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

C. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

D. Configure an authentication provider to delegate authentication to the LDAP directory.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A. Login Inspector

B. Login Forensics

C. Login Report

D. Login History

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제4

A group of users try to access one of Universal Containers' Connected Apps and receive the following error message: " Failed: Not approved for access." What is the most likely cause of this issue?

A. The Salesforce Administrators have revoked the OAuth authorization.

B. The User of High Assurance sessions are required for the Connected App.

C. The Users do not have the correct permission set assigned to them.

D. The Connected App settings "All users may self-authorize" is enabled.

정답: C

문제5

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org.
What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

A. Query using OpenID Connect discovery endpoint.

B. Create a custom OAuth scope.

C. Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint.

D. A Leverage OpenID Connect Token Introspection.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

A. Complete my domain and Identity provider setup.

B. Complete single Sign-on settings in security controls.

C. Create named credentials for each external system.

D. Associate user profiles with the connected Apps.

E. Create connected apps for the external applications.

정답: A,D,E

설명: (DumpTOP 회원만 볼 수 있음)

문제7

Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout.
Mow can a guest register using data previously collected during order placement?

A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.

B. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.

C. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.

D. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?

A. Configure the main salesforce org as the Identity provider.

B. Configure the main salesforce org as an authentication provider.

C. Configure the regional salesforce orgs as Identity Providers.

D. Configure the main Salesforce org as a service provider.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제9

A group of users try to access one of universal containers connected apps and receive the following error message: "Failed : Not approved for access". what is most likely to cause of the issue?

A. The users do not have the correct permission set assigned to them.

B. The use of high assurance sections are required for the connected App.

C. The connected App setting "All users may self-authorize" is enabled.

D. The salesforce administrators gave revoked the Oauth authorization.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제10

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

A. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

B. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

C. Use the Activations feature to meet the compliance requirement to track device information.

D. Use the Login History object to track information about devices from which users log in.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

A. The "Redirect to identity provider" option has not been selected the SAML configuration.

B. The user has not been granted the "Enable single Sign-on" permission

C. The user has not configured the salesforce1 mobile app to use my domain for login

D. The "Redirect to Identity Provider" option has been selected in the my domain configuration.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprint as a form of identification for salesforce Authentication?

A. Use custom login flows with callouts to a third-party fingerprint scanning application.

B. Use an AppExchange product that does fingerprint scanning with native salesforce identity confirmation.

C. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

D. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

A. User Full Name

B. Salesforce User ID

C. User Email Address

D. Federation ID

E. Salesforce Username

정답: C,D,E

설명: (DumpTOP 회원만 볼 수 있음)

문제14

A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other non-Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?

A. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.

B. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.

C. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other non-Salesforce internal apps.

D. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제15

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.
Additionally, UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

A. API

B. Refresh token

C. full

D. Web

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제16

Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity.
Which Salesforce license should UC utilize to implement this use case?

A. Partner Community

B. Salesforce Platform

C. External Identity

D. Identity Only

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제17

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

A. Google is the service provider and Facebook is the identity provider

B. Salesforce is the service provider and Facebook is the identity provider

C. Facebook is the service provider and salesforce is the identity provider

D. Salesforce is the service provider and Google is the identity provider

정답: B,D

설명: (DumpTOP 회원만 볼 수 있음)

문제18

Universal containers (UC) have a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

A. Set login IP ranges to the internal network for all of the app users profiles.

B. Disallow the use of single Sign-on for any users of the mobile app.

C. Use Google Authenticator as an additional part of the logical processes.

D. Require high assurance sessions in order to use the connected App

정답: C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제19

Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?

A. Implement an Oauthjwt flow to pass the profile credentials between systems.

B. Implement Delegated Authentication that will update the user profiles as necessary.

C. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.

D. Create an apex scheduled job in one org that will synchronize the other orgs profile.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

우리와 연락하기

유용한 링크

최신 업데이트