최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

문제1

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements?
Choose 2 answers

A. Create a custom external authentication provider for Twitter.

B. Configure a predefined authentication provider for Twitter.

C. Create a custom external authentication provider for Facebook.

D. Configure a predefined authentication provider for Facebook.

정답: B,D

설명: (DumpTOP 회원만 볼 수 있음)

문제2

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.
The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

A. Identity license

B. External Identity license

C. Customer Community Plus license

D. Customer Community license

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

A. Delegated Authentication is enabled for the system administrator profile.

B. UC should whitelist all salesforce ip ranges on their corporate firewall.

C. The web service can be written using either the soap or rest protocol.

D. The web service needs to include Source IP as a method parameter.

E. The return type of the Web service method should be a Boolean value

정답: B,D,E

설명: (DumpTOP 회원만 볼 수 있음)

문제4

Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?

A. Add a banner to the community Home page asking users to update their profile and accept the new community rules.

B. Create a custom landing page and email campaign asking all community members to login and verify their data.

C. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.

D. Create tasks for users who need to update their data or accept the new community rules.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

Northern Trail Outfitters (NTO) has a requirement to ensure all user logins include a single multi-factor authentication (MFA) prompt. Currently, users are allowed the choice to login with a username and password or via single sign-on against NTO's corporate Identity Provider, which includes built-in MFA.
Which configuration will meet this requirement?

A. Enable "MFA for User Interface Logins" for your organization from Setup -> Identity Verification.

B. Create a custom login flow that enforces MFA and assign it to a permission set. Then assign the permission set to all employees.

C. Create and assign a permission set to all employees that includes "MFA for User Interface Logins."

D. For all employee profiles, set the Session Level Required at Login to High Assurance and add the corporate identity provider to the High Assurance list for the org's Session Security Levels.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers

A. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.

B. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.

C. Identity License for GS Regional Leads and External Identity license for GS capacity Planners.

D. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.

정답: A,D

설명: (DumpTOP 회원만 볼 수 있음)

문제7

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so.
For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

A. Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.

B. Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.

C. Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

D. Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department.
How should an identity architect implement this requirement?

A. Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

B. Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

C. Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-In-Time (JIT) provisioning.

D. Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제9

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

A. Validate token

B. Create token

C. Consume token

D. Revoke token

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제10

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

A. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

B. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

C. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

D. Configure an authentication provider to delegate authentication to the LDAP directory.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제11

Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?

A. Identity Provider (IdP)

B. Service Provider (SP)

C. Client Application

D. Resource Server

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제12

Northern Trail Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information.
What is the potential impact to the architecture if NTO decides to implement this feature?

A. Custom registration handler is needed to correctly assign External Identity or Community license for the newly registered contactless user.

B. Passwordless authentication cannot be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record.

C. Contactless user feature is available only with the External Identity license, which can restrict the Experience Cloud functionality available to the user.

D. If contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제13

Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using Facebook, UC would like a customer account created automatically in their accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

A. Create a custom application on Heroku that manages the sign-on process from Facebook.

B. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

C. Use JIT Provisioning to automatically create the account in the accounting system.

D. Add an Apex callout in the registration handler of the authorization provider.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

최신 Identity-and-Access-Management-Architect 무료덤프 - Salesforce Certified Identity and Access Management Architect

우리와 연락하기

유용한 링크

최신 업데이트