Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

Universal containers (UC) is setting up Delegated Authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risk of exposing the corporate login service on the Internet and has asked that a reliable trust mechanism be put in place between the loginservice and salesforce. What mechanism should an architect put in place to enable a trusted connection between the login services and salesforce?

A.

Include client ID and client secret in the login header callout.

B.

Set up a proxy server for the login service in the DMZ.

C.

Require the use of Salesforce security Tokens on password.

D.

Enforce mutual Authentication between systems using SSL.

Universal containers (UC) is building a mobile application that will make calls to the salesforce RESTAPI. Additionally, UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

A.

Refresh token

B.

API

C.

full

D.

Web

How should an Architect force user to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

A.

Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.

B.

Add the list of company's network IP addresses to the Login Range list under 2FA Setup.

C.

Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.

D.

Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

A large consumer company is planning to create a community and will requ.re login through the customers social identity. The following requirements must be met:

1. The customer should be able to login with any of their social identities, however salesforce should only haveone user per customer.

2. Once the customer has been identified with a social identity, they should not be required to authonze Salesforce.

3. The customers personal details from the social sign on need to be captured when the customer logs intoSalesforce using their social Identity.

3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce .

Which two options allow the Identity Architect to fulfill the requirements?

Choose 2 answers

A.

UseLogin Flows to call an authentication registration handler to provision the user before logging the user into the community.

B.

Use authentication providers for social sign-on and use the custom registration handler to insert or update personal details.

C.

C. Redirect the user to a custom page that allows the user to select an existing social identity for login.

D.

Use the custom registration handler to link social identities to Salesforce identities.

Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs U perform a forensic analysis and identify signals that could Indicate a breach has occurred.

What should NTO's first step be in gathering signals that could indicate account compromise?

A.

Review the User record and evaluate the login and transaction history.

B.

Download the Setup Audit Trail and review all recent activities performed by the user.

C.

Download the Identity Provider Event Log and evaluate the details of activities performed by the user.

D.

Download the Login History and evaluate the details of logins performed by the user.

Universal containers (UC) built a customer Community for customers to buy products, review orders, and manage their accounts. UC has provided three different options for customers to log in to the customer Community: salesforce, Google, and Facebook. Which two role combinations are represented by the systems in the scenario? Choose 2 answers

A.

Google is the service provider and Facebook is the identity provider

B.

Salesforceis the service provider and Google is the identity provider

C.

Facebook is the service provider and salesforce is the identity provider

D.

Salesforce is the service provider and Facebook is the identity provider

An architect needsto set up a Facebook Authentication provider as login option for a salesforce customer Community. What portion of the authentication provider setup associates a Facebook user with a salesforce user?

A.

Consumer key and consumer secret

B.

Federation ID

C.

User info endpoint URL

D.

Apex registration handler

Universal Containerswants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.

What type of authentication flow is required to support deep linking'

A.

Web Server OAuth SSO flow

B.

Service-Provider-Initiated SSO

C.

C. Identity-Provider-initiated SSO

D.

StartURL on Identity Provider

Universal Containers (UC) is building a custom Innovation platform on their Salesforce instance. The Innovation platform willbe written completely in Apex and Visualforce and will use custom objects to store the Data. UC would like all users to be able to access the system without having to log in with Salesforce credentials. UC will utilize a third-party idp using SAML SSO. What is the optimal Salesforce licence type for all of the UC employees?

A.

Identity Licence.

B.

Salesforce Licence.

C.

External Identity Licence.

D.

Salesforce Platform Licence.

Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.

What should an identity architect use to show which part of the login assertion is fading?

A.

SAML Metadata file importer

B.

Identity Provider Metadata download

C.

Connected App Manager

D.

Security Assertion Markup Language Validator