Otro mas 2
|
|
Título del Test:
![]() Otro mas 2 Descripción: tuyo y mio |



| Comentarios |
|---|
NO HAY REGISTROS |
|
An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows: 1- Change of a user status in the central IAM Service triggers provisioning or deprovisioning in the integrated cloud applications. 2-Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service). Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?. Configure Salesforce as a SAML Service Provider and enable SCIFM (System for Cross-Domain Identity Management) for provisioning and deprniisloning of users. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users. Configure Salesforce as a SAML service provider, and enable Just-in Time (IIT) provisioning and deprovisioning of users. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSo. A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or LinkedIn credentials. Once enabled, what role will Salesforce play?. Facebook and Linkedin will be the SPS. Facebook and Linkedin will act as the IdPs and SP. Salesforce will be the service provider (SP). Salesforce will be the identity provider (IP). Universal Containers is designing an identity architecture that involves integrating Salesforce with an external directory service. The external directory service will act as the central repository for user authentication and authorization across multiple systems within the organization. Which approach should be evaluated to establish trust between Salesforce and the external directory service?. Utilizing email-based verification for user authentication across the systems. Using a shared database table to synchronize user credentials between the two systems. Enforcing IP-based access restrictions for Salesforce and the external directory service. Implementing a federated identity solution based on SAML (Security Assertion Markup Language). An insurance company has a connected app in its Salesforce environment that is used to integrate with a Google Workspace (formerly known as G Suite). An identity and access management (IAM) architect has been asked to implement automation to enable users, freeze/suspend users, disable users, and reactivate existing users in Google Workspace upon similar actions in Salesforce. Which solution is récommanded to meet this requirement?. Build a custom REST endpoint in Salesforce that Google Workspace can poll against. Build an Apex trigger on the UserLogin object to make asynchronous callouts to Google APIs. Configure User Provisioning for Connected Apps. Update the Security Assertion Markup Language Just-in-Time (SAML JIT) handler in Salesforce for user provisioning and de-provisioning. Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months. Which two connected app options need to be configured to fulfill this use case? Choose 2 answers. Set the Session Timeout value to 3 months. Set Permitted Users to "All users may self-authorize". Set Permitted Users to "Admin approved users are pre-authorized. Set the Refresh Token Policy to expine refresh token after 3 months. Northern Trall Outfitters (NTO) leverages Microsoft Active Directory (AD) for managerment of employee usernames, passwords, permissions, and asset access. NTO also owns a third-party single sign-on (SSO) solution. The third-party party SSO solution is used for all corporate applications, including Salesforce. NTO has asked an architect to explore Salesforce Identity Connect for automatic provisioning and deprovisioning of users in Salesforce. What role does identity Connect play in the outlined requirements?. Single Sign-On. Identity Provider. Service Provider. User Management. Northern Trall Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS. How should the quantity of required Identity Verification Credits be estimated?. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge. Each community comes with 20,000 Identity Verification Credits per month and only customers with more than 10.000 logins a month should estimate additional SMS verifications needed. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses. Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol. What should an identity architect do to fulfill this requirement?. Contact Salesforce Support and enable delegate single sign-on. Create a custom external authentication provider. Configure OpenID Connect authentication provider. Use certificate-based authentication. A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice. Which authentication mechanism should an identity architect recommend to meet the requirements?. Just-in-Time Provisioning. Delegated Authentication. Security Assertion Markup Language (SAML) Single Sign On. OAuth Web-Server Flow. An Identity and Access Management (IAM) architect is tasked with unifying multiple B2C Commerce sites and an Experience Cloud community with a single identity. The solution needs to support more than 1,000 logins per minute, What should the IAM Architect do to fulfill this requirement?. Create a default account for capturing all ecommerce contacts registered on the community because personAccount is not supported for this case. Configure community as a Security Assertion Markup Language (SAML) Identity provider and enable Just-in-Time Provisioning to B2C Commerce. Confirm performance considerations with Salesforce Customer Support due to high peaks. Configure both the community and the commerce sites as OAuth2 RPs (relving party) with an watermal identity provider. A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). When Salesforce is acting as Identity Provider for this SP, which use case is the determining factor when choosing OIDC or SAML?. OIDC is more secure than SAML and therefore is the obvious choice. The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider. They are equivalent protocols and there is no real reason to choose one over the other. If the user has a session on Salesforce, you do not want them to be prompted for a usermame and password when they login to the S. Northern Trail Outfitters (NTO) has an existing business-to-consumer (B2C) website that that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAML) or OAuth, NTO wants to use Salesforce Identity to register and authenticate new customers on the website. Which three Salesforce features should an Identity architect use in order to provide social sign-in capabilities for the website? Choose 3 answers. Delegated Authentication. Authentication Providers. Embedded Login. Connected Apps. Identity Connect. A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) Implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS.. The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements. What is recommended to ensure these requirements are met ?. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems. Corfigure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce. Add a central ideritity system that federates between the ADFS systems and integrate with Salesforce for single sign-on. Use connected apps for each ADFS Implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their ges. Universal Containers (UC) is using Its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site. Which two page types are valid login page types for the site? Choose 2 answers. Experience Builder Page. Lightning Experience Page. Embedded Login Page. Login Discovery Page. Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce Instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers. How should this functionality be enabled for UC, assuming all social sign-on providers support OpenID Connect?. Configure a single sign-on setting and a JIT handler for each social sign-on provider. Configure an authentication provider and a Just-In-Time (ITT) handler for each social sign-on provides. Configure an authentication provider and a registration handler for each social sign-on provider. Configure a single sign-on setting and a registration handler for each social sign-on provider,. A technology enterprise is planning to implement single sign-on login for users. When users log in to Salesforce, data should be populated in User object custom fields. Which two steps should an identity architect recommend? Choose 2 answers. Implement RegistrationHandler Interface. Implement Session Management Class. Implement Auth, SamlitHandler Interface. Create and update methods. Northern Trail Outfitters (NTO) believes a specific user account may have been compromised. NTO inactivated the user account and needs to perform a forensic analysis and identify signals that could indicate a breach has occurred. What should NTO's first step be in gathering signals that could indicate account compromise?. Download the Identity Provider Event Log and evaluate the details of activities performed by the user. Download the Login History and evaluate the details of logins performed by the user. Download the Setup Audit Trail and review all recent activities performed by the user. Review the User record and evaluate the login and transaction history. Northern Trall Outfitters (NTO) wants its customers to use phone numbers to log in to their new digital portal, which was designed and built using Salesforce Experience Cloud. In order to access the portal, the user will need to do the following: 1. Enter a phone number and/or email address 2. Enter a verification code that is to be sent via email or text. What is the recommended approach to fulfill this requirement?. Create an Authentication provider and implement a self-registration handler class. Create a custom ingin page with an Apex controller. The controller has logic to send and verify the identity. Create a Login Discovery page and provide a Login Discovery Handler Apex class. Create a custom login flow that uses an apex controller to verify the phone numbers with the company's verification service. A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IdP) to validate user credentials against its corporate Lightweight Directory Access Protocol (LDAP) directory, NTO wants to help employees remember as few passwords as possible. What should an identity architect recommend?. Use Salesforce connect to synchronize LDAP passwords to Salesforce. Setup Salesforce as an Authentication Provider to the existing IdP. Setup Salesforce as an IdP to authenticate against the LDAP directory. Setup Salesforce as a Service Provider to the existing. Northern Trall Outfitters manages application functional permissions centrally as Active Directory groups. The CRM SuperUser and CRM_Reporting_SuperUser groups should respectively give the user the SuperUser and Reporting SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider. How should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?. Use a login flow to query standard SAML attributes and set permission sets. Use the Apex Just in Time handier to query standard SAML attributes and set permission sets. Use a login flow to query custom SAPIL attributes and set permission sets. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets. A global company has built an external application that uses data from its Salesforce org via an OAuth 2.0 authorization flow. Upon logout, the existing Salesforce OAuth token must be Invalidated. Which action will accomplish this?. Use HTTP POST to make a call to the revoke token endpaint. Use & HTTP POST to request the refresh taken for the current user. Enable Single Logout with a secure logout URL. Use a HTTP POST to the System for Cross-domain Identity Management (SCIM) endpoint, including the current Dauth token. Universal Containers is creating a web application that will be secured by Salesforce Identity using the OAuth 2.0 Web Server Flow (this flow uses the OAuth 2.0 authorization code grant type). Which three OAuth concepts apply to this flow? Choose 3 answers. Vertfication URL. Authentication Token. Scopes. Access Token. Client Secret. Universal Containers uses Salesforce as an identity provider and Concur as the Employee Expense management system. The HR director wants to ensure Concur accounts for employees are created only after the appropriate approval in the Salesforce org. Which three steps should the identity architect use to implement this requirement? Choose 3 answers. Create an approval process for User object associated with the provisioning flow. Create an approval process for a custom object associated with the provisioning flow. Create an approval process for UserProvisioning Request object associated with the provisioning tlow. Enable User Provisioning for the connected app. Create a connected app for Concur in Salesforce. A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token. Which authentication mechanism should an identity architect recommend to meet the requirements?. User Agent Flow. OpenID Connect. JWT Bearer Token Flow. Web Server Flow. Users logging into Salesforce are frequently prompted to verify their identity. The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced. What should the identity architect recommend to meet the requirement?. Implement multi-factor authentication for the Salesforce org. Set trusted IP ranges for the organization. Implement an single sign-on for Salesforce using an extemal identity provider. Implement 2FA authentication for the Salesforce org. Northern Trall Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal should be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have been purchased for the project. After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user. Which three steps should an Identity architect follow to implement the outlined requirements? Choose 3 answers. Customize the self-registration Apex handler to create only the user record. Select the "Configurable Self-Reg Page" option under Login & Registration. Set up an external login page and call Salesforce APIs for user creation. Enable Allow customers and partners to self-register". Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record. An Identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to be able to authenticate to Salesforce and then make API calls against the REST APL. One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce minimizes the need for end user interaction and maximizes security. Which OAuth flow should be used to fulfill the requirement?. JWT Bearer Flow. Web Server Flow. Username-Password Flow. User Agent Flow. An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage. What is recommended to fulfill this requirement with the least amount of customization?. Build a Lightning Web Component (LWC) for a homepage that shows custom alerts. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile. Create custom metadata that stores user alerts and use a LWC to display alerts. Use Login Flows to add a screen that shows personalized alerts. Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as part of the login process. Which two options should the identity architect recommend to support dynamic branding for the site? Choose 2 answers. To use dynamic branding, the community must be built with the Visualforce Salesforce Tabs template. To use dynamic branding, the community must be built with the Customer Account Portal template. An extermal content management system (CMS) must be used for dynamic branding on Experience Cloud sites. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand. A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation in the community. Which should be used to satisfy this requirement?. Named Credentials. Login Flows. OAuth Device Flow. OAuth Asset Token flow. Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (IdP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce. What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?. Build an integration that queries LDAP periodically and creates new active users in Salesforte. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce. Define a process where administrators manually create new users in Salesforce. Build an integration that queries LDAP and creates new inactive users, in Salesforce and use a login flow to activate the user at first login. Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN. Which two options should an identity architect recommend to meet the requirement? Choose 2 answers. Active Directory Password Sync Plugin. Salesforce Identity Connect. Salesforce Tripper & Field on Contact Object. Configure Cloud Provider Load Balancer. An Identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.. Which two licenses are needed to meet this requirement? Choose 2 answers. SMS Verification Credits. External Identity Licenses. Identity Connect Licenses. Email Verification Credits. Universal Containers (UC) wants to provide single sign-on (SSO) for a business-to-consumer (B2C) application using Salesforce Identity. Which Salesforce license should UC utilize to implement this use case?. Salesforce Platform. Partner Community. External Identity. Identity Only. Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes to a successful Customer 360 Truth project. What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity, even if it spans multiple corporate brands and user experiences. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization an understanding of the user's login activity across all its digital properties and applications. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves. Northern Trall Outfitters (NTO) Is launching a new sportswear brand on its existing consumer portal built on Salesforce Experience Cloud. As part of the launch, emails with promotional links will be sent to existing customers to log in and claim a discount. The marketing manager would like the portal dynamically branded so that users will be directed to the brand link they clicked on; otherwise, users will view a recognizable NTO-branded page. The campaign is launching quickly, so there is no time to procure any additional licenses. However, the development team is available to apply any required changes to the portal. Which approach should the identity architect recommend?. Create a full sandbox to replicate the portal site and update the branding accordingly. Use Herdku to build the new brand site and embedded login to reuse identities. Configure an additional community alte on the same org that is dedicated for the new brand. Implement Experience ID in the code and extend the URLs and endpoints, as required. An Identity professional is working on the configuration of a connected app for Universal Container's (UC) partner portal. UC wants to allow external users to access certain Salesforce data and perform limited actions. However, they also want to enforce additional security measures, such as IP restrictions and session timeout settings. Which configuration option should be used to enforce IP restrictions and session timeout settings for the connected app?. Session Settings. Login IP Ranges. Custom Permissions. Connected App OAuth policies. Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 Implicit grant type). Which three OAuth concepts apply to this flow? Choose 3 answers. Refresh Token. Client ID. Verification Code. Authorization Code. Scopes. A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the installed sensors. They have engaged a Salesforce Architect to propose an appropriate way to send an alert when something goes wrong. Which OAuth flow should the architect recommend?. Dauth 2.0 Device Authentication Flow. OAuth 2.0 JWT Bearer Taken Flow. COAuth 2.0 Asset Tolken Flow. DO OAuth 2.0 SAML Bearer Assertion Flow. Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable. Which two Salesforce tools should an identity architect recommend to satisfy the requirements? Choose 2 answers. Salesforce Canvas. App Launcher. Identity Connect. Connected Appa. A university is planning to set up an identity solution for its alumni. A third-party Identity provider will be used for single sign-on and Salesforce will be the system of records. Users are getting error messages when logging in. Which Salesforce feature should be used to debug the issue?. Debug Logs. View Setup Audit Trall. Login History. Apex Exception Email. Which two things should be done to ensure end users can only use single sign-on (SSO) to login in to Salesforce? Choose 2 answers. Enable My Domain and select "Prevent login from https://login.salesforce.com". Request Salesforce Support to enable delegated authentication. Once SSO is enabled, users are only able to login using Salesforce credentials. Assign user "Is Single Sign-On Enabled permission via profile or permission set. A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol. What should an identity architect use to fulfill this requirement?. OAuth Tokera. Canvas App Integration. Authentication Providers. Connected App and DAuth Scopes. A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity. Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?. Login Inspector. Login Forensics. Login Report. Login History. Universal Containers (UC) has decided to replace the homegrown customer portal with Salesforce Experience Cloud. UC will continue to use its third-party single sign-on (SSO) solution that stores all of its customer and partner credentials. The first time a customer logs in to the Experience Cloud site through SSO, a user record needs to be created automatically. Which solution should an identity architect recommend in order to automatically provision users in Salesforce upon login?. Custom login flow and Apex handler. Custom middleware and web services. Third-party AppExchange solution. Just-in-Time (IT) provisioning. A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements: 1. The development team has decided to use a Canvas app to expose the pricing application to agents. 2. Agents should be able to access the Canvas app without needing to log in to the pricing application. Which two options should the Identity architect consider to provide support for the Canvas app to initiate login for users? Choose 2 answers. Configure the Canvas app as a connected app and set Admin approved users as pre-authorized. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application. Selest Enable as a Canvas Personal App" in the connected app settings. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated. Northern Trail Outfitters (NTO) is using Experience Cloud as an Identity Provider for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trall Shirts. A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site. NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization. What should an identity architect do to fulfill the above requirements?. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens. Authorize third-party service by sending authorization requests to the community url/services/nauth2/authorize/ expid value. For each brand create different communities and redirect users to the appropriate community using a custam Login controller written in Apex. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value. Universal Containers (UC) has built a custom time tracking app for its employees on a third party system. UC wants to leverage Salesforce Identity to control access to the custom app. At a minimum, which Salesforce license is required to support this requirement?. Identity Only. External Identity. Identity Connect. Identity Verification. An identity professional, responsible for ensuring secure access to the Salesforce platform, needs to audit and verify user activity during and after login. They want to monitor login attempts, track user authentication methods, and identify suspicious behavior or unauthorized access. Which tool or feature should they leverage to achieve this objective?. Salesforce Approval Processes. Salesforce Login History. Salesforce Shield. Salesforce Lightning Flow. A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) "Replay Detected" and "Assertion Invalid" login errors, Which two issues would cause these errors? Choose 2 answers. The assertion sent to Salesforce contains an assertion ID previously used. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes. The certificate loaded into 550 configuration does not match the certificate used by the Id. The subject element is missing from the assertion sent to Salesforce. Northern Trall Outfitters (NTO) uses the Customer 360 Platform implemented on Salesforce Experience Cloud. The development team in charge has learned of a contactless user feature, which can reduce the overhead of managing customers and partners by creating users without contact information. What is the potential impact to the architecture if NTO decides to implement this feature?. Custom registration handler is needed to correctly assign Extermal Identity or Community license for the newly registered contactless uver. Bif contactless user is upgraded to Community license, the contact record is automatically created and linked to the user record, but not associated with an Account. Contactless user feature is avaliable only with the External Identity license, which can restrict the Experience Cloud functionality avaliable to the user. Passwordless authentication can not be supported because the mobile phone receiving one-time password (OTP) needs to match the number on the contact record. A web service is developed that allows secure access to customer order status on the Salesforce Platform. The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow: 1. User Authenticates and Authorizes Access 2. Request an Access Token 3. Salesforce Grants an Access Token 4. Request an Authorization Code 5. Salesforce Grants Authorization Code What is the correct sequence for the authorization flow?. 1.4.5.2.3. 4.5.2,3,1. 4.1.5.2.3. 2.1.3.4.5. Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business, The Identity architect wants to use an authentication provider for the new site, Which two options should be utilized in creating an authentication provider? Choose 2 answers. A The default auttientication prisvider certificate call be set. B. The default login user can be set. ration handler can be sat. A custom error URL can be est. The CMD of an advertising company has invited as Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the compery's login and registration experience on Salesforce Experience Cloud. The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamis right-frame from an external URL Which two solutione should the LAM specialist recommend Choose answers. Login & Registration pages can be branded in the Community Administration settings. Build custom pages for branding requirements in Experience Cloud. Use Experience Builder to build branded Reset and Forgot Password pages. Build custom site pages for reset and forgot password features. A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities. Which Salesforce OAuth authorization flow should be used?. OAuth 2.0 User-Agent Flow. OAuth 2.0 Asset Token Flow. OAuth 2.0 JWT Bearer Flow. OAuth 2.0 Device Flow. Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Facebook and Twitter credentials, What should an identity architect recommend to meet these requirements?. Create a custom external authentication provider for Facebook. Setup login icon for Facebook and Twitter. Configure a predefined authentication provider for Facebook and Twitter. Create a custom external authentication provider for Twitter. An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered. What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdR. Ensure that the Issuer and Assertion Consumer Service (ACS) URL is properly configured between SP and IDP. Ensure that on the 550 settings page, the "Request Signing Certificate field nas a self-signed certificate. Ensure that there is an HTTPS connection between IDP and SR. An administrator created a connected app for a custom web application in Salesforce which needs to be visible as a tile in App Launcher. The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue. Which two reasons are the source of the issue? Choose 2 answers. Session Policy is set as "High Assurance Session required for this connected app. The connected app is not set in the App menu as "Visible In App Launcher". StartURL for the connected app is not sat in Connected App settings. OAuth scope does not include "openid". A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication. Which three functions meet the Salesforce criteria for secure MFA? Choose 3 answers. Username and password + security kev. Lightning Login. Username and password SMS passcode. Third-party single sign-on with Mobile Authenticator app. Usernamespassword Email Verification Code. A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements: 1) Customer purchases the device.. 2) Customer registers the device using their mobile app. 3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking. Which OAuth flow should be used to meet these requirements?. OAuth 2.0 User-Agent Flow. OAuth 2.0 Asset Token Flow. OAuth 2.0 Device Flow. OAuth 2.0 5AML Bearer Assertion Flow. A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way. What should be done to improve security?. Leverage external objects and data classification policies. Create custom scopes and assign to the connected app. Select "Admin approved users are pre-authorized" and assign specific profiles. Define a permission set that grants access to the app and assign to authorized users. A Salesforce Administrator is tasked with setting up Just-in-Time (JIT) provisioning for SAML to enable Single Sign-On (SSO) for your organization. They have already configured the SAML settings for SSO in Salesforce. What should be their next steps to enable JIT provisioning?. Enable Just-in-Time User Provisioning in the SAML Single Sign-On Setting, configure the User Provisioning Type, and provide the SAML JIT Handler. Create a new permission set with IIT previsioning enabled, configure the recessary permissions, and assign the permission set to relevant users. Create a new Apex class to handle JIT provisioning, implement the required methods, and assign the class to the appropriate user profiles. Modify the organization-wide sharing settings to allow JIT provisioning, update the sharing rules for the user object. A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in. What should be used to fulfill this requirement?. Use the Login History object to track information about devices from which users ing in,. Use multi-factor authentication (MRA) to meet the compliance requirement to track device information. Use the Activations feature to meet the compliance requirement to track device information. Use Login Flows to capture device from which users log in and store device and user information in a custom object. A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help. Which two considerations should the architect keep in mind? Choose 2 answers. Bath OIOC and Security Assertion Markup Language (SAML) are supported but AMit must be intplemented at IdR. High-assurance sessions must be configured under Session Security Level Policies. AMR field shows the authentication methods used at te. Dependency on what is supported by OpenID Connect (QIDC) implementation at Id. |




