最新のIdentity-and-Access-Management-Architect問題集PDFでIdentity-and-Access-Management-Architectリアルで有効な正確な問題集は245問題と解答が待ってます! [Q50-Q69]

Share

最新のIdentity-and-Access-Management-Architect問題集PDFでIdentity-and-Access-Management-Architectリアルで有効な正確な問題集は245問題と解答が待ってます!

100%無料Identity-and-Access-Management-Architect試験問題集リアルIdentity and Access Management Designer問題集を試そう

質問 # 50
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

  • A. Google is the identity provider
  • B. Google is the service provider
  • C. Salesforce is the service provider
  • D. Salesforce is the identity provider

正解:C


質問 # 51
Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

  • A. Web applications with no passwords are more secure and stronger against attacks.
  • B. SAML tokens can be in XML or JSON format and can be used interchangeably.
  • C. Centralized federation provides single point of access, control and auditing.
  • D. Access tokens are used to access resources on the server once the user is authenticated.
  • E. Trust relationships between Identity Provider and Service Provider are required.

正解:C、D、E


質問 # 52
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow (this flow uses the OAuth 2.0 implicit grant type).
Which three OAuth concepts apply to this flow?
Choose 3 answers

  • A. Client ID
  • B. Verification Code
  • C. Refresh Token
  • D. Authorization Code
  • E. Scopes

正解:A、C、E


質問 # 53
Universal containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use salesforce ideas and provide the ability for employees to post ideas from the company portal. They use SAML-BASED SSO to get into the company portal and would like to leverage it to access salesforce. Most of the users don't exist in salesforce and they would like the user records created in salesforce communities the first time they try to access salesforce. What recommendation should an architect make to meet this requirement?

  • A. Use Identity connect to sync users
  • B. Use salesforce APIs to create users on the fly
  • C. Use just-in-time provisioning
  • D. Use on-the-fly provisioning

正解:C


質問 # 54
What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

  • A. Create token
  • B. Validate token
  • C. Consume token
  • D. Revoke token

正解:A


質問 # 55
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

  • A. Web Server flow
  • B. JWT Bearer Token flow
  • C. Username-Password flow
  • D. User Agent flow

正解:B

解説:
Explanation
The JWT Bearer Token flow is an OAuth flow in which an external app (also called client or consumer app) sends a signed JSON string to Salesforce called JWT to obtain an access token. The access token can then be used by the external app to read & write data in Salesforce1. This flow does not require storing credentials, client secret or refresh tokens, as the JWT is self-contained and includes information about the app and the user2. The other flows require either user interaction (Web Server flow and User Agent flow) or storing credentials (Username-Password flow)3.
References: Salesforce OAuth : JWT Bearer Flow, Accessing Salesforce with JWT OAuth Flow, OAuth Authorization Flows - Salesforce


質問 # 56
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers

  • A. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
  • B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
  • C. The assertion sent to 5alesforce contains an assertion ID previously used.
  • D. The subject element is missing from the assertion sent to salesforce.

正解:C、D


質問 # 57
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  • A. Included in the Call Control Tool that's part of Open CTI.
  • B. The sidebar of a Salesforce Console as a console component.
  • C. As part of the body of a Salesforce Knowledge article.
  • D. In the mobile navigation menu on Salesforce for Android.

正解:A、B

解説:
Explanation
The sidebar of a Salesforce Console as a console component and included in the Call Control Tool that's part of Open CTI are two options that are correct in regards to where the app can be made visible under the connected app settings for the Canvas app. A Canvas app is an external application that can be embedded within Salesforce using an iframe. A connected app is an application that integrates with Salesforce using APIs and uses OAuth as the authentication protocol. You can control where a Canvas app can be displayed in Salesforce by configuring the locations in the connected app settings. The sidebar of a Salesforce Console as a console component is a valid location for a Canvas app because it allows you to display the app as a collapsible panel on the side of any console app. Included in the Call Control Tool that's part of Open CTI is a valid location for a Canvas app because it allows you to display the app as part of the softphone panel that integrates with your telephony system. As part of the body of a Salesforce Knowledge article is not a valid location for a Canvas app because it is not supported by the connected app settings. In the mobile navigation menu on Salesforce for Android is not a valid location for a Canvas app because it is not supported by the connected app settings. References: : [Canvas Developer Guide] : [Connected Apps Overview] : [Add or Remove Components from Your Console Apps] : [Open CTI Developer Guide]


質問 # 58
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

  • A. Use Active Directory Federation Service (ADFS) as the Identity Provider.
  • B. Use Active Directory with Reverse Proxy as the Identity Provider.
  • C. Use Microsoft Access control Service as the Authentication provider.
  • D. Use Salesforce Identity Connect as the Identity Provider.

正解:D

解説:
Explanation
The optimal way to implement SSO with Active Directory as the enterprise identity store is to use Salesforce Identity Connect as the identity provider. Salesforce Identity Connect is a software that integrates Microsoft Active Directory with Salesforce and enables single sign-on (SSO) using SAML. It also allows user data synchronization between Active Directory and Salesforce and profile and permission set assignment based on Active Directory group membership. Option A is not a good choice because using Active Directory with reverse proxy as the identity provider may not be supported by Salesforce or may require additional configuration and customization. Option B is not a good choice because using Microsoft Access Control Service as the authentication provider may not be available, as Microsoft has retired this service in 2018.
Option C is not a good choice because using Active Directory Federation Service (ADFS) as the identity provider may not allow user data synchronization or profile and permission set assignment based on Active Directory group membership, unless it is combined with another tool such as Salesforce Identity Connect.
References: Salesforce Identity Connect Implementation Guide, Single Sign-On Implementation Guide


質問 # 59
The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience Cloud.
The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.
Which two solutions should the IAM specialist recommend?
Choose 2 answers

  • A. Build custom pages for branding requirements in Experience Cloud.
  • B. Login & Registration pages can be branded in the Community Administration settings.
  • C. Use Experience Builder to build branded Reset and Forgot Password pages.
  • D. Build custom site pages for reset and forgot password features.

正解:B、C

解説:
Explanation
Experience Builder and Community Administration settings are the tools that allow branding the login and registration pages in Experience Cloud. Custom pages are not necessary for this use case.
References: Architect Journey: Identity and Access Management Trailmix - Trailhead


質問 # 60
A group of users try to access one of universal containers connected apps and receive the following error message: "Failed : Not approved for access". what is most likely to cause of the issue?

  • A. The users do not have the correct permission set assigned to them.
  • B. The salesforce administrators gave revoked the Oauth authorization.
  • C. The connected App setting "All users may self-authorize" is enabled.
  • D. The use of high assurance sections are required for the connected App.

正解:A

解説:
Explanation
The users do not have the correct permission set assigned to them is the most likely cause of the issue. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect1. Connected apps use these protocols to authorize, authenticate, and provide single sign-on (SSO) for external apps1. To access a connected app, users must have the appropriate permissions assigned to them, either through their profile or a permission set2. If the users do not have the required permissions, they will receive an error message when they try to access the connected app. The use of high assurance sessions are required for the connected app is not a valid option, as high assurance sessions are related to multi-factor authentication (MFA), not connected apps3. The connected app setting "All users may self-authorize" is enabled is not a cause of the issue, but a possible solution. This setting allows users to access the connected app without pre-approval from an administrator4. The Salesforce administrators have revoked the OAuth authorization is not a likely cause of the issue, as OAuth authorization is granted by the users, not the administrators5. Revoking OAuth authorization would also affect all users, not just a group of them.
References: Learn About Connected Apps, Create a Connected App, [Multi-Factor Authentication (MFA) for Salesforce], [Connected App Basics], OAuth Authorization Flows


質問 # 61
Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

  • A. Delegated Authentication
  • B. Connected Apps
  • C. Identity Connect
  • D. Embedded Login

正解:A、D

解説:
Explanation
To register and authenticate new customers on the website using Salesforce Identity, the identity architect should use Delegated Authentication and Embedded Login. Delegated Authentication is a feature that allows Salesforce to delegate the authentication process to an external service, such as a custom website, instead of validating the username and password internally. Embedded Login is a feature that allows Salesforce to embed a login widget into any web page, such as a custom website, to enable users to log in with their Salesforce credentials. The other options are not relevant for this scenario. References: Delegated Authentication, Embedded Login


質問 # 62
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?

  • A. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
  • B. Use Login Flows to add a screen that shows personalized alerts.
  • C. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
  • D. Create custom metadata that stores user alerts and use a LWC to display alerts.

正解:B


質問 # 63
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

  • A. User Full Name
  • B. User Email Address
  • C. Salesforce Username
  • D. Salesforce User ID
  • E. Federation ID

正解:A、B、E


質問 # 64
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers

  • A. Oauth Username-password flow
  • B. Oauth SAML bearer assertion flow
  • C. Oauth refresh token flow
  • D. Oauthjwt bearer token flow

正解:C、D

解説:
Explanation
OAuth refresh token flow and OAuth JWT bearer token flow are the recommended best practices for using OAuth flows in this scenario. These flows are suitable for server-to-server integration scenarios where the client application needs to access Salesforce resources on behalf of a user. The OAuth refresh token flow allows the client application to obtain a long-lived refresh token that can be used to request new access tokens without requiring user interaction. The OAuth JWT bearer token flow allows the client application to use a JSON Web Token (JWT) to assert its identity and request an access token. Both flows provide a secure and efficient way to integrate with Salesforce and the reward calculation system. OAuth SAML bearer assertion flow is not a recommended best practice for using OAuth flows in this scenario because it requires the client application to obtain a SAML assertion from an identity provider, which adds an extra layer of complexity and dependency. OAuth username-password flow is not a recommended best practice for using OAuth flows in this scenario because it requires the client application to store the user's credentials, which poses a security risk and does not support two-factor authentication. References: : [Which OAuth Flow to Use] : [Digging Deeper into OAuth 2.0 on Force.com] : [OAuth 2.0 JWT Bearer Token Flow] : [OAuth 2.0 SAML Bearer Assertion Flow] : [OAuth 2.0 Username-Password Flow]


質問 # 65
IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

  • A. Implement Single Sign-on using a corporate Identity store.
  • B. Use the Salesforce Authenticator mobile app with two-step verification
  • C. Lock sessions to the IP address from which they originated.
  • D. Increase Password complexity requirements in Salesforce.

正解:B

解説:
Explanation
The Salesforce Authenticator mobile app adds an extra layer of security for online accounts with two-factor authentication. It allows users to respond to push notifications or use location services to verify their logins and other account activity1. This can help prevent phishing scams and unauthorized access.
References: Salesforce Authenticator, Salesforce Authenticator: Mobile App Security Features, Salesforce Authenticator


質問 # 66
A third-party app provider would like to have users provisioned via a service endpoint before users access their app from Salesforce.
What should an identity architect recommend to configure the requirement with limited changes to the third-party app?

  • A. Use a connected app with user provisioning flow.
  • B. Redirect users to the third-party app for registration.
  • C. Create Canvas app in Salesforce for third-party app to provision users.
  • D. Use Salesforce identity with Security Assertion Markup Language (SAML) for provisioning users.

正解:A

解説:
Explanation
To have users provisioned via a service endpoint before users access their app from Salesforce, the identity architect should recommend using a connected app with user provisioning flow. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols.
A user provisioning flow is a custom post-authentication process that can be used to create or update users in the external application using a service endpoint when users access the connected app from Salesforce. This approach can provide automatic user provisioning with limited changes to the third-party app. References:
Connected Apps, User Provisioning for Connected Apps


質問 # 67
Northern Trail Outfitters (NTO) uses Salesforce Experience Cloud sites (previously known as Customer Community) to provide a digital portal where customers can login using their Google account.
NTO would like to automatically create a case record for first time users logging into Salesforce Experience Cloud.
What should an Identity architect do to fulfill the requirement?

  • A. Configure an authentication provider for Social Login using Google and a custom registration handler.
  • B. Implement a login flow with a record create component for Case.
  • C. Create an authentication provider for Social Login using Google and leverage standard registration handler.
  • D. Implement a Just-in-Time handler class that has logic to create cases upon first login.

正解:B


質問 # 68
Universal Containers would like its customers to register and log in to a portal built on Salesforce Experience Cloud. Customers should be able to use their Facebook or Linkedln credentials for ease of use.
Which three steps should an identity architect take to implement social sign-on?
Choose 3 answers

  • A. Register both Facebook and Linkedln as connected apps.
  • B. Enable "Federated Single Sign-On Using SAML".
  • C. Check "Facebook" and "Linkedln" under Login Page Setup.
  • D. Create authentication providers for both Facebook and Linkedln.
  • E. Update the default registration handlers to create and update users.

正解:C、D、E


質問 # 69
......


Salesforce Identity-and-Access-Management-Architect(Salesforce Certified Identity and Access Management Architect)認定試験は、Salesforceエコシステム内でアイデンティティとアクセス管理に特化したプロフェッショナルのための上級レベルの認定試験です。この認定は、Salesforceプラットフォームのアイデンティティとアクセス管理機能の熟練度を証明し、潜在的な雇用主に自分のスキルと知識を示したい個人に最適です。

 

あなたを余裕でIdentity-and-Access-Management-Architectは100%試験合格率保証:https://jp.fast2test.com/Identity-and-Access-Management-Architect-premium-file.html

Identity-and-Access-Management-Architect問題集本日限定!無料アクセスが可能に!:https://drive.google.com/open?id=1sCbrVtz5WOVzXzp1o8fqrM9-ScO17ZPk


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어