
[2022年02月04日] 検証済みのIdentity-and-Access-Management-Designer問題集と192格別な問題
Identity-and-Access-Management-Designer問題集合格保証付きの合格できるIdentity-and-Access-Management-Designer試験2022年更新
Salesforce Identity-and-Access-Management-Designer 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
質問 52
Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google.
UC is also leveraging the App Launcher to let customers access an off-platform application for generating shipping labels. The label generator application uses OAuth to provide users access.
What license type should an Architect recommend for the customers?
- A. Customer Community license
- B. External Identity license
- C. Identity license
- D. Customer Community Plus license
正解: C
質問 53
Universal Containers (UC) has built a custom token-based Two-factor authentication (2FA) system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution as Architect should consider?
- A. Use the custom 2FA system for on-premise applications and native 2FA for Salesforce.
- B. Replace the custom 2FA system with an AppExchange App that supports on premise application and salesforce.
- C. Use Custom Login Flows to connect to the existing custom 2FA system for use in Salesforce.
- D. Replace the custom 2FA system with Salesforce 2FA for on-premise applications and Salesforce.
正解: D
質問 54
Universal Containers (UC) built an integration for their employees to post, view, and vote for ideas in Salesforce from an internal Company portal. When ideas are posted in Salesforce, links to the ideas are created in the company portal pages as part of the integration process. The Company portal connects to Salesforce using OAuth. Everything is working fine, except when users click on links to existing ideas, they are always taken to the Ideas home page rather than the specific idea, after authorization. Which OAuth URL parameter can be used to retain the original requested page so that a user can be redirected correctly after OAuth authorization?
- A. State
- B. Redirect_uri
- C. Scope
- D. Callback_uri
正解: B
質問 55
A leading fitness tracker company is getting ready to launch a customer community. The company wants its customers to login to the community and connect their fitness device to their profile. Customers should be able to obtain exercise details and fitness recommendation In the community.
Which should be used to satisfy this requirement?
- A. Named Credentials
- B. Login Flows
- C. OAuth Device Plow
- D. Single Sign-On Settings
正解: C
質問 56
An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers.
What SAML SSO setting in Salesforce provides this capability?
- A. Identity Provider Login URL
- B. SAML Identity Location
- C. Entity Id
- D. Issuer
正解: C
質問 57
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers
- A. The return type of the Web service method should be a Boolean value
- B. The web service needs to include Source IP as a method parameter.
- C. UC should whitelist all salesforce ip ranges on their corporate firewall.
- D. Delegated Authentication is enabled for the system administrator profile.
- E. The web service can be written using either the soap or rest protocol.
正解: A,B,C
質問 58
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?
- A. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
- B. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
- C. Use the Activations feature to meet the compliance requirement to track device information.
- D. Use the Login History object to track information about devices from which users log in.
正解: C
質問 59
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers
- A. Oauthjwt bearer token flow
- B. Oauth Username-password flow
- C. Oauth refresh token flow
- D. Oauth SAML bearer assertion flow
正解: A,D
質問 60
Universal Containers (UC) is setting up delegated authentication to allow employees to log in using their corporate credentials. UC's security team is concerned about the risks of exposing the corporate login service on the internet and has asked that a reliable trust mechanism be put in place between the login service and Salesforce.
What mechanism should an Architect put in place to enable a trusted connection between the login service and Salesforce?
- A. Set up a proxy service for the login service in the DMZ.
- B. Include Client Id and Client Secret in the login header callout.
- C. Require the use of Salesforce security tokens on passwords.
- D. Enforce mutual authentication between systems using SSL.
正解: C
質問 61
Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers
- A. Disallow the use of single Sign-on for any users of the mobile app.
- B. Require high assurance sessions in order to use the connected App
- C. Set login IP ranges to the internal network for all of the app users profiles.
- D. Use Google Authenticator as an additional part of the logical processes.
正解: B,D
質問 62
Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?
- A. Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
- B. Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.
- C. Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
- D. Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
正解: A
質問 63
Universal containers (UC) has decided to use salesforce as an identity provider for multiple external applications. UC wants to use the salesforce app launcher to control the apps that are available to individual users. Which three steps are required to make this happen?
- A. Create a connected App for each external application.
- B. Set up an Auth provider for each external application.
- C. Add each connected App to the app launcher with a start URL
- D. Set up identity connect to synchronize user data.
- E. Set up salesforce as a SAML IDP with my domain.
正解: A,C,E
質問 64
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which twocapabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose
2 answers
- A. The Identity Provider can centralize enterprise password policy.
- B. The Identity Provider can authenticate multiple social media accounts.
- C. The Identity Provider can authenticate multiple applications.
- D. The Identity provider can store credentials for multiple applications.
正解: A,C
質問 65
A web service is developed that allows secure access to customer order status on the Salesforce Platform, The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grants an Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?
- A. 4, 1, 5, 2, 3
- B. 2, 1, 3, 4, 5
- C. 1, 4, 5, 2, 3
- D. 4,5,2, 3, 1
正解: D
質問 66
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the Canvas framework. The security team for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the third-party app.
Which two options should the Architect consider for authenticating the third-party app using the Canvas framework? (Choose two.)
- A. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the IdP.
- B. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
- C. Utilize the Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the IdP.
- D. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the IdP.
正解: B,C
質問 67
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups.
Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
- A. Use the salesforce REST API to sync users from active directory to salesforce
- B. Use an app exchange product to sync users from Active Directory to salesforce.
- C. Use Identity connect to sync users from Active Directory to salesforce
- D. Use Active Directory Federation Services to sync users from active directory to salesforce.
正解: B,C
質問 68
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers
- A. Resource deep linking
- B. Login Forensics
- C. SSO from Salesforce Mobile App
- D. App Launcher
正解: A,C
質問 69
Universal containers (UC) is setting up their customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default account record. What will happen when customers self-register in the community?
- A. The self-registration process will produce an error to the user.
- B. The self-registration page will ask user to select an account.
- C. The self-registration process will create a person Account record.
- D. The self-registration page will create a new account record.
正解: A
質問 70
Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as of the login process.
Which two options should the identity architect recommend to support dynamic branding for the site?
Choose 2 answers
- A. An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.
- B. To use dynamic branding, the community must be built with the Visuaiforce + Salesforce Tabs template.
- C. To use dynamic branding, the community must be built with the Customer Account Portal template.
- D. An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.
正解: A,C
質問 71
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?
- A. User-Token Oauth flow
- B. Web server Oauth flow
- C. SAML assertion Oauth flow
- D. User-Agent Oauth flow
正解: C
質問 72
Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?
- A. Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.
- B. Use custom login flows with callouts to a third-party fingerprint scanning application.
- C. Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
- D. Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
正解: B
質問 73
Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers
- A. The Federation ID must be populated on the user record.
- B. The Federation ID must be in the form of an email address.
- C. The Federation ID must be a valid Salesforce Username
- D. The Federation ID must is case sensitive
正解: A,D
質問 74
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers
- A. Salesforce license for sales users and Identity license for Marketing users
- B. Identity license for sales users and Identity connect license for Marketing users
- C. Salesforce license for sales users and External Identity license for Marketing users
- D. Salesforce license for sales users and platform license for Marketing users.
正解: C,D
質問 75
......
最新100%合格率保証付きの素晴らしいIdentity-and-Access-Management-Designer試験問題PDF:https://jp.fast2test.com/Identity-and-Access-Management-Designer-premium-file.html
Identity-and-Access-Management-Designer試験問題集を試そう!ベストIdentity-and-Access-Management-Designer試験問題:https://drive.google.com/open?id=1GyhAUg2udg9dTwlP4iAw4i3qes4IhdDV