Identity and Access Management Designer Identity-and-Access-Management-Architect 最新問題集 2023年06月09日 に更新されました [Q83-Q102]

Share

Identity and Access Management Designer Identity-and-Access-Management-Architect最新問題集で2023年06月09日

2023年最新の問題をマスター!Identity and Access Management Designer合格目指そう!Identity-and-Access-Management-Architectリアル試験問題集!


Salesforce Certified Identity and Access Management Architect試験は、Salesforceのアイデンティティとアクセス管理アーキテクチャ、ユーザー認証および認可、アイデンティティフェデレーション、ソーシャルサインオン、シングルサインオンなどのトピックをカバーしています。また、OAuth、SAML、OpenID Connect、マルチファクタ認証などのセキュリティ標準とベストプラクティスについて深い理解を持っていることが期待されています。この試験は60問の多肢選択問題から構成され、受験者は105分間で解答する必要があります。試験に合格するためには、67%以上のスコアが必要であり、認定は2年間有効です。この認定を取得することで、Salesforce技術を使用したアイデンティティとアクセス管理ソリューションに関する専門知識を証明し、Salesforce環境をセキュアにするために貴重な財産となることができます。


この試験に備えるために、候補者はSalesforceのアイデンティティおよびアクセス管理ソリューション(シングルサインオン(SSO)、アイデンティティプロバイダ(IdP)、セキュリティアサーションマークアップ言語(SAML)を含む)について、しっかりと理解している必要があります。また、データセキュリティとコンプライアンスに関する経験があり、アイデンティティおよびアクセス管理の業界ベストプラクティスに精通していることが望ましいです。

 

質問 # 83
Which two statements are capable of Identity Connect? Choose 2 answers

  • A. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
  • B. Automated user synchronization and de-activation.
  • C. Support multiple orgs connecting to multiple Active Directory servers.
  • D. Synchronization of Salesforce Permission Set Licence Assignments.

正解:A、B


質問 # 84
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

  • A. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
  • B. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
  • C. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
  • D. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA

正解:A


質問 # 85
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider?
Choose 2 answers

  • A. A custom error URL can be set.
  • B. A custom registration handier can be set.
  • C. The default authentication provider certificate can be set.
  • D. The default login user can be set.

正解:A、B


質問 # 86
Refer to the exhibit.

Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?

  • A. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
  • B. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
  • C. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
  • D. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.

正解:D


質問 # 87
Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

  • A. Implement multi-factor authentication for the Salesforce org.
  • B. Implement 2FA authentication for the Salesforce org.
  • C. Set trusted IP ranges for the organization.
  • D. Implement an single sign-on for Salesforce using an external identity provider.

正解:C


質問 # 88
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers

  • A. SMS verification Credits
  • B. External Identity Licenses
  • C. Identity Connect Licenses
  • D. Email Verification Credits

正解:A、B


質問 # 89
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement?
Choose 2 answers

  • A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
  • B. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
  • C. Assign the connected app to the customer community, and enable the users profile in the Community settings.
  • D. Set each of the Connected App access settings to Admin Pre-Approved.

正解:B、D


質問 # 90
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?

  • A. Mobile pins
  • B. Scopes
  • C. Access Tokens
  • D. Refresh Tokens

正解:B


質問 # 91
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?

  • A. Facebook and Linkedln will act as the IdPs and SPs.
  • B. Facebook and Linkedln will be the SPs.
  • C. Salesforce will be the identity provider (IdP).
  • D. Salesforce will be the service provider (SP).

正解:D


質問 # 92
Universal Containers is budding a web application that will connect with the Salesforce API using JWT OAuth Flow.
Which two settings need to be configured in the connect app to support this requirement?
Choose 2 answers

  • A. The "web" OAuth scope in the connected app,
  • B. The "api" OAuth scope in the connected app.
  • C. The "edair_api" OAuth scope m the connected app.
  • D. The Use Digital Signature option in the connected app.

正解:B、D


質問 # 93
Universal Containers (UC) operates in Asia, Europe and North America regions. There is one Salesforce org for each region. UC is implementing Customer 360 in Salesforce and has procured External Identity and Customer Community licenses in all orgs.
Customers of UC use Community to track orders and create inquiries. Customers also tend to move across regions frequently.
What should an identity architect recommend to optimize license usage and reduce maintenance overhead?

  • A. Enable Contactless User in all orgs and downgrade users from Experience Cloud license to External Identity license once users have moved out of that region.
  • B. Contacts are required since Community access needs to be enabled. Maintenance is a necessary overhead that must be handled via data integration.
  • C. Merge three orgs into one instance of Salesforce. This will no longer require maintaining three separate copies of the same customer.
  • D. Delete contact/ account records and deactivate user if user moves from a specific region; Sync will no longer be required.

正解:B


質問 # 94
Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?

  • A. SAML Metadata file importer
  • B. Connected App Manager
  • C. Security Assertion Markup Language Validator
  • D. Identity Provider Metadata download

正解:C


質問 # 95

An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:
1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in the integrated cloud applications.
2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).
Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

  • A. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
  • B. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
  • C. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
  • D. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.

正解:B


質問 # 96
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

  • A. Create a user and a related contact.
  • B. Create a contactless user.
  • C. Create only a contact.
  • D. Create a person account.

正解:A


質問 # 97
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

  • A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
  • B. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
  • C. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.
  • D. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.

正解:B


質問 # 98
Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce?
Choose 2 answers

  • A. OAuth Client
  • B. SAML Service Provider
  • C. SAML Identity Provider
  • D. OAuth Resource Server

正解:A、B


質問 # 99
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

  • A. Federation ID
  • B. User Email Address
  • C. User Full Name
  • D. Salesforce User ID
  • E. Salesforce Username

正解:A、B、C


質問 # 100
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers

  • A. As part of the body of a Salesforce Knowledge article.
  • B. The sidebar of a Salesforce Console as a console component.
  • C. In the mobile navigation menu on Salesforce for Android.
  • D. Included in the Call Control Tool that's part of Open CTI.

正解:A、B


質問 # 101
Universal Containers (UC) has implemented SAML-based Single Sign-On to provide seamless access to its Salesforce Orgs, financial system, and CPQ system. Below is the SSO implementation landscape.

What role combination is represented by the systems in this scenario''

  • A. Salesforce Org1 and Salesforce Org2 are acting as Identity Providers.
  • B. Financial System and CPQ System are the only Service Providers.
  • C. Salesforce Org1 and Salesforce Org2 are the only Service Providers.
  • D. Salesforce Org1 and PingFederate are acting as Identity Providers.

正解:D


質問 # 102
......


Salesforce Identity-and-Access-Management-Architect 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Given a scenario, describe what tools you can apply to audit and verify the activity
  • user during and after login
  • Describe how trust is established between two systems
トピック 2
  • Identify the ways that users can be provisioned in Salesforce to enable SSO and apply access rights
  • Identify the auditing and monitoring approaches available on the platform
トピック 3
  • Given a requirement, understand the advantages and limitations of External Identity solutions and associated licenses
  • Identify the role Identity Connect product plays in a Salesforce Identity implementation
トピック 4
  • Describe the various implementation concepts of OAuth
  • Describe the building blocks that are part of an identity solution
トピック 5
  • Troubleshoot common points of failure that may be encountered in a single sign-on solution
  • Describe the tools that are available to diagnose IdP issues

 

完全版は2023年最新のIdentity-and-Access-Management-Architect試験問題集テストガイドはトレーニング専門Fast2test:https://jp.fast2test.com/Identity-and-Access-Management-Architect-premium-file.html

合格準備Identity-and-Access-Management-ArchitectにはFast2testが提供するあなたをSalesforce Certified Identity and Access Management Architect試験合格させます顕著練習問題:https://drive.google.com/open?id=1xizdhvhXvrSlpW6ytAgU0Rjmeh_LU1qV


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어