Indentity & Access Managment Set 1 1st Grade Quiz

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Northern Trail Outfitters (NTO) has an existing business-to-consumer (B2C) website that that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAML) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website. Which three Salesforce features should an Identity architect use in order to provide social sign-in capabilities for the website? Choose 3 answers

Delegated Authentication

Connected Apps

Authentication Providers

Embedded Login

Identity Connect

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token. Which authentication mechanism should an identity architect recommend to meet the requirements?

Web Server Flow

OpenID Connect

User Agent Flow

JWT Bearer Token Flow

3.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months. Which two connected app options need to be configured to fulfill this use case? Choose 2 answers

Set Permitted Users to “Admin approved users are pre-authorized”

Set the Refresh Token Policy to expire refresh token after 3 months

Set the Session Timeout value to 3 months

Set Permitted Users to “All users may self-authorize”

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A company’s external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way. What should be done to improve security?

Create custom scopes and assign to the connected app.

Define a permission set that grants access to the app and assign to authorized users.

Select “Admin approved users are pre-authorized” and assign specific profiles.

Leverage external objects and data classification policies.

5.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use OKta to authorize a Forecasting web application to access Salesforce records on their behalf. Which two roles are being performed by Salesforce? Choose 2 answers

OAuth Resource Server

OAuth Client

SAML Service Provider

SAML Identity Provider

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An identity architect is setting up an integration between Salesforce and a third-party system. The third-party system needs to be able to authenticate to Salesforce and then make API calls against the REST API. One of the requirements is that the solution needs to ensure the third party service providers connected app in Salesforce minimizes the need for end user interaction and maximizes security. Which OAuth flow should be used to fulfill the requirement?

JWT Bearer Flow

Username-Password Flow

Web Server Flow

User Agent Flow

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A public sector agency is setting up an identity solution for its citizens using a Community built on Experience Cloud and requires the new user registration functionality to capture first name, last name, and phone number. The phone number will be used for identity verification. Which feature should an identity architect recommend to meet the requirements?

Use an external Identity Provider

Create a custom Lightning Web Component

Integrate with social websites (Facebook, LinkedIn, Twitter)

Use Login Discovery

8.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

Reference to a URL redirect parameter at the identity provider.

. Reference to a URL redirect parameter at the service provider

Reference to the login address URL of the service provider

Reference to the login address URL of the identity Provider.

9.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

An administrator created a connected app for a custom web application in Salesforce which needs to be visible as a tile in App Launcher. The tile for the custom web application is missing in the app launcher for all users in Salesforce. The administrator requested assistance from an identity architect to resolve the issue. Which two reasons are the source of the issue? Choose 2 answers

StartURL for the connected app is not set in Connected App settings.

The connected app is not set in the App menu as “Visible in App Launcher”

OAuth scope does not include “openid”.

Session Policy is set as “High Assurance Session required” for this connected app.

10.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Access Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO’s Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory. What should an identity architect recommend to prevent this from happening in the future?

Configure an authentication provider to delegate authentication to the LDAP directory.

Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce As they are disabled in LDAP

Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication

Use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground