Universal Containers (UC) is building a custom employee hub application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating different solutions for authentication and authorization between AWS and Salesforce. How should an identity architect configure AWS to authenticate and authorize Salesforce users?

Configure AWS as an OpenID Connect Provider

Configure the custom employee app as a connected app.

Develop a custom Auth server in AWS.

Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (IDP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce. What should a identity architect recommend to create partners?

Create a custom page in Experience Cloud to self register partner with Experience Cloud and Ping identity store.

Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.

On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.

Allow partners to register through the IdP and create partner users in Salesforce through an API

Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials. What should an identity architect recommend to meet these requirements?

Configure an OpenID Connect Authentication Provider for Amazon.

Configure Amazon as a connected app.

Configure a predefined authentication provider for Amazon.

Create a custom external authentication provider for Amazon.

The executive sponsor for an organization has asked if Salesforce supports the ability to embed a login widget into its service providers in order to create a more seamless user experience. What should be used and considered before recommending it as a solution on the Salesforce Platform?

Embedded Login. Consider whether or not it relies on third party cookies which can cause browser compatibility issues

Salesforce REST APIs. Ensure that Secure Sockets Layer (SSL) connection for the integration is used.

OpenID Connect Web Server Flow. Determine if the service provider is secure enough to store the client secret on

Embedded Login. Identify what level of UI customization will be required to make it match the service providers look and feel.

An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For security purposes, administrators will need to authorize the applications that will be consuming the APIs. Which Salesforce OAuth authorization flow should be used?

OAuth 2.0 SAML Bearer Assertion Flow

Universal Containers is using OpenID Connect to enable a connection from their new mobile app to its production Salesforce org. What should be done to enable the retrieval of the access token status for the OpenID Connect connection?

Leverage OpenID Connect Token Introspection.

Enable cross-origin resource sharing (CORS) for the /services/oauth2/token endpoint

Query using OpenID Connect discovery endpoint.

A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents. An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements: 1. The development team has decided to use a Canvas app to expose the pricing application to agents. 2. Agents should be able to access the Canvas app without needing to log in to the pricing application. Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users? Choose 2 answers

Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.

Configure the Canvas app as a connected app and set Admin-approved users as preauthorized.

Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.

Select "Enable as a Canvas Personal App" in the connected app settings

An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage. What is recommended to fulfill this requirement with the least amount of customization?

Use Login Flows to add a screen that shows personalized alerts.

Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.

Create custom metadata that stores user alerts and use a LWC to display alerts.

Build a Lightning Web Component (LWC) for a homepage that shows custom alerts.

Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS. How should the quantity of required Identity Verification Credits be estimated?

Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users

Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.

Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.

Universal Containers is building a web application that will connect with the Salesforce API using JWT OAuth Flow. Which two settings need to be configured in the connect app to support this requirement? Choose 2 answers

The Use Digital Signature option in the connected app.

The "api" OAuth scope in the connected app.

The "eclair_api" OAuth scope in the connected app.

The "web" OAuth scope in the connected app

A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way. What should be done to improve security?

Create custom scopes and assign to the connected app.

Leverage external objects and data classification policies

Select "Admin approved users are pre-authorized" and assign specific profiles.

Define a permission set that grants access to the app and assign to authorized users.

Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to use an authentication provider for the new site. Which two options should be utilized in creating an authentication provider? Choose 2 answers

A custom registration handler can be set.

The default login user can be set.

The default authentication provider certificate can be set.

Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)- based Identity Provider (IDP)to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce. What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.

Build an integration that queries LDAP periodically and creates new active users in Salesforce.

Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login

Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user at first login.

How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?

Run registration handler on incoming OAuth responses.

Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.

Call SOAP API upsert() on User object.

Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.

A division of a Northern Trail Outfitters (NTO) purchased Salesforce. NTO uses a third party identity provider (IDP) to validate user credentials against its corporate Lightweight Directory Access Protocol (LDAP) directory. NTO wants to help employees remember as few passwords as possible. What should an identity architect recommend?

Setup Salesforce as a Service Provider to the existing IdP

Setup Salesforce as an Authentication Provider to the existing IdP.

Use Salesforce connect to synchronize LDAP passwords to Salesforce.

Setup Salesforce as an IdP to authenticate against the LDAP directory.

A farming enterprise offers smart farming technology to its farmer customers, which includes a variety of sensors for livestock tracking, pest monitoring, climate monitoring etc. They plan to store all the data in Salesforce. They would also like to ensure timely maintenance of the installed sensors. They have engaged a Salesforce Architect to propose an appropriate way to generate sensor information in Salesforce. Which OAuth flow should the architect recommend?

OAuth 2.0 Device Authentication Flow

OAuth 2.0 SAML Bearer Assertion Flow

OAuth 2.0 JWT Bearer Token Flow

How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

Remove the Login page from the list of Authentication Services on the My Domain configuration.

Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page

Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration

Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SPinitiated SSO work? Choose 2 answers

Configure Delegated Authentication.

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

Require High Assurance sessions in order to use the Connected App

Use Google Authenticator as an additional part of the login process

Disallow the use of Single Sign-on for any users of the mobile app.

Set Login IP Ranges to the internal network for all of the app users Profiles.

Identity & Access Managment Set 3

Authored by Joaquín Carmona

Other

1st Grade

Used 9+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as part of the login process. Which two options should the identity architect recommend to support dynamic branding for the site? Two Answers:

To use dynamic branding, the community must be built with the Visualforce + Salesforce Tabs template.

An experience ID (expid) or placeholder parameter must be used in the URL to represent the brand.

An external content management system (CMS) must be used for dynamic branding on Experience Cloud sites.

To use dynamic branding, the community must be built with the Customer Account Portal template.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol. What should an identity architect do to fulfill this requirement?

Contact Salesforce Support and enable delegate single sign-on.

Use certificate-based authentication.

Create a custom external authentication provider.

Configure OpenID Connect authentication provider

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An Identity architect works for a multinational, multi-brand organization. As they work with the organization to understand their customer Identity and Access Management requirements, the identity architect learns that the brand experience is different for each of the customer's sub-brands and each of these branded experiences must be carried through the login experience depending on which sub-brand the user is logging into Which solution should the architect recommend to support scalability and reduce maintenance costs, if the organization has more than 150 sub-brands?

Create a community subdomain for each sub-brand and customize the look and feel of the Login page for each community subdomain to match the brand.

Create a separate Salesforce org for each sub-brand so that each sub-brand has complete control over the user experience.

Use Audiences to customize the login experience for each sub-brand and pass an audience ID to the community during the OAuth and Security Assertion Markup Language (SAML) flows

Assign each sub-brand a unique Experience ID and use the Experience ID to dynamically brand the login experience.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers. How should this functionality be enabled for UC, assuming all social sign-on providers support OpenID Connect?

Configure a single sign-on setting and a registration handler for each social sign-on provider.

Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider

Configure a single sign-on setting and a JIT handler for each social sign-on provider.

Configure an authentication provider and a registration handler for each social sign-on provider.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username. Which two licenses are needed to meet this requirement? Choose 2 answers

Identity Connect Licenses

External Identity Licenses

Email Verification Credits

SMS Verification Credits

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department. How should an identity architect implement this requirement?

Use the createUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

Use the updateUser method in the Just-in-Time (JIT) provisioning registration handler to assign the appropriate profile.

Use a login flow to collect Security Assertion Markup Language attributes and assign the appropriate profile during Just-in-Time (JIT) provisioning.

Make a callout during the login flow to query department from Active Directory to assign the appropriate profile.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in. What should be used to fulfill this requirement?

Use Login Flows to capture device from which users log in and store device and user information in a custom object.

Use the Login History object to track information about devices from which users log in.

Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

Use the Activations feature to meet the compliance requirement to track device information.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

29 questions

Nintendo swich games

Quiz

•

1st Grade - University

25 questions

"Bogurodzica", "Lament świętokrzyski", "Pieśń o Rolandzie"

Quiz

•

1st - 5th Grade

25 questions

Lesson 7&8 (Pr.1)

Quiz

•

1st Grade

25 questions

Game Tebak Lagu

Quiz

•

KG - Professional Dev...

25 questions

Chess For Beginners

Quiz

•

KG - 6th Grade

32 questions

Ôn tập Công nghệ GKI

Quiz

•

1st Grade

34 questions

Kitchen Tools & Utensils

Quiz

•

KG - University

25 questions

Revision Quiz -ट ठ ड ढ ण (Revision Ta to ana )

Quiz

•

KG - 1st Grade

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Other

20 questions

Telling Time to the Hour and Half hour

Quiz

•

1st Grade

7 questions

Understanding Parallel, Intersecting, and Perpendicular Lines

Interactive video

•

1st - 6th Grade

16 questions

Counting Coins counting money

Quiz

•

1st - 2nd Grade

20 questions

Place Value

Quiz

•

KG - 3rd Grade

10 questions

Counting Coins

Quiz

•

1st Grade

10 questions

Telling time to the hour and half hour

Quiz

•

1st - 2nd Grade

15 questions

Grammar

Quiz

•

KG - 7th Grade

10 questions

First Grade Balancing Equations

Quiz

•

1st - 2nd Grade

Identity & Access Managment Set 3

Universal Containers is implementing a new Experience Cloud site and the identity architect wants to use dynamic branding features as part of the login process. Which two options should the identity architect recommend to support dynamic branding for the site? Two Answers:

Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol. What should an identity architect do to fulfill this requirement?

Northern Trail Outfitters would like to automatically create new employee users in Salesforce with an appropriate profile that maps to its Active Directory Department. How should an identity architect implement this requirement?

Universal Containers (UC) uses Salesforce as a CRM and identity provider (IDP) for their Sales Team to seamlessly login to internal portals. The IT team at UC is now evaluating Salesforce to act as an IdP for its remaining employees. Which Salesforce license is required to fulfill this requirement?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other