639 お客様のコメント
クリック」
質問 1:
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?
A. The refresh token expiration policy is set incorrectly in salesforce
B. The users forget to check the box to remember their credentials.
C. The Oauth authorizations are being revoked by a nightly batch job.
D. The app is requesting too many access Tokens in a 24-hour period
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:
1. Users should not have to login every time they use the app.
2. The app should be able to make calls to the Salesforce REST API.
3. End users should NOT see the OAuth approval page.
How should the identity architect configure the Salesforce connected app to meet the requirements?
A. Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
B. Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".
C. Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
D. Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:
1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioning in the integrated cloud applications.
2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).
Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?
A. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
B. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
C. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
D. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints?
Choose 2 answers
A. Implement Delegated Authentication from each org to the LDAP provider.
B. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
C. Activate My Domain to Brand each org to the specific business use case.
D. Implement SP-Initiated Single Sign-on flows to allow deep linking.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'
A. Identity-Provider-initiated SSO
B. Web Server OAuth SSO flow
C. Service-Provider-Initiated SSO
D. StartURL on Identity Provider
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers
A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
B. Utilize Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the Idp.
C. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the Idp.
D. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the Idp.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?
A. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
B. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
C. Allow partners to register through the IdP and create partner users in Salesforce through an API.
D. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
Universal containers (UC) has a mobile application that calls the salesforce REST API. In order to prevent users from having to enter their credentials everytime they use the app, UC has enabled the use of refresh Tokens as part of the salesforce connected App and updated their mobile app to take advantage of the refresh token. Even after enabling the refresh token, Users are still complaining that they have to enter their credentials once a day. What is the most likely cause of the issue?
A. The refresh token expiration policy is set incorrectly in salesforce
B. The users forget to check the box to remember their credentials.
C. The Oauth authorizations are being revoked by a nightly batch job.
D. The app is requesting too many access Tokens in a 24-hour period
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:
1. Users should not have to login every time they use the app.
2. The app should be able to make calls to the Salesforce REST API.
3. End users should NOT see the OAuth approval page.
How should the identity architect configure the Salesforce connected app to meet the requirements?
A. Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
B. Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".
C. Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
D. Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
An organization has a central cloud-based Identity and Access Management (IAM) Service for authentication and user management, which must be utilized by all applications as follows:
1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioning in the integrated cloud applications.
2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for users authenticated at identity provider (Central IAM Service).
Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?
A. Configure central IAM Service as an authentication provider and extend registration handler to manage provisioning and deprovisioning of users.
B. Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, as well as SAML-based SSO.
C. A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-Domain Identity Management) for provisioning and deprovisioning of users.
D. Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning and deprovisioning of users.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Universal Containers (UC) has implemented a multi-org architecture in their company. Many users have licences across multiple orgs, and they are complaining about remembering which org and credentials are tied to which business process. Which two recommendations should the Architect make to address the Complaints?
Choose 2 answers
A. Implement Delegated Authentication from each org to the LDAP provider.
B. Implement IdP-Initiated Single Sign-on flows to allow deep linking.
C. Activate My Domain to Brand each org to the specific business use case.
D. Implement SP-Initiated Single Sign-on flows to allow deep linking.
正解:C,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'
A. Identity-Provider-initiated SSO
B. Web Server OAuth SSO flow
C. Service-Provider-Initiated SSO
D. StartURL on Identity Provider
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
Universal Containers (UC) is building an integration between Salesforce and a legacy web application using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers
A. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.
B. Utilize Canvas OAuth flow to allow the third-party application to authenticate itself against Salesforce as the Idp.
C. Utilize Authorization Providers to allow the third-party application to authenticate itself against Salesforce as the Idp.
D. Create a registration handler Apex class to allow the third-party application to authenticate itself against Salesforce as the Idp.
正解:A,B
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
Northern Trail Outfitters (NTO) is planning to roll out a partner portal for its distributors using Experience Cloud. NTO would like to use an external identity provider (idP) and for partners to register for access to the portal. Each partner should be allowed to register only once to avoid duplicate accounts with Salesforce.
What should a identity architect recommend to create partners?
A. Create a custom page m Experience Cloud to self register partner with Experience Cloud and Ping identity store.
B. On successful creation of Partners using Self Registration page in Experience Cloud, create identity in Ping.
C. Allow partners to register through the IdP and create partner users in Salesforce through an API.
D. Create a custom web page in the Portal and create users in the IdP and Experience Cloud using published APIs.
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
Mizuhara -
スキマ時間を使ってスマホで勉強ができます!Identity-and-Access-Management-Architectのアプリバージョン最高