Salesforce Identity-and-Access-Management-Architect 問題集

質問 1：
Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?
A. Use the Salesforce Username as the SAML Identity Type.
B. Use the same request bindings as the first org.
C. Use a different Entity ID than the first org.
D. Use the same SAML Identity location as the first org.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 2：
Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.
NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.
Which three Salesforce permissions are available to map to AD permissions?
Choose 3 answers
A. Profiles and Permission Sets
B. Field-Level Security
C. Sharing Rules
D. Public Groups
E. Roles
正解：A,D,E
解説: (Topexam メンバーにのみ表示されます)

質問 3：
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers
A. App launcher
B. Resource deep linking
C. SSO from salesforce1 mobile app.
D. Login forensics
正解：B,C
解説: (Topexam メンバーにのみ表示されます)

質問 4：
A Salesforce customer is implementing Sales Cloud and a custom pricing application for its call center agents.
An Enterprise single sign-on solution is used to authenticate and sign-in users to all applications. The customer has the following requirements:
1. The development team has decided to use a Canvas app to expose the pricing application to agents.
2. Agents should be able to access the Canvas app without needing to log in to the pricing application.
Which two options should the identity architect consider to provide support for the Canvas app to initiate login for users?
Choose 2 answers
A. Select "Enable as a Canvas Personal App" in the connected app settings.
B. Enable SAML in the connected app and Security Assertion Markup Language (SAML) Initiation Method as Service Provider Initiated.
C. Enable OAuth settings in the connected app with required OAuth scopes for the pricing application.
D. Configure the Canvas app as a connected app and set Admin-approved users as pre-authorized.
正解：B,D
解説: (Topexam メンバーにのみ表示されます)

質問 5：
Universal containers want to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?
A. Access Tokens
B. Mobile pins
C. Refresh Tokens
D. Scopes
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 6：
Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?
A. Configure the main Salesforce org as a service provider.
B. Configure the main salesforce org as the Identity provider.
C. Configure the main salesforce org as an authentication provider.
D. Configure the regional salesforce orgs as Identity Providers.
正解：B
解説: (Topexam メンバーにのみ表示されます)