Salesforce Identity-and-Access-Management-Architect 問題集

質問 1：
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.
Which two connected app options need to be configured to fulfill this use case?
Choose 2 answers
A. Set Permitted Users to "All users may self-authorize".
B. Set Permitted Users to "Admin approved users are pre-authorized".
C. Set the Session Timeout value to 3 months.
D. Set the Refresh Token Policy to expire refresh token after 3 months.
正解：A,D
解説: (Topexam メンバーにのみ表示されます)

質問 2：
Northern Trail Outfitters manages application functional permissions centrally as Active Directory groups.
The CRM_Superllser and CRM_Reportmg_SuperUser groups should respectively give the user the SuperUser and Reportmg_SuperUser permission set in Salesforce. Salesforce is the service provider to a Security Assertion Markup Language (SAML) identity provider.
Mow should an identity architect ensure the Active Directory groups are reflected correctly when a user accesses Salesforce?
A. Use the Apex Just-in-Time handler to query standard SAML attributes and set permission sets.
B. Use a login flow to query standard SAML attributes and set permission sets.
C. Use the Apex Just-in-Time handler to query custom SAML attributes and set permission sets.
D. Use a login flow to query custom SAML attributes and set permission sets.
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 3：
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers
A. Salesforce users will be locked out of Salesforce if the web service goes down.
B. UC will be required to develop and support a custom SOAP web service.
C. Delegated Authentication is enabled or disabled for the entire Salesforce org.
D. The web service must reside on a public cloud service, such as Heroku.
正解：A,B
解説: (Topexam メンバーにのみ表示されます)

質問 4：
A technology enterprise is planning to implement single sign-on login for users. When users log in to the Salesforce User object custom field, data should be populated for new and existing users.
Which two steps should an identity architect recommend?
Choose 2 answers
A. Implement Auth.SamlJitHandler Interface.
B. Create and update methods.
C. Implement SesslonManagement Class.
D. Implement RegistrationHandler Interface.
正解：A,B
解説: (Topexam メンバーにのみ表示されます)

質問 5：
customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?
A. The salesforce SSO settings are using http post
B. The users have the correct Federation ID within salesforce.
C. My domain is configured and active within salesforce.
D. The identity provider is correctly preserving the Relay state
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 6：
Northern Trail Outfitters (NTO) utilizes a third-party cloud solution for an employee portal. NTO also owns Salesforce Service Cloud and would like employees to be able to login to Salesforce with their third-party portal credentials for a seamless experience. The third-party employee portal only supports OAuth.
What should an identity architect recommend to enable single sign-on (SSO) between the portal and Salesforce?
A. Configure SSO to use the third-party portal as an identity provider.
B. Add the third-party portal as a connected app.
C. Configure Salesforce for Delegated Authentication.
D. Create a custom external authentication provider.
正解：A
解説: (Topexam メンバーにのみ表示されます)