Salesforce Identity-and-Access-Management-Designer 問題集

質問 1：
Universal Containers is implementing Salesforce Identity to broker authentication from its enterprise single sign-on (SSO) solution through Salesforce to third party applications using SAML.
What rote does Salesforce Identity play in its relationship with the enterprise SSO system?
A. Service Provider (SP)
B. Resource Server
C. Client Application
D. Identity Provider (IdP)
正解：A

質問 2：
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
A. Identity Connect will not support user provisioning in UC's current environment.
B. Identity connect is not compatible with UC's current identity environment.
C. Identity Connect will only support SP-initiated SAML flows in UC's current environment.
D. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
正解：A

質問 3：
Northern Trail Outfitters (NTO) is setting up Salesforce to authenticate users with an external identity provider. The NTO Salesforce Administrator is having trouble getting things setup.
What should an identity architect use to show which part of the login assertion is fading?
A. Security Assertion Markup Language Validator
B. Identity Provider Metadata download
C. Connected App Manager
D. SAML Metadata file importer
正解：A

質問 4：
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?
A. Reference to a URL redirect parameter at the identity provider.
B. Reference to a URL redirect parameter at the service provider.
C. Reference to the login address URL of the identity Provider.
D. Reference to the login address URL of the service provider.
正解：B

質問 5：
Containers (UC) has decided to implement a federated single Sign-on solution using a third-party Idp. In reviewing the third-party products, they would like to ensure the product supports the automated provisioning and deprovisioning of users. What are the underlining mechanisms that the UC Architect must ensure are part of the product?
A. Just-In-time (JIT) for Provisioning; SOAP API for Deprovisioning.
B. SOAP API for provisioning; Just-in-Time (JIT) for Deprovisioning.
C. Just-in-Time (JIT) for both Provisioning and Deprovisioning.
D. Provisioning API for both Provisioning and Deprovisioning.
正解：C

質問 6：
Universal Containers (UC) wants to integrate a third-party Reward Calculation system with Salesforce to calculate Rewards. Rewards will be calculated on a schedule basis and update back into Salesforce. The integration between Salesforce and the Reward Calculation System needs to be secure. Which are two recommended practices for using OAuth flow in this scenario. choose 2 answers
A. OAuth Refresh Token FLow
B. OAuth SAML Bearer Assertion FLow
C. OAuth JWT Bearer Token FLow
D. OAuth Username-Password Flow
正解：B,C

質問 7：
Northern Trail Outfitters would like to use a portal built on Salesforce Experience Cloud for customer self-service. Guests of the portal be able to self-register, but be unable to automatically be assigned to a contact record until verified. External Identity licenses have bee purchased for the project.
After registered guests complete an onboarding process, a flow will create the appropriate account and contact records for the user.
Which three steps should an identity architect follow to implement the outlined requirements?
Choose 3 answers
A. Set jp an external login page and call Salesforce APIs for user creation.
B. Enable "Allow customers and partners to self-register".
C. Customize the self-registration Apex handler to temporarily associate the user to a shared single contact record.
D. Customize me self-registration Apex handler to create only the user record.
E. Select the "Configurable Self-Reg Page" option under Login & Registration.
正解：B,D,E

質問 8：
A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication.
Which three functions meet the Salesforce criteria for secure mfa?
Choose 3 answers
A. Third-party single sign-on with Mobile Authenticator app
B. Lightning Login
C. Certificate-based Authentication
D. Username and password + secunty key
E. username and password + SMS passcode
正解：A,B,D