Universal Containers (UC) has a Desktop application to collect leads for marketing campaigns. UC wants to extend this application to integrate with Salesforce to create leads. Integration between the desktop application and salesforce should be seamless. What Authorization flow should the Architect recommend?
A. JWT Bearer Token flow
B. Web Server Authentication Flow
C. User Agent Flow
D. Username and Password Flow
Universal Containers (UC) rolling out a new Customer Identity and Access Management Solution will be built on top of their existing Salesforce instance.
Several service providers have been setup and integrated with Salesforce using OpenlD Connect to allow for a seamless single sign-on experience. UC has a requirement to limit user access to only a subset of service providers per customer type.
Which two steps should be done on the platform to satisfy the requirement?
Choose 2 answers
A. Manage which connected apps a user has access to by assigning authentication providers to the users profile.
B. Assign the connected app to the customer community, and enable the users profile in the Community settings.
C. Use Profiles and Permission Sets to assign user access to Admin Pre-Approved Connected Apps.
D. Set each of the Connected App access settings to Admin Pre-Approved.
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers
A. The web service needs to include Source IP as a method parameter.
B. UC should whitelist all salesforce ip ranges on their corporate firewall.
C. The web service can be written using either the soap or rest protocol.
D. Delegated Authentication is enabled for the system administrator profile.
E. The return type of the Web service method should be a Boolean value
Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.
Which two mechanisms are used to provision agents with the appropriate permissions?
Choose 2 answers
A. Use Login Flow in User Context to update role and permission sets.
B. Use Login Flow in System Context to update role and permission sets.
C. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.
D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate and place orders, view the status of orders, etc. UC allows guest checkout. Mow can a guest register using data previously collected during order placement?
A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order details to retrieve customer data.
B. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.
C. Use a Connected App Handler Apex Plugin class to collect only order details to retrieve customer data.
D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?
A. Associate user profiles with the connected Apps.
B. Complete my domain and Identity provider setup.
C. Create connected apps for the external applications.
D. Complete single Sign-on settings in security controls.
E. Create named credentials for each external system.
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?
A. Select "Admin approved users are pre-authonzed" and assign specific profiles.
B. Create custom scopes and assign to the connected app.
C. Define a permission set that grants access to the app and assign to authorized users.
D. Leverage external objects and data classification policies.
Universal containers (UC) would like to enable SSO between their existing Active Directory infrastructure and salesforce. The it team prefers to manage all users in Active Directory and would like to avoid doing any initial setup of users in salesforce directly, including the correct assignment of profiles, roles and groups. Which two optimal solutions should UC use to provision users in salesforce? Choose 2 answers
A. Use the salesforce REST API to sync users from active directory to salesforce
B. Use an app exchange product to sync users from Active Directory to salesforce.
C. Use Active Directory Federation Services to sync users from active directory to salesforce.
D. Use Identity connect to sync users from Active Directory to salesforce
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?
A. Use Active Directory with Reverse Proxy as the Identity Provider.
B. Use Microsoft Access control Service as the Authentication provider.
C. Use Active Directory Federation Service (ADFS) as the Identity Provider.
D. Use Salesforce Identity Connect as the Identity Provider.
Universal Containers wants to implement SAML SSO for their internal Salesforce users using a third-party IdP. After some evaluation, UC decides not to set up My Domain for their Salesforce org. How does that decision impact their SSO implementation?
A. SP-initiated SSO will not work.
B. Neither SP- nor IdP-initiated SSO will work.
C. Either SP- or IdP-initiated SSO will work.
D. IdP-initiated SSO will not work.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Salesforce exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your IDENTITY-AND-ACCESS-MANAGEMENT-ARCHITECT exam preparations and Salesforce certification application, do not hesitate to visit our Vcedump.com to find your solutions here.