[2022年最新] 完璧Identity-and-Access-Management-Architect問題集問題と解答で一年無料最速更新
更新されたのは2022年リアルな無敵Identity-and-Access-Management-Architect問題集で100% 無料Identity-and-Access-Management-Architect試験問題集
質問 65
An identity architect is implementing a mobile-first Consumer Identity Access Management (CIAM) for external users. User authentication is the only requirement. The users email or mobile phone number should be supported as a username.
Which two licenses are needed to meet this requirement?
Choose 2 answers
- A. SMS verification Credits
- B. Email Verification Credits
- C. External Identity Licenses
- D. Identity Connect Licenses
正解: A,C
質問 66
A consumer products company uses Salesforce to maintain consumer information, including orders. The company implemented a portal solution using Salesforce Experience Cloud for its consumers where the consumers can log in using their credentials. The company is considering allowing users to login with their Facebook or Linkedln credentials.
Once enabled, what role will Salesforce play?
- A. Facebook and Linkedln will act as the IdPs and SPs.
- B. Salesforce will be the service provider (SP).
- C. Salesforce will be the identity provider (IdP).
- D. Facebook and Linkedln will be the SPs.
正解: B
質問 67
An identity architect has been asked to recommend a solution that allows administrators to configure personalized alert messages to users before they land on the Experience Cloud site (formerly known as Community) homepage.
What is recommended to fulfill this requirement with the least amount of customization?
- A. Customize the registration handler Apex class to create a routing logic navigating to different home pages based on the user profile.
- B. Build a Lightning web Component (LWC) for a homepage that shows custom alerts.
- C. Use Login Flows to add a screen that shows personalized alerts.
- D. Create custom metadata that stores user alerts and use a LWC to display alerts.
正解: C
質問 68
Universal Containers (UC) is using its production org as the identity provider for a new Experience Cloud site and the identity architect is deciding which login experience to use for the site.
Which two page types are valid login page types for the site?
Choose 2 answers
- A. lightning Experience Page
- B. Embedded Login Page
- C. Experience Builder Page
- D. Login Discovery Page
正解: B,D
質問 69
Universal Container's (UC) identity architect needs to recommend a license type for their new Experience Cloud site that will be used by external partners (delivery providers) for reviewing and updating their accounts, downloading files provided by UC and obtaining scheduled pickup dates from their calendar.
UC is using their Salesforce production org as the identity provider for these users and the expected number of individual users is 2.5 million with 13.5 million unique logins per month.
Which of the following license types should be used to meet the requirement?
- A. Partner Community License
- B. External Apps License
- C. Partner Community Login License
- D. Customer Community plus Login License
正解: D
質問 70
A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?
- A. Use the Login History object to track information about devices from which users log in.
- B. Use the Activations feature to meet the compliance requirement to track device information.
- C. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
- D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.
正解: B
質問 71
Universal containers (UC) has decided to use identity connect as it's identity provider. UC uses active directory(AD) and has a team that is very familiar and comfortable with managing ad groups. UC would like to use AD groups to help configure salesforce users. Which three actions can AD groups control through identity connect? Choose 3 answers
- A. Public Group Assignment
- B. Permission sets assignment
- C. Role Assignment
- D. Custom permission assignment
- E. Granting report folder access
正解: A,B,C
質問 72 
A pharmaceutical company has an on-premise application (see illustration) that it wants to integrate with Salesforce.
The IT director wants to ensure that requests must include a certificate with a trusted certificate chain to access the company's on-premise application endpoint.
What should an Identity architect do to meet this requirement?
- A. Use open SSL to generate a Self-signed Certificate and upload it to the on-premise app.
- B. Upload a third-party certificate from Salesforce into the on-premise server.
- C. Generate a certificate authority-signed certificate in Salesforce and uploading it to the on-premise application Truststore.
- D. Configure the company firewall to allow traffic from Salesforce IP ranges.
正解: D
質問 73
Universal containers (UC) has implemented a multi-org strategy and would like to centralize the management of their salesforce user profiles. What should the architect recommend to allow salesforce profiles to be managed from a central system of record?
- A. Implement jit provisioning on the SAML IDP that will pass the profile id in each assertion.
- B. Create an apex scheduled job in one org that will synchronize the other orgs profile.
- C. Implement an Oauthjwt flow to pass the profile credentials between systems.
- D. Implement Delegated Authentication that will update the user profiles as necessary.
正解: A
質問 74
Universal Containers (UC) has implemented SSO according to the diagram below. uses SAML while Salesforce Org 1 uses OAuth 2.0. Users usually start their day by first attempting to log into Salesforce Org 2 and then later in the day, they will log into either the Financial System or CPQ system depending upon their job position. Which two systems are acting as Identity Providers?
- A. Pingfederate
- B. Financial System
- C. Salesforce Org 2
- D. Salesforce Org 1
正解: A,D
質問 75
Which two statements are capable of Identity Connect? Choose 2 answers
- A. Supports both Identity-Provider-Initiated and Service-Provider-Initiated SSO.
- B. Synchronization of Salesforce Permission Set Licence Assignments.
- C. Automated user synchronization and de-activation.
- D. Support multiple orgs connecting to multiple Active Directory servers.
正解: A,C
質問 76
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?
- A. Web
- B. Id
- C. Api
- D. Custom_permissions
正解: D
質問 77
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers
- A. The subject element is missing from the assertion sent to salesforce.
- B. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
- C. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
- D. The assertion sent to 5alesforce contains an assertion ID previously used.
正解: A,D
質問 78
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?
- A. Validate that the users are checking the box to remember their passwords.
- B. Check the Refresh Token policy defined in the Salesforce Connected App.
- C. Confirm that the access Token's Time-To-Live policy has been set appropriately.
- D. Verify that the Callback URL is correctly pointing to the new URI Scheme.
正解: B
質問 79
Universal Containers wants to allow its customers to log in to its Experience Cloud via a third party authentication provider that supports only the OAuth protocol.
What should an identity architect do to fulfill this requirement?
- A. Create a custom external authentication provider.
- B. Configure OpenID Connect authentication provider.
- C. Use certificate-based authentication.
- D. Contact Salesforce Support and enable delegate single sign-on.
正解: A
質問 80
A multinational industrial products manufacturer is planning to implement Salesforce CRM to manage their business. They have the following requirements:
1. They plan to implement Partner communities to provide access to their partner network .
2. They have operations in multiple countries and are planning to implement multiple Salesforce orgs.
3. Some of their partners do business in multiple countries and will need information from multiple Salesforce communities.
4. They would like to provide a single login for their partners.
How should an Identity Architect solution this requirement with limited custom development?
- A. Register partners in one org and access information from other orgs using APIs.
- B. Allow partners to choose the Salesforce org they need information from and use login flows to authenticate access.
- C. Create a partner login for the country of their operation and use SAML federation to provide access to other orgs.
- D. Consolidate Partner related information in a single org and provide access through Salesforce community.
正解: C
質問 81
An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:
1. Users should not have to login every time they use the app.
2. The app should be able to make calls to the Salesforce REST API.
3. End users should NOT see the OAuth approval page.
How should the identity architect configure the Salesforce connected app to meet the requirements?
- A. Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
- B. Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".
- C. Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
- D. Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".
正解: D
質問 82
Universal Containers (UC) uses Global Shipping (GS) as one of their shipping vendors. Regional leads of GS need access to UC's Salesforce instance for reporting damage of goods using Cases. The regional leads also need access to dashboards to keep track of regional shipping KPIs. UC internally uses a third-party cloud analytics tool for capacity planning and UC decided to provide access to this tool to a subset of GS employees.
In addition to regional leads, the GS capacity planning team would benefit from access to this tool. To access the analytics tool, UC IT has set up Salesforce as the Identity provider for Internal users and would like to follow the same approach for the GS users as well. What are the most appropriate license types for GS Tregional Leads and the GS Capacity Planners? Choose 2 Answers
- A. Customer Community Plus license for GS Regional Leads and Customer Community license for GS Capacity Planners.
- B. Customer Community license for GS Regional Leads and Identity license for GS Capacity Planners.
- C. Identity Licence for GS Regional Leads and External Identity license for GS capacity Planners.
- D. Customer Community Plus license for GS Regional Leads and External Identity for GS Capacity Planners.
正解: A,B
質問 83
Universal Containers (UC) currently uses Salesforce Sales Cloud and an external billing application. Both Salesforce and the billing application are accessed several times a day to manage customers. UC would like to configure single sign-on and leverage Salesforce as the identity provider. Additionally, UC would like the billing application to be accessible from Salesforce. A redirect is acceptable.
Which two Salesforce tools should an identity architect recommend to satisfy the requirements?
Choose 2 answers
- A. Identity Connect
- B. Connected Apps
- C. salesforce Canvas
- D. App Launcher
正解: C,D
質問 84
A technology enterprise is setting up an identity solution with an external vendors wellness application for its employees. The user attributes need to be returned to the wellness application in an ID token.
Which authentication mechanism should an identity architect recommend to meet the requirements?
- A. JWT Bearer Token Flow
- B. Web Server Flow
- C. User Agent Flow
- D. OpenID Connect
正解: B
質問 85
Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?
- A. Use SAML just-in-time provisioning between Facebook and Salesforce
- B. Use the updateuser() method on the registration handler class.
- C. Use information in the signed request that is received from Facebook.
- D. Develop a schedule job that calls out to Facebook on a nightly basis.
正解: B
質問 86
What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?
- A. Reference to the login address URL of the service provider.
- B. Reference to the login address URL of the identity Provider.
- C. Reference to a URL redirect parameter at the service provider.
- D. Reference to a URL redirect parameter at the identity provider.
正解: C
質問 87
......
Identity-and-Access-Management-Architect問題集PDFとテストエンジン試験問題:https://www.jpntest.com/shiken/Identity-and-Access-Management-Architect-mondaishu