[Q100-Q118] Identity-and-Access-Management-Architect認定で究極のガイド [2023年更新]

Identity-and-Access-Management-Architect認定で究極のガイド [2023年更新]

Identity-and-Access-Management-Architect練習試験と学習ガイドは厳密検証された

Salesforce Identity-and-Access-Management-Architectは、Salesforce内でのアイデンティティとアクセス管理の実践に焦点を当てた認定資格です。この認定資格は、Salesforceに精通し、プラットフォームのセキュリティモデルを強く理解している個人を対象として設計されています。この試験は、Salesforceエコシステム内でのアイデンティティとアクセス管理の専門知識を証明したい人に最適です。

Salesforce Identity-and-Access-Management-Architect試験は、Salesforceプラットフォーム上でのアイデンティティとアクセス管理（IAM）の専門家の能力をテストするために設計されています。この資格は、ユーザーのアイデンティティ、役割、および権限を管理してシステムやアプリケーションへのアクセスを保護することに特化したITプロフェッショナルを対象としています。この試験は、IAMの分野でのスキルと専門知識を検証したいITアーキテクト、管理者、およびコンサルタントに最適です。

Salesforce Certified Identity and Access Management Architectの認定は、Salesforceでキャリアを進めたい個人にとって貴重な資産です。この認定は、候補者がSalesforceのセキュリティモデルに深い理解を持ち、業界のベストプラクティスに合わせて安全なソリューションを設計および実装できることを示しています。この認定は、競争の激しい就職市場で候補者を差別化し、キャリアの機会を増やすことができます。

 

質問 # 100
An identity architect's client has a homegrown identity provider (IdP). Salesforce is used as the service provider (SP). The head of IT is worried that during a SP initiated single sign-on (SSO), the Security Assertion Markup Language (SAML) request content will be altered.
What should the identity architect recommend to make sure that there is additional trust between the SP and the IdP?

• A. Ensure that on the SSO settings page, the "Request Signing Certificate" field has a self-signed certificate.
• B. Encrypt the SAML Request using certification authority (CA) signed certificate and decrypt on IdP.
• C. Ensure that the Issuer and Assertion Consumer service (ACS) URL is property configured between SP and IDP.
• D. Ensure that there is an HTTPS connection between IDP and SP.

正解：B

質問 # 101
Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

• A. Identity-provider-initiated SSO
• B. Start URL on identity provider
• C. Service-provider-initiated SSO
• D. Web server Oauth SSO flow.

正解：C

質問 # 102
Northern Trail Outfitters (NTO) uses Salesforce for Sales Opportunity Management. Okta was recently brought in to Just-in-Time (JIT) provision and authenticate NTO users to applications. Salesforce users also use Okta to authorize a Forecasting web application to access Salesforce records on their behalf.
Which two roles are being performed by Salesforce?
Choose 2 answers

• A. OAuth Resource Server
• B. OAuth Client
• C. SAML Service Provider
• D. SAML Identity Provider

正解：B、C

質問 # 103
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

• A. Identity Only License
• B. External Identity License
• C. Identity Verification Credits Add-on License
• D. Identity Connect License

正解：A

質問 # 104
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers

• A. The subject element is missing from the assertion sent to salesforce.
• B. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
• C. The assertion sent to 5alesforce contains an assertion ID previously used.
• D. The certificate loaded into SSO configuration does not match the certificate used by the IdP.

正解：A、C

質問 # 105
Universal Containers wants to secure its Salesforce APIs by using an existing Security Assertion Markup Language (SAML) configuration supports the company's single sign-on process to Salesforce, Which Salesforce OAuth authorization flow should be used?

• A. OAuth 2.0 SAML Bearer Assertion Flow
• B. A SAML Assertion Row
• C. OAuth 2.0 User-Agent Flow
• D. OAuth 2.0 JWT Bearer Flow

正解：B

質問 # 106

A multinational company is looking to rollout Salesforce globally. The company has a Microsoft Active Directory Federation Services (ADFS) implementation for the Americas, Europe and APAC. The company plans to have a single org and they would like to have all of its users access Salesforce using the ADFS . The company would like to limit its investments and prefer not to procure additional applications to satisfy the requirements.
What is recommended to ensure these requirements are met ?

• A. Add a central identity system that federates between the ADFS systems and integrate with Salesforce for single sign-on.
• B. Implement Identity Connect to provide single sign-on to Salesforce and federated across multiple ADFS systems.
• C. Use connected apps for each ADFS implementation and implement Salesforce site to authenticate users across the ADFS system applicable to their geo.
• D. Configure Each ADFS system under single sign-on settings and allow users to choose the system to authenticate during sign on to Salesforce-

正解：B

質問 # 107
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

• A. Apex Exception Email
• B. View Setup Audit Trail
• C. Debug Logs
• D. Login History

正解：D

質問 # 108
An Identity and Access Management (IAM) Architect is recommending Identity Connect to integrate Microsoft Active Directory (AD) with Salesforce for user provisioning, deprovisioning and single sign-on (SSO).
Which feature of Identity Connect is applicable for this scenano?

• A. When Identity Connect is in place, if a user is deprovisioned in an on-premise AD, the user's Salesforce session Is revoked Immediately.
• B. Identity Connect can be deployed as a managed package on salesforce org, leveraging High Availability of Salesforce Platform out-of-the-box.
• C. When configured, Identity Connect acts as an identity provider to both Active Directory and Salesforce, thus providing SSO as a default feature.
• D. If the number of provisioned users exceeds Salesforce licence allowances, identity Connect will start disabling the existing Salesforce users in First-in, First-out (FIFO) fashion.

正解：A

質問 # 109
Universal containers uses an Employee portal for their employees to collaborate. employees access the portal from their company's internal website via SSO. It is set up to work with Active Directory. What is the role of Active Directory in this scenario?

• A. Identity store
• B. Identity provider
• C. Authentication store
• D. Service provider

正解：B

質問 # 110
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'

• A. Service-Provider-Initiated SSO
• B. Web Server OAuth SSO flow
• C. Identity-Provider-initiated SSO
• D. StartURL on Identity Provider

正解：A

質問 # 111
Universal Containers (UC) uses Active Directory (AD) as their identity store for employees and must continue to do so for network access. UC is undergoing a major transformation program and moving all of their enterprise applications to cloud platforms including Salesforct, Workday, and SAP HANA. UC needs to implement an SSO solution for accessing all of the third-party cloud applications and the CIO is inclined to use Salesforce for all of their identity and access management needs.
Which two Salesforce license types does UC need for its employees'
Choose 2 answers

• A. Chatter Only and Identity licenses
• B. Company Community and Identity licenses
• C. Salesforce and Identity Connect licenses
• D. Identity and Identity Connect licenses

正解：C、D

質問 # 112
Universal Containers want users to be able to log in to the Salesforce mobile app with their Active Directory password. Employees are unable to use mobile VPN.
Which two options should an identity architect recommend to meet the requirement?
Choose 2 answers

• A. Salesforce Trigger & Field on Contact Object
• B. Configure Cloud Provider Load Balancer
• C. Active Directory Password Sync Plugin
• D. Salesforce Identity Connect

正解：C、D

質問 # 113
Universal Containers (UC) wants to implement SAML SSO for their internal of Salesforce users using a third-party IdP. After some evaluation, UC decides NOT to SSO set up My Domain for their Salesforce org.
How does that decision impact their SSO implementation?

• A. SP-initiated SSO will NOT work
• B. Neither SP- nor IdP-initiated SSO will work.
• C. Either SP- or IdP-initiated SSO will work.
• D. IdP-initiated SSO will NOT work.

正解：B

質問 # 114
Northern Trail Outfitters (NTO) recently purchased Salesforce Identity Connect to streamline user provisioning across Microsoft Active Directory (AD) and Salesforce Sales Cloud.
NTO has asked an identity architect to identify which salesforce security configurations can map to AD permissions.
Which three Salesforce permissions are available to map to AD permissions?
Choose 3 answers

• A. Public Groups
• B. Field-Level Security
• C. Roles
• D. Sharing Rules
• E. Profiles and Permission Sets

正解：A、C、E

質問 # 115
A company wants to provide its employees with a custom mobile app that accesses Salesforce. Users are required to download the internal native IOS mobile app from corporate intranet on their mobile device. The app allows flexibility to access other Non Salesforce internal applications once users authenticate with Salesforce. The apps self-authorize, and users are permitted to use the apps once they have logged into Salesforce.
How should an identity architect meet the above requirements with the privately distributed mobile app?

• A. Use connected app with OAuth and Security Assertion Markup Language (SAML) to access other Non Salesforce internal apps.
• B. Use Salesforce as an identity provider (IdP) to access the mobile app and use the external IdP for other non-Salesforce internal apps.
• C. Create a new hybrid mobile app and use the connected app with OAuth to authenticate users for Salesforce and non-Salesforce internal apps.
• D. Configure Mobile App settings in connected app and Salesforce as identity provider for non-Salesforce internal apps.

正解：D

質問 # 116
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

• A. Login Forensics
• B. Login History
• C. Login Inspector
• D. Login Report

正解：A

質問 # 117
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

• A. The default Client Certificate or a Certificate from Certificate and Key Management menu.
• B. The CA-Signed Certificate from the Certificate and Key Management menu.
• C. The Self-Signed Certificates from the Certificate & Key Management menu.
• D. The default Client Certificate from the Develop--> API Menu.

正解：D

質問 # 118
......

究極のガイドはIdentity-and-Access-Management-Architect最新時間限定！今すぐダウンロード！：https://www.jpntest.com/shiken/Identity-and-Access-Management-Architect-mondaishu