[2023年07月31日] 完全版には更新されたのはIdentity and Access Management Designer(Identity-and-Access-Management-Architect)認定サンプル問題 [Q146-Q164]

Share

[2023年07月31日] 完全版には更新されたのはIdentity and Access Management Designer(Identity-and-Access-Management-Architect)認定サンプル問題

最新のSalesforce Identity-and-Access-Management-Architectリアル試験問題集PDF


Salesforce Identity-and-Access-Management-Architect Examは、60問からなる厳格な多肢選択試験です。受験者には2時間の時間制限があり、合格スコアの65%以上を獲得する必要があります。この試験は、テストセンターで直接受験するか、オンラインで受験することができます。そのため、世界中の受験者にとってアクセスが容易です。

 

質問 # 146
Universal Containers is creating a mobile application that will be secured by Salesforce Identity using the OAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should not be forced to approve API access in the mobile app or reauthenticate for 3 months.
Which two connected app options need to be configured to fulfill this use case?
Choose 2 answers

  • A. Set the Session Timeout value to 3 months.
  • B. Set Permitted Users to "All users may self-authorize".
  • C. Set Permitted Users to "Admin approved users are pre-authorized".
  • D. Set the Refresh Token Policy to expire refresh token after 3 months.

正解:B、D


質問 # 147
Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers

  • A. Identity license for sales users and Identity connect license for Marketing users
  • B. Salesforce license for sales users and Identity license for Marketing users
  • C. Salesforce license for sales users and External Identity license for Marketing users
  • D. Salesforce license for sales users and platform license for Marketing users.

正解:B、D


質問 # 148
Universal Containers (UC) has Active Directory (AD) as their enterprise identity store and would like to use it for Salesforce user authentication. UC expects to synchronize user data between Salesforce and AD and Assign the appropriate Profile and Permission Sets based on AD group membership. What would be the optimal way to implement SSO?

  • A. Use Salesforce Identity Connect as the Identity Provider.
  • B. Use Active Directory Federation Service (ADFS) as the Identity Provider.
  • C. Use Microsoft Access control Service as the Authentication provider.
  • D. Use Active Directory with Reverse Proxy as the Identity Provider.

正解:A


質問 # 149
Universal Containers (UC) has decided to use Salesforce as an Identity Provider for multiple external applications. UC wants to use the salesforce App Launcher to control the Apps that are available to individual users. Which three steps are required to make this happen?

  • A. Set up Identity Connect to Synchronize user data.
  • B. Create a Connected App for each external application.
  • C. Add each connected App to the App Launcher with a Start URL.
  • D. Set up Salesforce as a SAML Idp with My Domain.
  • E. Set up an Auth Provider for each External Application.

正解:B、C、D


質問 # 150
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'

  • A. Web Server OAuth SSO flow
  • B. Identity-Provider-initiated SSO
  • C. StartURL on Identity Provider
  • D. Service-Provider-Initiated SSO

正解:D


質問 # 151
Universal Containers (UC) is building an integration between Salesforce and a legacy web applications using the canvas framework. The security for UC has determined that a signed request from Salesforce is not an adequate authentication solution for the Third-Party app. Which two options should the Architect consider for authenticating the third-party app using the canvas framework? Choose 2 Answers

  • A. Create a registration handler Apex class to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
  • B. Utilize Canvas OAuth flow to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
  • C. Utilize Authorization Providers to allow the third-party appliction to authenticate itself against Salesforce as the Idp.
  • D. Utilize the SAML Single Sign-on flow to allow the third-party to authenticate itself against UC's IdP.

正解:B、D


質問 # 152
Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application support teams to finish user deactivations. A terminated employee recently was able to login to NTO's Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP directory.
What should an identity architect recommend to prevent this from happening in the future?

  • A. Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.
  • B. Configure an authentication provider to delegate authentication to the LDAP directory.
  • C. use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.
  • D. Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

正解:B


質問 # 153
A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:
1) Customer purchases the device.
2) Customer registers the device using their mobile app.
3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.
Which OAuth flow should be used to meet these requirements?

  • A. OAuth 2.0 SAML Bearer Assertion Flow
  • B. OAuth 2.0 Asset Token Flow
  • C. OAuth 2.0 User-Agent Flow
  • D. OAuth 2.0 Username-Password Flow

正解:B


質問 # 154
Universal containers (UC) has multiple salesforce orgs and would like to use a single identity provider to access all of their orgs. How should UC'S architect enable this behavior?

  • A. Ensure that users have the same email value in their user records in all of UC's salesforce orgs.
  • B. Ensure that users have the same Federation ID value in their user records in all of UC's salesforce orgs.
  • C. Ensure that users have the same alias value in their user records in all of UC's salesforce orgs.
  • D. Ensure the same username is allowed in multiple orgs by contacting salesforce support.

正解:B


質問 # 155
A university is planning to set up an identity solution for its alumni. A third-party identity provider will be used for single sign-on Salesforce will be the system of records. Users are getting error messages when logging in.
Which Salesforce feature should be used to debug the issue?

  • A. Login History
  • B. Debug Logs
  • C. View Setup Audit Trail
  • D. Apex Exception Email

正解:A


質問 # 156
Universal Containers (UC) is rolling out its new Customer Identity and Access Management Solution built on top of its existing Salesforce instance. UC wants to allow customers to login using Facebook, Google, and other social sign-on providers.
How should this functionality be enabled for UC, assuming ail social sign-on providers support OpenID Connect?

  • A. Configure an authentication provider and a registration handler for each social sign-on provider.
  • B. Configure a single sign-on setting and a JIT handler for each social sign-on provider.
  • C. Configure a single sign-on setting and a registration handler for each social sign-on provider.
  • D. Configure an authentication provider and a Just-In-Time (JIT) handler for each social sign-on provider.

正解:A


質問 # 157
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

  • A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
  • B. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
  • C. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.
  • D. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.

正解:C


質問 # 158
Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

  • A. Salesforce users will be locked out of Salesforce if the web service goes down.
  • B. The web service must reside on a public cloud service, such as Heroku.
  • C. UC will be required to develop and support a custom SOAP web service.
  • D. Delegated Authentication is enabled or disabled for the entire Salesforce org.

正解:A、C


質問 # 159
The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

  • A. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
  • B. Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
  • C. Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
  • D. Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.

正解:B


質問 # 160
Universal Containers (UC) is planning to deploy a custom mobile app that will allow users to get e-signatures from its customers on their mobile devices. The mobile app connects to Salesforce to upload the e-signature as a file attachment and uses OAuth protocol for both authentication and authorization. What is the most recommended and secure OAuth scope setting that an Architect should recommend?

  • A. Web
  • B. Api
  • C. Id
  • D. Custom_permissions

正解:D


質問 # 161
Containers (UC) has an existing Customer Community. UC wants to expand the self-registration capabilities such that customers receive a different community experience based on the data they provide during the registration process. What is the recommended approach an Architect Should recommend to UC?

  • A. Create an After Insert Apex trigger on the user object to assign specific custom permissions.
  • B. Modify the existing Communities registration controller to assign different profiles.
  • C. Create separate login flows corresponding to the different community user personas.
  • D. Modify the Community pages to utilize specific fields on the User and Contact records.

正解:D


質問 # 162
Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

  • A. Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
  • B. Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
  • C. Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
  • D. Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

正解:C


質問 # 163
Northern Trail Outfitters (NTO) has a number of employees who do NOT need access Salesforce objects. Trie employees should sign in to a custom Benefits web app using their Salesforce credentials.
Which license should the identity architect recommend to fulfill this requirement?

  • A. Identity Only License
  • B. Identity Connect License
  • C. Identity Verification Credits Add-on License
  • D. External Identity License

正解:A


質問 # 164
......


Salesforce Identity-and-Access-Management-Architect(Salesforce Certified Identity and Access Management Architect)認定試験は、Salesforceエコシステム内でアイデンティティとアクセス管理に特化したプロフェッショナルのための上級レベルの認定試験です。この認定は、Salesforceプラットフォームのアイデンティティとアクセス管理機能の熟練度を証明し、潜在的な雇用主に自分のスキルと知識を示したい個人に最適です。

 

Salesforce Identity-and-Access-Management-Architect問題集で一発合格を目指すならこれ!:https://www.goshiken.com/Salesforce/Identity-and-Access-Management-Architect-mondaishu.html

Identity-and-Access-Management-Architect練習テスト問題更新されたのは245問があります:https://drive.google.com/open?id=1rpL2RidfOQw_hr_h2qYLaS5iaFrcO5-A