48

Identity and Access Manager Quick Quiz

1 / 10

RC Toys is onboarding a lot of new employees and would like new employees to automatically be created in Salesforce. Their profile should be mapped to their Active Directory Department. How can Rick implement this request?

2 / 10

How Nicole make sure employees can only use SSO? (Choose 2)

3 / 10

Which of the following are capabilities of Identity Connect? (Choose 2)

4 / 10

When building an application that leverages the Salesforce REST API how will the API calls be authenticated to a specific user? (Choose 2)

5 / 10

How does not setting up My Domain impact an implementation of SAML SSO using a third-party IdP?

6 / 10

RB Outfitters is setting up an identity solution with an external vendors application for their employees. User attributes need to be returned to this application in an ID token. What mechanism should an architect recommend?

7 / 10

RC Toys wants to expand their customers ability to self-register in their customer community. They should receive a different experience depending on information they provide during registration. What should Rick do?

8 / 10

RC Toys wants to use Experience Cloud to replace their homegrown portal. They are currently use a third party SSO that stores the customer and partner credentials. When a user logs in to the Experience Cloud for the first time via SSO their user record needs to be created automatically? How can Rick set this up to automatically provision users for the first time?

9 / 10

Nicole wants to update the self registration in the partner community to include a bit more custom data and use it to assign Profile and Account data. Which of the following would help? (Choose 2)

10 / 10

RC Toys wants to use experience cloud to roll out a partner community. Rick wants to use idP (external Identity Provider) with partners registering for access to the portal. He hate duplicate records and wants to make sure each is only registered once. What should he do?

0%
5

Identity and Access Manager Competitive Quiz

1 / 60

Nicole's Nails has started allowing customers to place orders for custom nail polishes. Nail technicians have access to a custom mobile app where they can place the order from where ever they are. For simplicity they should only have to log in the first time they log in. Which OAuth flow can support this?

2 / 60

Which of the following attacks would 2FA (2 Factor Authentication) protect against? (Choose 3)

3 / 60

RC Toys wants to use Salesforce for its global businesses, its three regions each have their own Microsoft Active Directory Federation implementation. They would like to have a single org and to use ADFS. How can they accomplish this would procuring additional applications?

4 / 60

Nicole wants to update the self registration in the partner community to include a bit more custom data and use it to assign Profile and Account data. Which of the following would help? (Choose 2)

5 / 60

Tim's Tiles wants to allow customers to access a community using Facebook credentials. The first time the customer logs in they should be automatically created in the accounting system. The accounting system has a web service accesible to Salesforce. How should the architect construct this?

6 / 60

RC Toys wants to use experience cloud to roll out a partner community. Rick wants to use idP (external Identity Provider) with partners registering for access to the portal. He hate duplicate records and wants to make sure each is only registered once. What should he do?

7 / 60

Nicole's Nails connects their new mobile app to their Salesforce org using OpenId Connect. How can they enable the retreival of the access token status for their OpenID Connect connection?

8 / 60

Tom's tablets wants to turn on SAML SSO for their Salesforce internal users using a third-party IDP. Tom decides not to set up my domain, how does that impact his SSO implementation?

9 / 60

Rick wants to allow passwordless login to a new customer service portal, customers should login with a one time passcode sent via SMS or email. How does he know how any Identity Verification Credits he may need?

10 / 60

RC Toys wants to use SAML-Based single sign-on for authentication for Salesforce inbound Oauth-enabled integration clients. Which Oauth flow supports this scenario?

11 / 60

RC Toys wants to give some of their users access to a mobile app connected to Salesforce via Oauth. What Oauth feature can be used to restrict the types of users who can access the app?

12 / 60

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

13 / 60

RC Toys wants to use Experience Cloud to replace their homegrown portal. They are currently use a third party SSO that stores the customer and partner credentials. When a user logs in to the Experience Cloud for the first time via SSO their user record needs to be created automatically? How can Rick set this up to automatically provision users for the first time?

14 / 60

RC Toys wants to boost customer loyalty. They want to create a single customer view that includes buying behaviors, channel preferences and what they have purchased. This information is currently spread across multiple systems and formats. Rick has decided Salesforce should be used to build the 360 view. He already uses Microsoft Active Directory to mange his users, how should he provision, deprovision and authenticate his users in Salesforce?

15 / 60

Nicole wants to allow customers to use the app launcher to access an off platform app that can generate letters. The letter generator uses Oauth to provide access, what license will users need to use this?

16 / 60

Rick told Nicole she should consider taking advantage of refresh tokens for her apps that use Oauth 2.0. Which Oauth flows should she consider? (Choose 2)

17 / 60

What Salesforce license is needed to provide single sign-on for a B2C application using Salesforce Identity?

18 / 60

Rick is using a middleware to integrate systems with Salesforce, for security usernames and passwords cannot be stored in his systems. How can middleware authentication occur?

19 / 60

All logins must include MFA, currently users can sign in with username and password OR single sign-on against a corporate identity provider that includes MFA. How can they update this to meet the criteria?

20 / 60

Cam's Cars has a B2C website that doesn't support single sign-on like SAML or Oauth. Cam wants to use Salesforce Identity to register and authenticate new customers on the website. What can their architect do to provide username/password authentication for the website? (Choose 2)

21 / 60

Rick wants to dynamically update the agent role and permission sets, he has Active Directory as the corporate identity provide and uses SAML based single sign-on. Which of the following can help? (Choose 2)

22 / 60

RC toys has implemented a multi-org architecture in their company where users have licenses across multiple orgs. Users are complaining they can't remember which login goes with which org and business process. What can Rick do to address the complaints? (Choose 2)

23 / 60

RC Toys wants to let their Salesforce Partner Community Users to self-register. They would like to capture some custom data elements to help assign the correct Profile and Account to the user. Which two actions would help? (Choose 2)

24 / 60

Employees at RC Toys have access to a legacy employee portal for them to collaborate. They can access it from the company's internal website using Single Sign-On. The portals works with SiteMinder and AD and supports posting ideas. Rick wants to use Salesforce Ideas instead as it is more robust. He doesn't want to provision users on Salesforce and instead wants to integrate the portal ideas with Salesforce via the API. What is Salesforce's role in the context of SSO in this scenario?

25 / 60

A chemical company was to integrate Salesforce with an on-premise application. To ensure all requests to the on-premise application include a trusted certificate what should the architect do?

26 / 60

JML Bakery is building a Customer Community to better connect with their community. They do not want customer credentials stored in Salesforce and would prefer customers use their social media credentials. Which two actions should they take? (Choose 2)

27 / 60

RC Toys wants to expand their customers ability to self-register in their customer community. They should receive a different experience depending on information they provide during registration. What should Rick do?

28 / 60

RC toys has a legacy web application using the canvas framework. They wish to integrate this with Salesforce but do not feel a signed request is adequate authentication. What two considerations should be made for authenticating the third-party app using the canvas framework? (Choose 2)

29 / 60

RC Toys is using delegated authentication for Salesforce users. Their current service is written in Java. RC Toys has a new CIO that would like the company to change the service to be REST-ful and written in .NET. What should Tom the RC Toys architect be sure to advice the new CIO? (Choose 2)

30 / 60

Which of the following are features of federated Single Sign-on solutions? (Choose 3)

31 / 60

TruthRX has SAML SSO enabled for multiple applications. They now want to grant access to their regional Salesforce orgs from their main Salesforce org seamlessly. What should they do?

32 / 60

How does not setting up My Domain impact an implementation of SAML SSO using a third-party IdP?

33 / 60

RB Outfitters is setting up an identity solution with an external vendors application for their employees. User attributes need to be returned to this application in an ID token. What mechanism should an architect recommend?

34 / 60

Sales Reps at RC Toys have been exporting large amounts of data via reports and Rick is starting to be concerned. Normally users can login with either Active Directory or Salesforce credentials but Rick would like them to be required to use AD credentials for downloading reports. Which solution allows sales reps to still view reports in Salesforce using Salesforce credentials, but require AD to expore reports?

35 / 60

RC Toys existing Salesforce org is configured for SP-Initiated SAML SSO with their Idp, they wish to introduce a second Salesforce environment and want to use the same Idp, how can Rick accomplish this?

36 / 60

RC Toys is trying to identify the business use case for Identity Provider. Which of the following are capabilities of an Identity Provider? (Choose 2)

37 / 60

What does RC toys need to do to enable SAML SSO configuration? (Choose 2)

38 / 60

Sauls Service Shop is planning to build a service portal and allow customers to login with a one time passcode sent via Email or SMS. How should the quantity of Identity Verfication Credits be estimated?

39 / 60

Nicole's Nails would like to implement a Two-Factor login for a newly implemented Salesforce org, they have already have a custom token-based Two Factor authentication system for their on-premise application. What is the recommended solution?

40 / 60

Bob is the architect for RC toys and needs to automate provisioning and deprovisioning users into Salesforce from an external system. How should he do that?

41 / 60

Nicole's Nails wants to allow technicians to use their mobile devices to access Salesforce using a hybrid mobile app. The app uses SDK (software development kits), refresh tokens to regenerate access tokens and has been distributed as a private app. For security, Nicole wants to roll out a policy that requires technicians to reverify if they haven't logged in for the last week. What connected app setting can be leveraged to make this policy possible?

42 / 60

In a mobile application secured by Salesforce Identity using Oauth 2.0 user-agent flow which of the following concepts apply? (Choose 3)

43 / 60

Rob has configurd a SAML-based SSO integration between Salesforce and an external identity provider. When he tried to log in to Salesforce using SSO he got a SAML error. What two options would help him troubleshoot efficiently? (Choose 2)

44 / 60

Stan's Carpet Cleaning Service (SCCS) wants to sync their Closed Won opportunities to a data warehous in near realtime. SCCS wants the communication between Salesforce and the target system to be secure. When they send Outbound Messages what certifcate is sent alone with it?

45 / 60

RC Toys would like to integrate their custom employee portal with Salesforce to allow employees to post ideas from the employee portal. When the user clicks the links in the employee portal they should be redirected to Salesforce, authenticated and presented with the correct page. Which OAuth flow supports this best?

46 / 60

Keiki Crafts has a custom app for tracking time, they want to use Salesforce Identity to control access to the app. What is the minimum license they need to support this requirement?

47 / 60

SCCS wants to build a customer community where customers who already have access to their E-Commerce site can seamlessly login. They intend to use ansp-initiated SSO using a SAML based compliant IDP. If Salesforce is the service provider what two steps must be completed to make SP-Initiated SSO work? (Choose 2)

48 / 60

RC Toys manages a custom web page, they want users to be able to access Salesforce and other custom web pages from it. The users should be able to access each with the same set of credentials. What SAML SSO flow would allow this?

49 / 60

Which of the following are capabilities of SAML-based Federated authentication? Choose 3 answers

50 / 60

RC Toys has implemented ansp-Initiated SAML flow between an external IDP and salesforce. Sam, a new user is, is trying to login to the Salesforce mobile app for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

51 / 60

Nicole is struggling with multiple orgs and would like to manage users and profiles in a central system of record. How can she configure this?

52 / 60

Rick is reviewing the Salesforce login history and is seeing some SAML SSO (Security Assertion Markup Language) 'Replay Detected and Assertion Invalid' login errors. Which of the following could be causing these errors? (Choose 2)

53 / 60

Rick needs users to use Two-factor authentication(2FA) for Salesforce, but not when they are on the company network. What should he do?

54 / 60

What should be considered when using digital certificates in an SSL setup involving a trusted party and a trusting party?

55 / 60

Rick has contracts with clients that require additional security to access their data. There is a separate system to store their data and Rick wants to ensure employees are only allowed to access the system when they are assigned to the client (this can be found via case ownership). He thinks SAML SSO with Saleforce as the IdP and automatically allowing access based on the ownership of the current case should validate access. How can he configure this?

56 / 60

What are three capabilities of SAML-based Federated authentication? (Choose 3)

57 / 60

Nicoles employees are complaining they keep having to verify, what can she do to decrease the frequency?

58 / 60

RC toys has a mobile app for its employees that uses Salesforce for both authentication purposes and data from Salesforce. For each of use employees should only have to enter their credentials the first time they run the app. While the app has been running for 6 months, employees are complaining they are having to login again. There was a recent URI scheme update that was associated with the mobile app. Where should Rick check first?

59 / 60

Rick from RC Toys wants to allow customers to submit and manage issues with their purchases without having to call in each time. He would like to grant access using Facebook and Twitter credentials, which of the following actions does he need to take? (Choose 2)

60 / 60

When building a mobile application that makes calls using the Salesforce REST APIS how can we ensure users do not have to enter credentials every time they enter the app? (Choose 2)

Your score is

0%

/115
4

Identity and Access Manager Full Question Deck

1 / 115

Nicoles employees are complaining they keep having to verify, what can she do to decrease the frequency?

2 / 115

Rick is using a middleware to integrate systems with Salesforce, for security usernames and passwords cannot be stored in his systems. How can middleware authentication occur?

3 / 115

Which of the following does SAML-based federated authentication provide? (Choose 3)

4 / 115

Nicole is trying to figure out why she is getting SAML-based SSO errors during test, the settings appear to be correct. Which of the following could be the cause? (Choose 2)

5 / 115

Rick has contracts with clients that require additional security to access their data. There is a separate system to store their data and Rick wants to ensure employees are only allowed to access the system when they are assigned to the client (this can be found via case ownership). He thinks SAML SSO with Saleforce as the IdP and automatically allowing access based on the ownership of the current case should validate access. How can he configure this?

6 / 115

Nicole wants to allow customers to use the app launcher to access an off platform app that can generate letters. The letter generator uses Oauth to provide access, what license will users need to use this?

7 / 115

When building a mobile application that makes calls using the Salesforce REST APIS how can we ensure users do not have to enter credentials every time they enter the app? (Choose 2)

8 / 115

How Nicole make sure employees can only use SSO? (Choose 2)

9 / 115

When building an application that leverages the Salesforce REST API how will the API calls be authenticated to a specific user? (Choose 2)

10 / 115

What Salesforce license is needed to provide single sign-on for a B2C application using Salesforce Identity?

11 / 115

In a mobile application secured by Salesforce Identity using Oauth 2.0 user-agent flow which of the following concepts apply? (Choose 3)

12 / 115

How does not setting up My Domain impact an implementation of SAML SSO using a third-party IdP?

13 / 115

Which of the following are considerations of Delegated Authentication? (Choose 2)

14 / 115

Nicole has an existing e-commerce platform and is looking to add a new customer community, she doesn't want clients to have to register on both as it would be a pain. Its looking like about every 1 in 4 customers will want to use the new community as well. Her e-commerce platform can generate SAML responses and has a REST-ful API that can access users. What is the best way to create the e-commerce users in the community?

15 / 115

What should be considered when using digital certificates in an SSL setup involving a trusted party and a trusting party?

16 / 115

Nicole's Nails has an external app that uses data from Salesforce. They have an Oauth 2.0 auth flow, when they logout the token needs to be invalidated. How do they handle this?

17 / 115

Which of the following are features of federated Single Sign-on solutions? (Choose 3)

18 / 115

Rick heard about a contactless user feature that could be used in the customer 360 platform on salesforce experience cloud. What is the impact of the contactless user feature?

19 / 115

Rick wants to dynamically update the agent role and permission sets, he has Active Directory as the corporate identity provide and uses SAML based single sign-on. Which of the following can help? (Choose 2)

20 / 115

Nicole is making a mobile app that she intends to secure using the Oauth 2.0 user-agent flow and Salesforce Identity. API access only needs to be approved every 3 months. Which of the following needs to be configured? (Choose 2)

21 / 115

All logins must include MFA, currently users can sign in with username and password OR single sign-on against a corporate identity provider that includes MFA. How can they update this to meet the criteria?

22 / 115

Rick told Nicole she should consider taking advantage of refresh tokens for her apps that use Oauth 2.0. Which Oauth flows should she consider? (Choose 2)

23 / 115

Florida Financials needs its user administration (including passwords and authentication requests) to be managed by an external system that is accessible via a SOAP web service. Which of the following is recommended?

24 / 115

Rick wants to allow passwordless login to a new customer service portal, customers should login with a one time passcode sent via SMS or email. How does he know how any Identity Verification Credits he may need?

25 / 115

Rick wants to prevent employees from using mobile vpn to login to the mobile app, but still login to Salesforce mobile app with their Active Directory Password. Which of the following do they need? (Choose 2)

26 / 115

Nicole wants to update the self registration in the partner community to include a bit more custom data and use it to assign Profile and Account data. Which of the following would help? (Choose 2)

27 / 115

The SSO for Nicole's Nails has been working for the last three months. A new batch of users is receiving an error when they try to use SSO, but this is not impacting existing users. What is a possible cause?

28 / 115

RC Toys is trying to identify the business use case for Identity Provider. Which of the following are capabilities of an Identity Provider? (Choose 2)

29 / 115

Nicole's Nails would like to implement a Two-Factor login for a newly implemented Salesforce org, they have already have a custom token-based Two Factor authentication system for their on-premise application. What is the recommended solution?

30 / 115

Nicole has decided its time to integrate her existing web application with Salesforce, she has an Oauth Web-Server Authentication Flow, what two things should she keep in mind?

31 / 115

RC Toys existing Salesforce org is configured for SP-Initiated SAML SSO with their Idp, they wish to introduce a second Salesforce environment and want to use the same Idp, how can Rick accomplish this?

32 / 115

RC Toys wants to use Salesforce for its global businesses, its three regions each have their own Microsoft Active Directory Federation implementation. They would like to have a single org and to use ADFS. How can they accomplish this would procuring additional applications?

33 / 115

RC Toys wants to ensure customers setting up their customer community self registration are not using a default account record. What will happen if they implement this?

34 / 115

Nicole's Nails has started allowing customers to place orders for custom nail polishes. Nail technicians have access to a custom mobile app where they can place the order from where ever they are. For simplicity they should only have to log in the first time they log in. Which OAuth flow can support this?

35 / 115

RC Toys wants to make sure the third-party Idp provider they use for federated single sign-on can support automated provisioning and deprovisioning with federated single sign-on. What are the underlying mechanisms they will need?

36 / 115

Which of the following are features of Federated Single Sign On? (Choose 3)

37 / 115

RC Toys has an existing LDAP identity store and third party portal. They wish to use the existing portal as the primary site that users access, but also want seamless loging with SAML based SSO for a Salesforce Partner Community. What SSO flow should the architect recommend?

38 / 115

Rick has recommended to Nicole to use Identity Connect to integrate her Active Directory with Salesforce for provisioning, deprovisioning and SSO. How can Identity Connect accomplish this?

39 / 115

Nicole is struggling with multiple orgs and would like to manage users and profiles in a central system of record. How can she configure this?

40 / 115

RB Outfitters is setting up SSO for their users. On the Salesforce User object a custom field should be populated for new and existing users. What should Tom, the architect, do? (Choose 2)

41 / 115

RC Toys wants to use Experience Cloud to replace their homegrown portal. They are currently use a third party SSO that stores the customer and partner credentials. When a user logs in to the Experience Cloud for the first time via SSO their user record needs to be created automatically? How can Rick set this up to automatically provision users for the first time?

42 / 115

RC Toys has multiple external applications and has decided to use Salesforce as the Identity Provider. Apps should be available via the app launcher and should be available to individual users. How should Rick set this up? (Choose 3)

43 / 115

RC Toys has a self-registration option on their portal, however, they are getting concerned about bots creating additional records and causing bad data. What can Rick do to prevent unauhorized submissions? (Choose 2)

44 / 115

Nicole's Nails is now offering a mobile service and technicians need access to the mobile billing application. The billing application is in a Connected App in Salesforce. What can Nicole do to ensure the app is secured? (Choose 2)

45 / 115

Employees at RC Toys collaborate via an employee portal they can access via the company's internal website with SSO. It works with Active Directory, what is the role of Active Directory?

46 / 115

Which of the following attacks would 2FA (2 Factor Authentication) protect against? (Choose 3)

47 / 115

RC Toys manages a custom web page, they want users to be able to access Salesforce and other custom web pages from it. The users should be able to access each with the same set of credentials. What SAML SSO flow would allow this?

48 / 115

Rick from RC Toys wants to enable SAML-Based SSO for his partner community. He has an existing Idap identity store and third party portal. He wants to stick primarily with the existing portal but enable seamless access to the partner community. What SSO flow should he use?

49 / 115

RC Toys wants to use experience cloud to roll out a partner community. Rick wants to use idP (external Identity Provider) with partners registering for access to the portal. He hate duplicate records and wants to make sure each is only registered once. What should he do?

50 / 115

Nicole from Nicole's Nails needs to grant some of her technicians access to an external application from the App Launch in Salesforce. What steps must she take? (Choose 3)

51 / 115

Rick from RC Toys wants to allow customers to submit and manage issues with their purchases without having to call in each time. He would like to grant access using Facebook and Twitter credentials, which of the following actions does he need to take? (Choose 2)

52 / 115

Nicole's Nails connects their new mobile app to their Salesforce org using OpenId Connect. How can they enable the retreival of the access token status for their OpenID Connect connection?

53 / 115

RC Toys has a custom application to support helpdesk activities. They use it to request, approve, notify and track access to various applications (on premises and cloud) including Salesforce. Salesforce is used to authenticate users, how should users be provisioned in Salesforce once they are approved in the helpdesk application if they need to have approved profiles and permission sets?

54 / 115

RC Toys would like to integrate their custom employee portal with Salesforce to allow employees to post ideas from the employee portal. When the user clicks the links in the employee portal they should be redirected to Salesforce, authenticated and presented with the correct page. Which OAuth flow supports this best?

55 / 115

Which of the following should be considered when designing a Delegated Authentication implementation?

56 / 115

Which of the following are capabilities of Delagated Authentication? (Choose 3)

57 / 115

Employees at RC Toys have access to a legacy employee portal for them to collaborate. They can access it from the company's internal website using Single Sign-On. The portals works with SiteMinder and AD and supports posting ideas. Rick wants to use Salesforce Ideas instead as it is more robust. He doesn't want to provision users on Salesforce and instead wants to integrate the portal ideas with Salesforce via the API. What is Salesforce's role in the context of SSO in this scenario?

58 / 115

One of Nicole's technicians is trying to access one of their connected apps. They are getting: |Failed: Not approved for access|. What is the most likely culprit?

59 / 115

Nicole's Nails has recently acquired 4 additional locations. Each location has their own Salesforce org (NN1 - her main shop, NN2, NN3, NN4, NN5). She has worked with the technicians from NN2, NN3, NN4, and NN5 before so they are all NN1 and their own org, but not all of the orgs. Nicole wants to simply login so each technician only needs to remember one credential. What is the most efficient way to accomplish this with the least amount of maintenance?

60 / 115

RC Toys wants to expand their customers ability to self-register in their customer community. They should receive a different experience depending on information they provide during registration. What should Rick do?

61 / 115

RC Toys wuld like to sychronize their Active Directory with Salesforce and sync profiles and permission sets based on their AD group membership. Which of the following is the optimal SSO solution?

62 / 115

Nicole's Nails wants to let employees leverage posts/views/votes in Salesforce, but while they are in an internal company portal. Ideas posted in Salsforce have a link created in the company portal using Oauth. When users are clicking on existing ideas they are being sent to the Ideas page instead of the Idea they clicked on. Which URL parameter can be used so they can go to the original requested page?

63 / 115

RC Toys wants to start allowing customers to submit their purchase issues and manage them directly. Currently customers have Amazon credentials and Rick would like to have them login with those. What is the recommended approach?

64 / 115

What HTTP parameter should be used in a service provider initiated SAML SSO setup where the user is trying to access a resource on the service provider and is submitting a SAML request to the identity provider, ensuring they are returned to the intended resource?

65 / 115

Which of the following security risks can Two-Factor Authentication (2FA) mitigate when enabled? (Choose 2)

66 / 115

Nicole's Nails wants to allow technicians to use their mobile devices to access Salesforce using a hybrid mobile app. The app uses SDK (software development kits), refresh tokens to regenerate access tokens and has been distributed as a private app. For security, Nicole wants to roll out a policy that requires technicians to reverify if they haven't logged in for the last week. What connected app setting can be leveraged to make this policy possible?

67 / 115

Sam wants to roll out MFA(multi-factor authentication) to his internal employees. Which of the following meet the criteria for secure MFA? (Choose 3)

68 / 115

Rick needs users to use Two-factor authentication(2FA) for Salesforce, but not when they are on the company network. What should he do?

69 / 115

RC Toys has a proprietary system for tracking orders, it supports SAML (Security Assertion Markup Language) based single sign-on. Rick wants to ensure only active Salesforce users can access the tracking system (which is visible in Salesforce only). What should he do? (Choose 2)

70 / 115

Nicole's Nails has an on-premise application for supply ordering, and she wants to connect it to Salesforce. Rick advised her to make sure a trusted certificate chain is used to access her on-premise application endpoint. What does she need to do to ensure this is done?

71 / 115

Rick is reviewing the Salesforce login history and is seeing some SAML SSO (Security Assertion Markup Language) 'Replay Detected and Assertion Invalid' login errors. Which of the following could be causing these errors? (Choose 2)

72 / 115

Which of the following are capabilities of SAML-based Federated authentication? Choose 3 answers

73 / 115

RC Toys has implemented ansp-Initiated SAML flow between an external IDP and salesforce. Sam, a new user is, is trying to login to the Salesforce mobile app for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?

74 / 115

Sales Reps at RC Toys have been exporting large amounts of data via reports and Rick is starting to be concerned. Normally users can login with either Active Directory or Salesforce credentials but Rick would like them to be required to use AD credentials for downloading reports. Which solution allows sales reps to still view reports in Salesforce using Salesforce credentials, but require AD to expore reports?

75 / 115

RC Toys wants to boost customer loyalty. They want to create a single customer view that includes buying behaviors, channel preferences and what they have purchased. This information is currently spread across multiple systems and formats. Rick has decided Salesforce should be used to build the 360 view. He already uses Microsoft Active Directory to mange his users, how should he provision, deprovision and authenticate his users in Salesforce?

76 / 115

RC toys has uses a custom recruiting application, but wants to get candidate information in Salesforce when they have been selected for interview. Rick intends to use Oauth to connect the two systems with authentication using digital certificates. Which two Oauth flow types should be considered? (Choose 2)

77 / 115

Employees at RC Toys are complaining likes to case records are prompting them to login again with SAML SSO. When they do log in they are sent to the home tab instead of the case. Where should Rick begin his investigation?

78 / 115

What information does the 'Relaystate' parameter contain in sp-Initiated Single Sign-on?

79 / 115

RC Toys wants to use SAML-Based single sign-on for authentication for Salesforce inbound Oauth-enabled integration clients. Which Oauth flow supports this scenario?

80 / 115

RC toys has implemented a multi-org architecture in their company where users have licenses across multiple orgs. Users are complaining they can't remember which login goes with which org and business process. What can Rick do to address the complaints? (Choose 2)

81 / 115

Which of the following are capabilities of Identity Connect? (Choose 2)

82 / 115

RC toys has a legacy web application using the canvas framework. They wish to integrate this with Salesforce but do not feel a signed request is adequate authentication. What two considerations should be made for authenticating the third-party app using the canvas framework? (Choose 2)

83 / 115

RC Toys uses a third-party reward system to calculate rewards. They want to integrate this in to Salesforce. Customers rewards are calculated in the rewards system and need to be updated in Salesforce on a schedule. If they use an Oauth flow that needs to be secure which two practices are recommended? (Choose 2)

84 / 115

RC Toys is onboarding a lot of new employees and would like new employees to automatically be created in Salesforce. Their profile should be mapped to their Active Directory Department. How can Rick implement this request?

85 / 115

Cam's Cars has a B2C website that doesn't support single sign-on like SAML or Oauth. Cam wants to use Salesforce Identity to register and authenticate new customers on the website. What can their architect do to provide username/password authentication for the website? (Choose 2)

86 / 115

RC toys has a mobile app for its employees that uses Salesforce for both authentication purposes and data from Salesforce. For each of use employees should only have to enter their credentials the first time they run the app. While the app has been running for 6 months, employees are complaining they are having to login again. There was a recent URI scheme update that was associated with the mobile app. Where should Rick check first?

87 / 115

Nicole's Nails wants to restrict her employees to only allow access to client data while in the office by restricting login ip ranges. However, some employees will need to access via a mobile device from outside these IP ranges. What options should be recommended? (Choose 2)

88 / 115

Nicole's Nails is considering Customer 360 to help get a better understanding of her clients now that she is partnering with Holly's Hiar. They want to understand how Customer 360 can help. What are two key benefits of Customer 360 Identity? (Choose 2)

89 / 115

What does RC toys need to do to enable SAML SSO configuration? (Choose 2)

90 / 115

RC Toys wants to let their Salesforce Partner Community Users to self-register. They would like to capture some custom data elements to help assign the correct Profile and Account to the user. Which two actions would help? (Choose 2)

91 / 115

Chris, the Identity Architect at RC Toys, would like to connect Microsoft Active Directory with Salesforce for user provisioning, deprovisioning and single sign-on (SSO) and would like to use Identity Connect. Which feature of Identity Connect is applicable?

92 / 115

RC Toys wants to give some of their users access to a mobile app connected to Salesforce via Oauth. What Oauth feature can be used to restrict the types of users who can access the app?

93 / 115

Sam finally setup SAML Based SSO for his company. Its been working for 6 months. When they try to add a batch of new users the users receive an error when trying to use SSO. Existing users are not receiving this problem. What is likely the cause?

94 / 115

SCCS wants to set up delegated authentication to allow login with corporate credentials. What mechanism can be used to make sure the connection between Salesforce and the login service can be trusted?

95 / 115

SCCS wants their sales team to have a custom mobile app that uses Salesforce for authentication and access management. This app is only for the sales team. How can SCCS grant mobile access to the sales users only?

96 / 115

SCCS needs to integrate a third party integration with its Experience Cloud Customer port. Salesforce is acting as an Identity Provider. What two features should be utilized to the let users for the third party application login and use identity services? (Choose 2)

97 / 115

SCCS wants to build a customer community where customers who already have access to their E-Commerce site can seamlessly login. They intend to use ansp-initiated SSO using a SAML based compliant IDP. If Salesforce is the service provider what two steps must be completed to make SP-Initiated SSO work? (Choose 2)

98 / 115

Bob is the architect for RC toys and needs to automate provisioning and deprovisioning users into Salesforce from an external system. How should he do that?

99 / 115

TruthRX has SAML SSO enabled for multiple applications. They now want to grant access to their regional Salesforce orgs from their main Salesforce org seamlessly. What should they do?

100 / 115

A chemical company was to integrate Salesforce with an on-premise application. To ensure all requests to the on-premise application include a trusted certificate what should the architect do?

101 / 115

SCCS restricts access to Salesforce for it's employees using restricted IP ranges. They want to roll out a mobile experience for Salesforce that is accessible from anywhere. What two things are recommended? (Choose 2)

102 / 115

RC Toys wants to allow customers to login using Facebook, Google or other social sign on providers to its Access Management Solution built on Salesforce. How do they turn this on assuming social sign-on providers support OpenID Connect?

103 / 115

What is one of the roles of an Identity Provider in a Single Sign-on setup using SAML?

104 / 115

Tim's Tiles wants to allow customers to access a community using Facebook credentials. The first time the customer logs in they should be automatically created in the accounting system. The accounting system has a web service accesible to Salesforce. How should the architect construct this?

105 / 115

Mike's Gym also designs a specialty line of gym equipment. They use Salesforce to keep track of the sales cycle for this equipment. They recently switched vendors and their new manufacturer has a custom order app that needs to request data from Salesforce. The order fulfillment app needs to integrate using OAuth 2.0 protocol. What should mikes team use?

106 / 115

RC Toys wants to enable SSO, what two things need to be done? (Choose 2)