An identity architect has built a native mobile application and plans to integrate it with a Salesforce Identity solution. The following are the requirements for the solution:
1. Users should not have to login every time they use the app.
2. The app should be able to make calls to the Salesforce REST API.
3. End users should NOT see the OAuth approval page.
How should the identity architect configure the Salesforce connected app to meet the requirements?

• A.Enable the API Scope and Offline Access Scope on the connected app, and then set the Connected App access settings to "User may self authorize".
• B.Enable the API Scope and Offline Access Scope on the connected app, and then set the connected app to access settings to 'Admin Pre-Approved".
• C.Enable the Full Access Scope and then set the connected app access settings to "Admin Pre-Approved".
• D.Enable the API Scope and Offline Access Scope, upload a certificate so JWT Bearer Flow can be used and then set the connected app access settings to "Admin Pre-Approved".

Comment: *

Name: *

Email: *

Verification: *

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A.Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• B.Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• C.Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D.Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

• A.Configure SAML SSO settings.
• B.Configure Delegated Authentication.
• C.Set up My Domain.
• D.Create a Connected App.

Comment: *

Name: *

Email: *

Verification: *

Universal containers (UC) has an e-commerce website while customers can buy products, make payments, and manage their accounts. UC decides to build a customer Community on Salesforce and wants to allow the customers to access the community for their accounts without logging in again. UC decides to implement ansp-Initiated SSO using a SAML-BASED complaint IDP. In this scenario where salesforce is the service provider, which two activities must be performed in salesforce to make sp-Initiated SSO work? Choose 2 answers

• A.Configure SAML SSO settings.
• B.Create a connected App
• C.Configure Delegated Authentication
• D.Set up my domain

Comment: *

Name: *

Email: *

Verification: *

Universal containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

• A.Set login IP ranges to the internal network for all of the app users profiles.
• B.Use Google Authenticator as an additional part of the logical processes.
• C.Disallow the use of single Sign-on for any users of the mobile app.
• D.Require high assurance sessions in order to use the connected App

Comment: *

Name: *

Email: *

Verification: *