How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?

• A.Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
• B.Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
• C.Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
• D.Remove the Login page from the list of Authentication Services on the My Domain configuration.

Comment: *

Name: *

Email: *

Verification: *

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.
What should be used to fulfill this requirement?

• A.Use Login Flows to capture device from which users log in and store device and user information in a custom object.
• B.Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
• C.Use the Login History object to track information about devices from which users log in.
• D.Use the Activations feature to meet the compliance requirement to track device information.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) uses a legacy Employee portal for their employees to collaborate and post their ideas. UC decides to use Salesforce Ideas for voting and better tracking purposes. To avoid provisioning users on Salesforce, UC decides to push ideas posted on the Employee portal to Salesforce through API. UC decides to use an API user using OAuth Username-Password flow for the connection. How can the connection to Salesforce be restricted only to the Employee portal server?

• A.Add the Employee portal's IP address to the Login IP range on the user profile.? May two answers
• B.Add the Employee portal's IP Address to the trusted IP range for the Connected App.
• C.Use a dedicated profile for the user the Employee portal user.
• D.Use a digital certificate signed by the Employee portal server.

Comment: *

Name: *

Email: *

Verification: *

Universal containers (UC) has a mobile application that it wants to deploy to all of its salesforce users, including customer Community users. UC would like to minimize the administration overhead, which two items should an architect recommend? Choose 2 answers

• A.Enable the "High Assurance session required" setting in the Connected App.
• B.Enable the "Enforce Ip restrictions" settings in the connected App.
• C.Enable the "All users may self-authorize" setting in the Connected App.
• D.Enable the "Refresh Tokens is valid until revoked " setting in the Connected App.

Comment: *

Name: *

Email: *

Verification: *

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers

• A.The assertion sent to 5alesforce contains an assertion ID previously used.
• B.The subject element is missing from the assertion sent to salesforce.
• C.The certificate loaded into SSO configuration does not match the certificate used by the IdP.
• D.The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

Comment: *

Name: *

Email: *

Verification: *