Northern Trail Outfitters (NTO) wants to improve its engagement with existing customers to boost customer loyalty. To get a better understanding of its customers, NTO establishes a single customer view including their buying behaviors, channel preferences and purchasing history. All of this information exists but is spread across different systems and formats.
NTO has decided to use Salesforce as the platform to build a 360 degree view. The company already uses Microsoft Active Directory (AD) to manage its users and company assets.
What should an Identity Architect do to provision, deprovision and authenticate users?

• A.A Salesforce Identity can be included but NTO will require Identity Connect.
• B.Salesforce Identity is not needed since NTO uses Microsoft AD.
• C.Salesforce Identity is included in the Salesforce licenses so it does not need to be considered separately.
• D.Salesforce Identity can be included but NTO will be required to build a custom integration with Microsoft AD.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) plans to use a SAML-based third-party IdP serving both of the Salesforce Partner Community and the corporate portal. UC partners will log in 65* to the corporate portal to access protected resources, including links to Salesforce resources. What would be the recommended way to configure the IdP so that seamless access can be achieved in this scenario?

• A.Set up the corporate portal as a Connected App in Salesforce and use the Web server OAuth flow.
• B.Configure IdP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• C.Configure SP-initiated SSO that passes the SAML token upon Salesforce resource access request.
• D.Set up the corporate portal as a Connected App in Salesforce and use the User Agent OAuth flow.

Comment: *

Name: *

Email: *

Verification: *

Which three are capabilities of SAML-based Federated authentication? Choose 3 answers

• A.Centralized federation provides single point of access, control and auditing.
• B.SAML tokens can be in XML or JSON format and can be used interchangeably.
• C.Access tokens are used to access resources on the server once the user is authenticated.
• D.Web applications with no passwords are more secure and stronger against attacks.
• E.Trust relationships between Identity Provider and Service Provider are required.

Comment: *

Name: *

Email: *

Verification: *

A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?

• A.OAuth 2.0 Device Flow
• B.OAuth 2.0 Asset Token Flow
• C.OAuth 2.0 User-Agent Flow
• D.OAuth 2.0 JWT Bearer How

Comment: *

Name: *

Email: *

Verification: *

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A.Use SAML federatedAuthentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• B.Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• C.Use SAML Federated Authentication andblock access to reports when accessed through a Standard Assurance session.
• D.Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Comment: *

Name: *

Email: *

Verification: *