Universal Containers is considering using Delegated Authentication as the sole means of Authenticating of Salesforce users. A Salesforce Architect has been brought in to assist with the implementation. What two risks Should the Architect point out? Choose 2 answers

• A.Delegated Authentication is enabled or disabled for the entire Salesforce org.
• B.UC will be required to develop and support a custom SOAP web service.
• C.The web service must reside on a public cloud service, such as Heroku.
• D.Salesforce users will be locked out of Salesforce if the web service goes down.

Comment: *

Name: *

Email: *

Verification: *

The security team at Universal containers(UC) has identified exporting reports as a high-risk action and would like to require users to be logged into salesforce with their active directory (AD) credentials when doing so. For all other uses of Salesforce, Users should be allowed to use AD credentials or salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with salesforce credentials?

• A.Use SAML Federated Authentication and block access to reports when accesses through a standard assurance session.
• B.Use SAML Federated Authentication, treat SAML sessions as high assurance, and raise the session level required for exporting reports.
• C.Use SAML Federated Authentication and Custom SAML jit provisioning to dynamically add or remove a permission set that grants the Export Reports permission.
• D.Use SAML Federated Authentication with a login flow to dynamically add or remove a permission set that grants the export reports permission.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has a custom, internal-only, mobile billing application for users who are commonly out of the office. The app is configured as a connected App in Salesforce. Due to the nature of this app, UC would like to take the appropriate measures to properly secure access to the app. Which two are recommendations to make the UC? Choose 2 answers

• A.Require High Assurance sessions in order to use the Connected App.
• B.Use Google Authenticator as an additional part of the login process
• C.Set Login IP Ranges to the internal network for all of the app users Profiles.
• D.Disallow the use of Single Sign-on for any users of the mobile app.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has five Salesforce orgs (UC1, UC2, UC3, UC4, UC5). of Every user that is in UC2, UC3, UC4, and UC5 is also in UC1, however not all users 65* have access to every org. Universal Containers would like to simplify the authentication process such that all Salesforce users need to remember one set of credentials. UC would like to achieve this with the least impact to cost and maintenance. What approach should an Architect recommend to UC?

• A.Purchase a third-party Identity Provider for all five Salesforce orgs to use and set up JIT user provisioning on all other orgs.
• B.Configure UC1 as the Identity Provider to the other four Salesforce orgs, but don't set up JIT user provisioning for other orgs.
• C.Purchase a third-party Identity Provider for all five Salesforce orgs to use, but don't set up JIT user provisioning for other orgs.
• D.Configure UC1 as the Identity Provider to the other four Salesforce orgs and set up JIT user provisioning on all other orgs.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has an existing e-commerce platform and is implementing a new customer community. They do not want to force customers to register on both applications due to concern over the customers experience. It is expected that 25% of the e-commerce customers will utilize the customer community . The e-commerce platform is capable of generating SAML responses and has an existing REST-ful API capable of managing users. How should UC create the identities of its e-commerce users with the customer community?

• A.Use a nightly batch ETL job to sync users between the Customer Community and the e-commerce platform and use SAML to allow SSO.
• B.Use the standard Salesforce API to create users in the Community When a User is Created in the e-Commerce platform and use SAML to allow SSO.
• C.Use SAML JIT in the Customer Community to create users when a user tries to login to the community from the e-commerce site.
• D.Use the e-commerce REST API to create users when a user self-register on the customer community and use SAML to allow SSO.

Comment: *

Name: *

Email: *

Verification: *