Question 1

A service provider (SP) supports both Security Assertion Markup Language (SAML) and OpenID Connect(OIDC).When integrating this SP with Salesforce, which use case is the determining factor when choosing OIDC orSAML?

Options :

A : OIDC is more secure than SAML and therefore is the obvious choice.

B : The SP needs to perform API calls back to Salesforce on behalf of the user after the user logs in to the service provider.

C : If the user has a session on Salesforce, you do not want them to be prompted for a username and password when they login to the SP.

D : They are equivalent protocols and there is no real reason to choose one over the other.

Answer: B

Question 2

Identity-and-Access-Management-Architect-page101-image4 An organization has a central cloud-based Identity and Access Management (IAM) Service for authenticationand user management, which must be utilized by all applications as follows:1 - Change of a user status in the central IAM Service triggers provisioning or deprovisioining in theintegrated cloud applications.2 - Security Assertion Markup Language single sign-on (SSO) is used to facilitate access for usersauthenticated at identity provider (Central IAM Service).Which approach should an IAM architect implement on Salesforce Sales Cloud to meet the requirements?

Options :

A : A Configure Salesforce as a SAML Service Provider, and enable SCIM (System for Cross-DomainIdentity Management) for provisioning and deprovisioning of users.

B : Configure Salesforce as a SAML service provider, and enable Just-in Time (JIT) provisioning anddeprovisioning of users

C : Configure central IAM Service as an authentication provider and extend registration handler to manageprovisioning and deprovisioning of users.

D : Deploy Identity Connect component and set up automated provisioning and deprovisioning of users, aswell as SAML-based SSO.

Answer: A

Question 3

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-orgSalesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting thatthey can log in to the Identity Provider org but get a generic SAML error message when accessing the otherorgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

Options :

A : The Federation ID must be a valid Salesforce Username

B : The Federation ID must is case sensitive

C : The Federation ID must be in the form of an email address.

D : The Federation ID must be populated on the user record.

Answer: B,D

Question 4

Universal containers (UC) would like to enable self - registration for their salesforce partner community users.UC wants to capture some custom data elements from the partner user, and based on these data elements,wants to assign the appropriate profile and account values. Which two actions should the architect recommendto UC? Choose 2 answers

Options :

A : Modify the communitiesselfregcontroller to assign the profile and account.

B : Modify the selfregistration trigger to assign profile and account.

C : Configure registration for communities to use a custom visualforce page.

D : Configure registration for communities to use a custom apex controller.

Answer: A,C

Question 5

Universal Containers is creating a mobile application that will be secured by Salesforce Identity using theOAuth 2.0 user-agent flow. Application users will authenticate using username and password. They should notbe forced to approve API access in the mobile app or reauthenticate for 3 months.Which two connected app options need to be configured to fulfill this use case?Choose 2 answers

Options :

A : Set Permitted Users to "Admin approved users are pre-authorized".

B : Set Permitted Users to "All users may self-authorize".

C : Set the Session Timeout value to 3 months.

D : Set the Refresh Token Policy to expire refresh token after 3 months.

Answer: B,D

Higher Test Marks with Free Online Plat-Arch-203 Exam Practice

Buying Options: