NEW QUESTION 1
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
• B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
• D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Answer: AB

NEW QUESTION 2
Universal Containers (UC) is considering a Customer 360 initiative to gain a single source of the truth for its customer data across disparate systems and services. UC wants to understand the primary benefits of Customer 360 Identity and how it contributes ato successful Customer 360 Truth project.
What are two are key benefits of Customer 360 Identity as it relates to Customer 360? Choose 2 answers

• A. Customer 360 Identity automatically integrates with Customer 360 Data Manager and Customer 360 Audiences to seamlessly populate all user data.
• B. Customer 360 Identity enables an organization to build a single login for each of its customers, giving the organization anunderstanding of the user's login activity across all its digital properties and applications.
• C. Customer 360 Identity supports multiple brands so you can deliver centralized identity services and correlation of user activity,even if it spans multiple corporate brands and user experiences.
• D. Customer 360 Identity not only provides a unified sign up and sign in experience, but also tracks anonymous user activity prior to signing up so organizations can understand user activity before and after the users identify themselves.

Answer: BC

NEW QUESTION 3
Universal Containers (UC) is building a customer community and will allow customers to authenticate using Facebook credentials. The First time the user authenticating using facebook, UC would like a customer account created automatically in their Accounting system. The accounting system has a web service accessible to Salesforce for the creation of accounts. How can the Architect meet these requirements?

• A. Create a custom application on Heroku that manages the sign-on process from Facebook.
• B. Use JIT Provisioning to automatically create the account in the accounting system.
• C. Add an Apex callout in the registration handler of the authorization provider.
• D. Use OAuth JWT flow to pass the data from Salesforce to the Accounting System.

Answer: C

NEW QUESTION 4
What item should an Architect consider when designing a Delegated Authentication implementation?

• A. The Web service should be secured with TLS using Salesforce trusted certificates.
• B. The Web service should be able to accept one to four input method parameters.
• C. The web service should use the Salesforce Federation ID to identify the user.
• D. The Web service should implement a custom password decryption method.

Answer: A

NEW QUESTION 5
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?

• A. The CA-Signed Certificate from the Certificate and Key Management menu.
• B. The default Client Certificate from the Develop--> API Menu.
• C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
• D. The Self-Signed Certificates from the Certificate & Key Management menu.

Answer: B

NEW QUESTION 6
Which two roles of the systems are involved in an environment where salesforce users are enabled to access Google Apps from within salesforce through App launcher and connected App set up? Choose 2 answers

• A. Google is the identity provider
• B. Salesforce is the identity provider
• C. Google is the service provider
• D. Salesforce is the service provider

Answer: D

NEW QUESTION 7
Northern Trail Outfitters (NTO) uses a Security Assertion Markup Language (SAML)-based Identity Provider (idP) to authenticate employees to all systems. The IdP authenticates users against a Lightweight Directory Access Protocol (LDAP) directory and has access to user information. NTO wants to minimize Salesforce license usage since only a small percentage of users need Salesforce.
What is recommended to ensure new employees have immediate access to Salesforce using their current IdP?

• A. Install Salesforce Identity Connect to automatically provision new users in Salesforce the first time they attempt to login.
• B. Build an integration that queries LDAP periodically and creates new active users in Salesforce.
• C. Configure Just-in-Time provisioning using SAML attributes to create new Salesforce users as necessary when a new user attempts to login to Salesforce.
• D. Build an integration that queries LDAP and creates new inactive users in Salesforce and use a login flow to activate the user atfirst login.

Answer: C

NEW QUESTION 8
Northern Trail Outfitters (NTO) has an existing custom business-to-consumer (B2C) website that does NOT support single sign-on standards, such as Security Assertion Markup Language (SAMi) or OAuth. NTO wants to use Salesforce Identity to register and authenticate new customers on the website.
Which two Salesforce features should an identity architect use in order to provide username/password authentication for the website?
Choose 2 answers

• A. Identity Connect
• B. Delegated Authentication
• C. Connected Apps
• D. Embedded Login

Answer: BD

NEW QUESTION 9
Which three types of attacks would a 2-Factor Authentication solution help garden against?

• A. Key logging attacks
• B. Network perimeter attacks
• C. Phishing attacks
• D. Dictionary attacks
• E. Man-in-the-middle attacks

Answer: ABD

NEW QUESTION 10
Universal containers wants to set up SSO for a selected group of users to access external applications from salesforce through App launcher. Which three steps must be completed in salesforce to accomplish the goal?

• A. Associate user profiles with the connected Apps.
• B. Complete my domain and Identity provider setup.
• C. Create connected apps for the external applications.
• D. Complete single Sign-on settings in security controls.
• E. Create named credentials for each external system.

Answer: ABC

NEW QUESTION 11
An Architect has configured a SAML-based SSO integration between Salesforce and an external Identity provider and is ready to test it. When the Architect attempts to log in to Salesforce using SSO, the Architect receives a SAML error. Which two optimal actions should the Architect take to troubleshoot the issue?

• A. Ensure the Callback URL is correctly set in the Connected Apps settings.
• B. Use a browser that has an add-on/extension that can inspect SAML.
• C. Paste the SAML Assertion Validator in Salesforce.
• D. Use the browser's Development tools to view the Salesforce page's markup.

Answer: BC

NEW QUESTION 12
After a recent audit, universal containers was advised to implement Two-factor Authentication for all of their critical systems, including salesforce. Which two actions should UC consider to meet this requirement? Choose 2 answers

• A. Require users to provide their RSA token along with their credentials.
• B. Require users to supply their email and phone number, which gets validated.
• C. Require users to enter a second password after the first Authentication
• D. Require users to use a biometric reader as well as their password

Answer: AD

NEW QUESTION 13
Uwversal Containers (UC) is building a custom employee hut) application on Amazon Web Services (AWS) and would like to store their users' credentials there. Users will also need access to Salesforce for internal operations. UC has tasked an identity architect with evaluating Afferent solutions for authentication and authorization between AWS and Salesforce.
How should an identity architect configure AWS to authenticate and authorize Salesforce users?

• A. Configure the custom employee app as a connected app.
• B. Configure AWS as an OpenID Connect Provider.
• C. Create a custom external authentication provider.
• D. Develop a custom Auth server in AWS.

Answer: B

NEW QUESTION 14
Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for to give its customers the ability to login with their Facebook and Twitter credentials.
Which two actions should an identity architect recommend to meet these requirements? Choose 2 answers

• A. Create a custom external authentication provider for Facebook.
• B. Configure a predefined authentication provider for Facebook.
• C. Create a custom external authentication provider for Twitter.
• D. Configure a predefined authentication provider for Twitter.

Answer: BD

NEW QUESTION 15
Universal Container's (UC) is using Salesforce Experience Cloud site for its container wholesale business. The identity architect wants to an authentication provider for the new site.
Which two options should be utilized in creating an authentication provider? Choose 2 answers

• A. A custom registration handier can be set.
• B. A custom error URL can be set.
• C. The default login user can be set.
• D. The default authentication provider certificate can be set.

Answer: AB

NEW QUESTION 16
Universal containers (UC) does my domain enable in the context of a SAML SSO configuration? Choose 2 answers

• A. Resource deep linking
• B. App launcher
• C. SSO from salesforce1 mobile app.
• D. Login forensics

Answer: AC

NEW QUESTION 17
Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

• A. The web service needs to include Source IP as a method parameter.
• B. UC should whitelist all salesforce ip ranges on their corporate firewall.
• C. The web service can be written using either the soap or rest protocol.
• D. Delegated Authentication is enabled for the system administrator profile.
• E. The return type of the Web service method should be a Boolean value

Answer: ABE

NEW QUESTION 18
......