01. A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in. What should be used to fulfill this requirement?
a) Use the Activations feature to meet the compliance requirement to track device information.
b) Use the Login History object to track information about devices from which users log in.
c) Use Login Flows to capture device from which users log in and store device and user information in a custom object.
d) Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.
02. Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider?
Choose 3 answers
a) Federation ID
b) Salesforce User ID
c) User Full Name
d) User Email Address
e) Salesforce Username
03. How should an Architect automatically redirect users to the login page of the external Identity provider when using an SP-Initiated SAML flow with Salesforce as a Service Provider?
a) Use visualforce as the landing page for My Domain to redirect users to the Identity Provider login Page.
b) Enable the Redirect to the Identity Provider setting under Authentication Services on the My domain Configuration.
c) Remove the Login page from the list of Authentication Services on the My Domain configuration.
d) Set the Identity Provider as default and enable the Redirect to the Identity Provider setting on the SAML Configuration.
04. What are three capabilities of Delegated Authentication?
Choose 3 answers
a) It can be assigned by Custom Permissions.
b) It can connect to SOAP services.
c) It can be assigned by Permission Sets.
d) It can be assigned by Profiles.
e) It can connect to REST services.
05. Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.
Which two recommendations should an identity architect make to fulfill this requirement?
Choose 2 answers
a) Add customers as contacts and add them to Experience Cloud site.
b) Enable Welcome emails while configuring the Experience Cloud site.
c) Allow Password reset using the API to update Experience Cloud site membership.
d) Use Login Flows to allow users to reset password in Experience Cloud site.
06. Customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record.
What item should an architect advise the identity team at UC to investigate first?
a) My domain is configured and active within salesforce.
b) The salesforce SSO settings are using http post
c) The identity provider is correctly preserving the Relay state
d) The users have the correct Federation ID within salesforce.
07. Under which scenario Web Server flow will be used?
a) Used for web applications when server-side code needs to interact with APIS.
b) Used for server-side components when page needs to be rendered.
c) Used for mobile applications and testing legacy Integrations.
d) Used for verifying Access protected resources.
08. A client is planning to rollout multi-factor authentication (MFA) to its internal employees and wants to understand which authentication and verification methods meet the Salesforce criteria for secure authentication. Which three functions meet the Salesforce criteria for secure mfa?
Choose 3 answers
a) username and password + SMS passcode
b) Username and password + secunty key
c) Third-party single sign-on with Mobile Authenticator app
d) Certificate-based Authentication
e) Lightning Login
09. When designing a multi-branded Customer Identity and Access Management solution on the Salesforce Platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?
a) Provide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.
b) The Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.
c) Add a custom parameter to the service provider's OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.
d) The Audience ID, which can be set in a shared cookie.
10. In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?
a) Use of self-signed certificate leads to lower maintenance for trusted party because multiple selfsigned certs need to be maintained.
b) Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA.
c) Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.
d) Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.