NEW QUESTION 1
In a typical SSL setup involving a trusted party and trusting party, what consideration should an Architect take into account when using digital certificates?

• A. Use of self-signed certificate leads to lower maintenance for trusted party because multiple self-signed certs need to be maintained.
• B. Use of self-signed certificate leads to higher maintenance for trusted party because they have to act as the trusted CA
• C. Use of self-signed certificate leads to lower maintenance for trusting party because there is no trusted CA cert to maintain.
• D. Use of self-signed certificate leads to higher maintenance for trusting party because the cert needs to be added to their truststore.

Answer: C

NEW QUESTION 2
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?

• A. The Self-signed Certificates from the Certificate & Key Management menu.
• B. The default client Certificate from the Develop--> API menu.
• C. The default client Certificate or the Certificate and Key Management menu.
• D. The CA-signed Certificate from the Certificate and Key Management Menu.

Answer: B

NEW QUESTION 3
The CIO of universal containers(UC) wants to start taking advantage of the refresh token capability for the UC applications that utilize Oauth 2.0. UC has listed an architect to analyze all of the applications that use Oauth flows to. See where refresh Tokens can be applied. Which two OAuth flows should the architect consider in their evaluation? Choose 2 answers

• A. Web server
• B. Jwt bearer token
• C. User-Agent
• D. Username-password

Answer: AC

NEW QUESTION 4
Universal Containers (UC) would like its community users to be able to register and log in with Linkedin or Facebook Credentials. UC wants users to clearly see Facebook &Linkedin Icons when they register and login. What are the two recommended actions UC can take to achieve this Functionality? Choose 2 answers

• A. Enable Facebook and Linkedin as Login options in the login section of the Community configuration.
• B. Create custom Registration Handlers to link Linkedin and facebook accounts to user records.
• C. Store the Linkedin or Facebook user IDs in the Federation ID field on the Salesforce User record.
• D. Create custom buttons for Facebook and inkedin using JAVAscript/CSS on a custom Visualforce page.

Answer: AB

NEW QUESTION 5
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers

• A. Federation ID
• B. Salesforce User ID
• C. User Full Name
• D. User Email Address
• E. Salesforce Username

Answer: ACD

NEW QUESTION 6
Universal Containers (UC) wants to use Salesforce for sales orders and a legacy of system for order fulfillment. The legacy system must update the status of orders in 65* Salesforce in real time as they are fulfilled. UC decides to use OAuth for connecting the legacy system to Salesforce. What OAuth flow should be considered that doesn't require storing credentials, client secret or refresh tokens?

• A. Web Server flow
• B. JWT Bearer Token flow
• C. Username-Password flow
• D. User Agent flow

Answer: B

NEW QUESTION 7
Which two security risks can be mitigated by enabling Two-Factor Authentication (2FA) in Salesforce? Choose 2 answers

• A. Users leaving laptops unattended and not logging out of Salesforce.
• B. Users accessing Salesforce from a public Wi-Fi access point.
• C. Users choosing passwords that are the same as their Facebook password.
• D. Users creating simple-to-guess password reset questions.

Answer: BC

NEW QUESTION 8
Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

• A. Web server Oauth SSO flow.
• B. Identity-provider-initiated SSO
• C. Service-provider-initiated SSO
• D. Start URL on identity provider

Answer: C

NEW QUESTION 9
Universal containers (UC) has built a custom based Two-factor Authentication (2fa) system for their existing on-premise applications. Thru are now implementing salesforce and would like to enable a Two-factor login process for it, as well. What is the recommended solution an architect should consider?

• A. Replace the custom 2fa system with salesforce 2fa for on-premise application and salesforce.
• B. Use the custom 2fa system for on-premise applications and native 2fa for salesforce.
• C. Replace the custom 2fa system with an app exchange app that supports on-premise applications and salesforce.
• D. Use custom login flows to connect to the existing custom 2fa system for use in salesforce.

Answer: D

NEW QUESTION 10
How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

• A. Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
• B. Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
• C. Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
• D. Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.

Answer: A

NEW QUESTION 11
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers

• A. The Identity Provider can authenticate multiple applications.
• B. The Identity Provider can authenticate multiple social media accounts.
• C. The Identity provider can store credentials for multiple applications.
• D. The Identity Provider can centralize enterprise password policy.

Answer: AD

NEW QUESTION 12
An architect has successfully configured SAML-BASED SSO for universal containers. SSO has been working for 3 months when Universal containers manually adds a batch of new users to salesforce. The new users receive an error from salesforce when trying to use SSO. Existing users are still able to successfully use SSO to access salesforce. What is the probable cause of this behaviour?

• A. The administrator forgot to reset the new user's salesforce password.
• B. The Federation ID field on the new user records is not correctly set
• C. The my domain capability is not enabled on the new user's profile.
• D. The new users do not have the SSO permission enabled on their profiles.

Answer: B

NEW QUESTION 13
Universal containers (UC) employees have salesforce access from restricted ip ranges only, to protect against unauthorised access. UC wants to rollout the salesforce1 mobile app and make it accessible from any location. Which two options should an architect recommend? Choose 2 answers

• A. Relax the ip restriction in the connect app settings for the salesforce1 mobile app
• B. Use login flow to bypass ip range restriction for the mobile app.
• C. Relax the ip restriction with a second factor in the connect app settings for salesforce1 mobile app
• D. Remove existing restrictions on ip ranges for all types of user access.

Answer: AB

NEW QUESTION 14
An architect needs to advise the team that manages the identity provider how to differentiate salesforce from other service providers. What SAML SSO setting in salesforce provides this capability?

• A. Entity id
• B. Issuer
• C. Identity provider login URL
• D. SAML identity location

Answer: A

NEW QUESTION 15
Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.
How should a partner identity be provisioned in Salesforce for this solution?

• A. Create only a contact.
• B. Create a contactless user.
• C. Create a user and a related contact.
• D. Create a person account.

Answer: C

NEW QUESTION 16
......