Identity-and-Access-Management-Architect考古題:最新的Salesforce Identity-and-Access-Management-Architect認證考試題庫NewDumps的專家團隊針對Salesforce Identity-and-Access-Management-Architect 認證考試研究出了最新的短期有效培訓方案,為參加Salesforce Identity-and-Access-Management-Architect 認證考試的考生進行20個小時左右的培訓,他們就能快速掌握很多知識和鞏固自己原有的知識,還能輕鬆通過Salesforce Identity-and-Access-Management-Architect 認證考試,比那些花大量的時間和精力準備考試的人輕鬆得多。 最新的 Identity and Access Management Designer Identity-and-Access-Management-Architect 免費考試真題 (Q37-Q42):問題 #37
Which three different attributes can be used to identify the user in a SAML 65> assertion when Salesforce is acting as a Service Provider? Choose 3 answers
A. Federation ID
B. User Full Name
C. Salesforce Username
D. Salesforce User ID
E. User Email Address
答案:A,C,E
解題說明:
The three differentattributes that can be used to identify the user in a SAML assertion when Salesforce is acting as a Service Provider are Federation ID, User Email Address, and Salesforce Username. According to the Salesforce documentation, "Salesforce supports three attributes for identifying users in a SAML assertion:
Federation ID, User Email Address, and Salesforce Username." Therefore, option A, D, and E are the correct answers.
References: [SAML Assertion Attributes]
問題 #38
How should an identity architect automate provisioning and deprovisioning of users into Salesforce from an external system?
A. Call SOAP API upsertQ on user object.
B. Use Security Assertion Markup Language Just-in-Time (SAML JIT) on incoming SAML assertions.
C. Run registration handler on incoming OAuth responses.
D. Call OpenID Connect (OIDC)-userinfo endpoint with a valid access token.
答案:C
解題說明:
Explanation
To automate provisioning and deprovisioning of users into Salesforce from an external system, the identity architect should run a registration handler on incoming OAuth responses. A registration handler is a class that implements the Auth.RegistrationHandler interface and defines how to create or update users in Salesforce based on the information from an external identity provider. OAuth is a protocol that allows users to authorize an external application to access Salesforce resources on their behalf. By running a registration handler on incoming OAuth responses, the identity architect can automate user provisioning and deprovisioning based on the OAuth attributes. References: Registration Handler, Authorize Apps with OAuth
問題 #39
A web service is developed that allows secure access to customer order status on the Salesforce Platform. The service connects to Salesforce through a connected app with the web server flow. The following are the required actions for the authorization flow:
1. User Authenticates and Authorizes Access
2. Request an Access Token
3. Salesforce Grantsan Access Token
4. Request an Authorization Code
5. Salesforce Grants Authorization Code
What is the correct sequence for the authorization flow?
A. 1, 4, 5, 2, 3
B. 4,5,2, 3, 1
C. 2, 1, 3, 4, 5
D. 4, 1, 5, 2, 3
答案:D
解題說明:
The web server flow is an OAuth2.0 authorization code grant type, which follows this sequence of steps:
* The client app requests an authorization code from Salesforce by redirecting the user to the authorization endpoint.
* The user authenticates and authorizes access to the client app.
* Salesforce grants an authorization code and redirects the user back to the client app.
* The client app requests an access token from Salesforce by sending the authorization code to the token endpoint.
* Salesforce grants an access token and a refresh token tothe client app.
References: OAuth Authorization Flows, Authorize Apps with OAuth
問題 #40
Universal containers wants salesforce inbound Oauth-enabled integration clients to use SAML-BASED single Sign-on for authentication. What Oauth flow would be recommended in this scenario?
A. Web server Oauth flow
B. SAML assertion Oauth flow
C. User-Agent Oauth flow
D. User-Token Oauth flow
答案:B
問題 #41
Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of being shown the IDP login page. What is the likely cause of the issue?
A. The user has not configured the salesforce1 mobile app to use my domain for login
B. The user has not been granted the "Enable single Sign-on" permission
C. The "Redirect to Identity Provider" option has been selected in the my domain configuration.
D. The "Redirect to identity provider" option has not been selected the SAML configuration.