Identity-and-Access-Management-Architect試験の準備方法|真実的なIdentity-and-Access-Management-Architect日本語版復習指南試験|便利なSalesforce Certified Identity and Access Management Architect練習問題生活で他の人が何かやったくれることをいつも要求しないで、私が他の人に何かやってあげられることをよく考えるべきです。職場でも同じです。ボスに偉大な価値を創造してあげたら、ボスは無論あなたをヘアします。これに反して、あなたがずっと普通な職員だったら、遅かれ早かれ解雇されます。ですから、IT認定試験に受かって、自分の能力を高めるべきです。 GoShikenのSalesforceのIdentity-and-Access-Management-Architect「Salesforce Certified Identity and Access Management Architect」試験問題集はあなたが成功へのショートカットを与えます。IT 職員はほとんど行動しましたから、あなたはまだ何を待っているのですか。ためらわずにGoShikenのSalesforceのIdentity-and-Access-Management-Architect試験トレーニング資料を購入しましょう。 Salesforce Certified Identity and Access Management Architect 認定 Identity-and-Access-Management-Architect 試験問題 (Q43-Q48):質問 # 43
Refer to the exhibit.
Outfitters (NTO) is using Experience Cloud as an Identity for its application on Heroku. The application on Heroku should be able to handle two brands, Northern Trail Shoes and Northern Trail Shirts.
A user should select either of the two brands in Heroku before logging into the community. The app then performs Authorization using OAuth2.0 with the Salesforce Experience Cloud site.
NTO wants to make sure it renders login page images dynamically based on the user's brand preference selected in Heroku before Authorization.
what should an identity architect do to fulfill the above requirements?
A. For each brand create different communities and redirect users to the appropriate community using a custom Login controller written in Apex.
B. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authonze/expid_value.
C. Create multiple login screens using Experience Builder and use Login Flows at runtime to route to different login screens.
D. Authorize third-party service by sending authorization requests to the community-url/services/oauth2/authorize/cookie_value.
正解:B
質問 # 44
Universal Containers (UC) is implementing Salesforce and would like to establish SAML SSO for its users to log in. UC stores its corporate user identities in a Custom Database. The UC IT Manager has heard good things about Salesforce Identity Connect as an Idp, and would like to understand what limitations they may face if they decided to use Identity Connect in their current environment. What limitation Should an Architect inform the IT Manager about?
A. Identity Connect will only support SP-initiated SAML flows in UC's current environment.
B. Identity Connect will not support user provisioning in UC's current environment.
C. Identity Connect will only support Idp-initiated SAML flows in UC's current environment.
D. Identity connect is not compatible with UC's current identity environment.
正解:B
解説:
Explanation
Identity Connect will not support user provisioning in UC's current environment. Identity Connect is a tool that synchronizes user data between Active Directory and Salesforce, but it does not work with other identity sources such as a Custom Database5. Therefore, if UC wants to use Identity Connect as an Idp, they will not be able to provision users from their Custom Database to Salesforce.
Options B, C, and D are incorrect because Identity Connect does not have any limitations on the type of SAML flow or the compatibility with UC's current identity environment. Identity Connect supports both Idp-initiated and SP-initiated SAML flows6, and it can act as an Idp for any external service provider that supports SAML 2.07.
References: 5: Identity Connect - Salesforce 6: SAML SSO Flows - Salesforce 7: Salesforce Connect:
Integration, Benefits, and Limitations
質問 # 45
Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?
A. Add the web application as a ConnectedApp using OAuth User-Agent flow.
B. Create a Canvas app and use Signed Requests to authenticate the users.
C. Rewrite the web application as a set of Visualforce pages and Apex code.
D. Configure the web application as an item in the Salesforce App Launcher.
正解:B
解説:
Explanation
A Canvas app is a web application that can be embedded within Salesforce and access Salesforce data using the signed request authentication method. This method allows the Canvas app to receive a signed request that contains the context and OAuth token when it is loaded. The Canvas app can use the SDK to request a new or refreshed signed request on demand2. This way, the users do not need to re-authenticate when accessing the web application from Salesforce. References: Requesting a Signed Request, SAML Single Sign-On for Canvas Apps, Mastering Salesforce Canvas Apps
質問 # 46
A company's external applicationis protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?
A. Leverage external objects and data classification policies.
B. Define a permission set that grants access to the app and assign to authorized users.
C. Select "Admin approved users arepre-authorized" and assign specific profiles.
D. Create custom scopes and assign to the connected app.
正解:D
解説:
To limit the level of access to the data of the protected resource in a flexible way, the identity architect should create custom scopes and assign them to the connected app. Custom scopes are permissions that define the specific data that an external application can access or modify in Salesforce. Custom scopes can be created using Apex or Metadata API and assigned to a connected app using OAuth 2.0 or SAML protocols. Custom scopes can provide more granular control over data access than standard scopes, which are predefined by Salesforce. References: Custom Scopes, Create and Assign Custom Scopes
質問 # 47
A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers
A. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
B. The subject element is missing from the assertion sent to salesforce.
C. The certificate loaded into SSO configuration does not match the certificate used by the IdP.
D. The assertion sent to 5alesforce contains an assertion ID previously used.
正解:A、D
解説:
Explanation
A SAML SSO 'Replay Detected and Assertion Invalid' error occurs when Salesforce detects that the same assertion has been used more than once within the validity period. This can happen if the assertion ID is reused by the IdP or if the assertion is resent by the user. Another possible cause is that the time settings of the IdP and Salesforce are not synchronized, which can result in an assertion being valid for a shorter or longer period than expected. References: SAML Single Sign-On Settings, Troubleshoot SAML Single Sign-On
