Salesforce Certified Platform Identity and Access Management Architect 認定 Plat-Arch-203 試験問題:

1. A company with 15,000 employees is using Salesforce and would like to take the necessary steps to highlight or curb fraudulent activity.
Which tool should be used to track login data, such as the average number of logins, who logged in more than the average number of times and who logged in during non-business hours?

A) Login Inspector
B) Login History
C) Login Report
D) Login Forensics

2. Which three types of attacks would a 2-Factor Authentication solution help garden against?

A) Network perimeter attacks
B) Dictionary attacks
C) Man-in-the-middle attacks
D) Phishing attacks
E) Key logging attacks

3. Users logging into Salesforce are frequently prompted to verify their identity.
The identity architect is required to provide recommendations so that frequency of prompt verification can be reduced.
What should the identity architect recommend to meet the requirement?

A) Implement multi-factor authentication for the Salesforce org.
B) Implement an single sign-on for Salesforce using an external identity provider.
C) Set trusted IP ranges for the organization.
D) Implement 2FA authentication for the Salesforce org.

4. When designing a multi-branded Customer Identity and Access Management solution on the Salesforce Platform, how should an identity architect ensure a specific brand experience in Salesforce is presented?

A) The Audience ID, which can be set in a shared cookie.
B) Add a custom parameter to the service provider's OAuth/SAML call and implement logic on its login page to apply branding based on the parameters value.
C) The Experience ID, which can be included in OAuth/Open ID flows and Security Assertion Markup Language (SAML) flows as a URL parameter.
D) Provide a brand picker that the end user can use to select its sub-brand when they arrive on salesforce.

5. Universal Containers (UC) has a strict requirement to authenticate users to Salesforce using their mainframe credentials. The mainframe user store cannot be accessed from a SAML provider. UC would also like to have users in Salesforce created on the fly if they provide accurate mainframe credentials.
How can the Architect meet these requirements?

A) Use a Salesforce Login Flow to call out to a web service and create the user on the fly.
B) Implement Just-In-Time Provisioning on the mainframe to create the user on the fly.
C) Implement OAuth User-Agent Flow on the mainframe; use a Registration Handler to create the user on the fly.
D) Use the SOAP API to create the user when created on the mainframe; implement Delegated Authentication.

質問と回答：