- Email support@dumps4free.com
Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?
A. Use the same SAML Identity location as the first org.
B. Use a different Entity ID than the first org.
C. Use the same request bindings as the firstorg.
D. Use the Salesforce Username as the SAML Identity Type.
Explanation:
The Entity ID is a unique identifier for a service provider or an identity provider in SAML SSO. It is used to differentiate between different service providers or identity providersthat may share the same issuer orlogin URL. In Salesforce, the Entity ID is automatically generated based on the organization ID and can be viewed in the Single Sign-On Settings page1. If youhave a custom domain set up, you can use https:// [customDomain].my.salesforce.com as the Entity ID2. If you want to use the same IdP for two Salesforce orgs, you need to use different Entity IDs for each org, otherwise the IdP will not be able to distinguish them and may send incorrect assertions. You can also use different certificates, issuers, or login URLs for each org, but usingdifferent Entity IDs is the simplest and recommended way3.
Containers (UC) uses an internal system for recruiting and would like to have thecandidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows shouldbe considered to meet the requirement? Choose 2 answers
A. JWT Bearer Token flow
B. Refresh Token flow
C. SAML Bearer Assertion flow
D. Web Service flow
Explanation:
JWT Bearer Token flow and SAML Bearer Assertion flow are two OAuth flows that can be usedto authenticate to Salesforce using digital certificates. JWT Bearer Token flow allows a connected app to request an access token from Salesforce by using a JSON Web Token (JWT) that is signed with a digital certificate. SAML Bearer Assertion flow allowsa connected app to request an access token from Salesforce by using a SAML assertion that is signed with a digital certificate. These two flows can meet therequirement of UC to use OAuth and digital certificates to connect to Salesforce from the recruiting system.
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data Warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is Secure. What Certificate is sent along with the Outbound Message?
A. The CA-SignedCertificate from the Certificate and Key Management menu.
B. The default Client Certificate from the Develop--> API Menu.
C. The default Client Certificate or a Certificate from Certificate and Key Management menu.
D. The Self-Signed Certificates from theCertificate & Key Management menu.
Explanation:
The CA-Signed Certificate from the Certificate and Key Management menu is the certificate that is sent along with the outbound message. An outbound message is a SOAP message that is sent from Salesforce to an external endpoint when a workflow rule or approval process is triggered. To ensure that the communication between Salesforce and the target system is secure, the outbound message can be signed with a certificate that is generated or uploaded in the Certificate and Key Management menu. The certificate must be CA-Signed, which means that it is issued by a trusted certificate authority (CA) that verifies the identity of the sender. The other options are not valid certificates for this purpose.
The default client certificate from the Develop–> API Menu is a self-signed certificate that is used for testing purposes only and does not provide adequate security. The default client certificate or a certificate from Certificate and Key Management menu is too vague anddoes not specify whether the certificate is CA-Signed or self-signed. The self-signed certificates from the Certificate & Key Management menu are certificates that are generated by Salesforce without any verification by a CA, and they are not recommended for production use.
References: [Outbound Messages], [Sign Outbound Messages with a Certificate], [CA-Signed Certificates], [Default Client Certificate], [Self-Signed Certificates]
Universal Containers allows employees to use a mobile device to access Salesforce for daily operations using a hybrid mobile app. This app uses Mobile software development kits (SDK), leverages refresh token to regenerate access token when required and is distributed as a private app.
The chief security officer is rolling out an org wide compliance policy to enforcere-verification of devices if an employee has not logged in from that device in the last week.
Which connected app setting should be leveraged to comply with this policy change?
A. Scope - Deny refresh_token scope for this connected app.
B. Refresh Token Policy - Expire the refresh token if it has not been used for 7 days.
C. Session Policy - Set timeout value of the connected app to 7 days.
D. Permitted User - Ask admins to maintain a list of users who are permitted based on last login date.
Explanation:
Refresh Token Policy - Expire the refresh token if it has not been used for 7 days is the connected app setting that should be leveraged to comply with the policy change. This setting ensures that users have to re-verify their devices if they have not loggedin from that device in the last week. The other settings are either not relevant or not effective for this scenario. References: Connected App Basics, OAuth 2.0 Refresh Token Flow
Universal Containers (UC) has an Experience Cloud site (Customer Community) where customers can authenticate andplace orders, view the status of orders, etc. UC allows guest checkout. Mow can a guest register using data previously collected during order placement?
A. Enable Security Assertion Markup Language Sign-On and use a login flow to collect only order detailsto retrieve customer data.
B. Enable Facebook as an authentication provider and use a registration handler to collect only order details to retrieve customer data.
C. Use a Connected App Handler Apex Plugin class to collect only order details to retrievecustomer data.
D. Enable self-registration and customize a self-registration page to collect only order details to retrieve customer data.
Explanation:
Self-registration allows guests to create their own user accounts and access the community. The self-registration page can be customized to collect order details and use them to retrieve customer data from the org.
References: Customize Self-Registration
| Page 3 out of 51 Pages |
| Previous |