Question 1

Northern Trail Outfitters is implementing a busmess-to-business (B2B) collaboration site using Salesforce

Experience Cloud. The partners will authenticate with an existing identity provider and the solution will utilize

Security Assertion Markup Language (SAML) to provide single sign-on to Salesforce. Delegated

administration will be used in the Expenence Cloud site to allow the partners to administer their users' access.

How should a partner identity be provisioned in Salesforce for this solution?

Options :

A : Create only a contact.

B : Create a contactless user.

C : Create a user and a related contact.

D : Create a person account.

Answer: C

Question 2

Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like

to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to

achieve the goal?

Options :

A :

Access Tokens

B :

Mobile pins

C : Refresh Tokens

D : Scopes

Answer: D

Question 3

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API.

Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes

should UC configure in the connected App? Choose 2 answers

Options :

A :

Refresh token

B : API

C : full

D : Web

Answer: A,B

Question 4

A large consumer company is planning to create a community and will requ.re login through the customers

social identity. The following requirements must be met:

1. The customer should be able to login with any of their social identities, however salesforce should only

have one user per customer.

2. Once the customer has been identified with a social identity, they should not be required to authonze

Salesforce.

3. The customers personal details from the social sign on need to be captured when the customer logs into

Salesforce using their social Identity.

3. If the customer modifies their personal details in the social site, the changes should be updated in Salesforce

.

Which two options allow the Identity Architect to fulfill the requirements?

Choose 2 answers

Options :

A :

Use Login Flows to call an authentication registration handler to provision the user before logging the

user into the community.

B :

Use authentication providers for social sign-on and use the custom registration handler to insert or

update personal details.

C : Redirect the user to a custom page that allows the user to select an existing social identity for login

D : Use the custom registration handler to link social identities to Salesforce identities.

Answer: B,D

Question 5

Northern Trail Outfitters (NTO) has an off-boarding process where a terminated employee is first disabled in

the Lightweight Directory Act Protocol (LDAP) directory, then requests are sent to the various application

support teams to finish user deactivations. A terminated employee recently was able to login to NTO's

Salesforce instance 24 hours after termination, even though the user was disabled in the corporate LDAP

directory.

What should an identity architect recommend to prevent this from happening in the future?

Options :

A : Create a Just-in-Time provisioning registration handler to ensure users are deactivated in Salesforce as they are disabled in LDAP.

B : Configure an authentication provider to delegate authentication to the LDAP directory.

C : use a login flow to make a callout to the LDAP directory before authenticating the user to Salesforce.

D : Setup an identity provider (IdP) to authenticate users using LDAP, set up single sign-on to Salesforce and disable Login Form authentication.

Answer: B