Salesforce Certified Platform Identity and Access Management Architect Plat-Arch-203 Prüfungsfragen mit Lösungen:

1. Universal containers(UC) has decided to build a new, highly sensitive application on Force.com platform. The security team at UC has decided that they want users to provide a fingerprint in addition to username/Password to authenticate to this application. How can an architect support fingerprints as a form of identification for salesforce Authentication?

A) Use Delegated Authentication with callouts to a third-party fingerprint scanning application.
B) Use an appexchange product that does fingerprint scanning with native salesforce identity confirmation.
C) Use custom login flows with callouts to a third-party fingerprint scanning application.
D) Use salesforce Two-factor Authentication with callouts to a third-party fingerprint scanning application.

2. A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.
Which two considerations should the architect keep in mind?
Choose 2 answers

A) Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.
B) AMR field shows the authentication methods used at IdP.
C) High-assurance sessions must be configured under Session Security Level Policies.
D) Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

3. Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?

A) Add a banner to the community Home page asking users to update their profile and accept the new community rules.
B) Create a custom landing page and email campaign asking all community members to login and verify their data.
C) Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
D) Create tasks for users who need to update their data or accept the new community rules.

4. Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

A) Web Service flow
B) Refresh Token flow
C) JWT Bearer Token flow
D) SAML Bearer Assertion flow

5. Which two are valid choices for digital certificates when setting up two-way SSL between Salesforce and an external system. Choose 2 answers

A) Use a self-signed certificate for salesforce and a self-signed cert for the external system
B) Use a trusted CA-signed certificate for salesforce and a trusted CA-signed cert for the external system
C) Use a trusted CA-signed certificate for salesforce and a self-signed cert for the external system
D) Use a self-signed certificate for salesforce and a trusted CA-signed cert for the external system

Fragen und Antworten: