Sales users at Universal containers use salesforce for Opportunity management. Marketing uses a third-party application called Nest for Lead nurturing that is accessed using username/password. The VP of sales wants to open up access to nest for all sales uses to provide them access to lead history and would like SSO for better adoption. Salesforce is already setup for SSO and uses Delegated Authentication. Nest can accept username/Password or SAML-based Authentication. IT teams have received multiple password-related issues for nest and have decided to set up SSO access for Nest for Marketing users as well. The CIO does not want to invest in a new IDP solution and is considering using Salesforce for this purpose. Which are appropriate license type choices for sales and marketing users, giving salesforce is using Delegated Authentication?
Choose 2 answers

• A.Salesforce license for sales users and platform license for Marketing users.
• B.Identity license for sales users and Identity connect license for Marketing users
• C.Salesforce license for sales users and Identity license for Marketing users
• D.Salesforce license for sales users and External Identity license for Marketing users

Comment: *

Name: *

Email: *

Verification: *

How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when NOT connected to an internal company network?

• A.Add the company's list of network IP addresses to the Login Range list under 2FA Setup.
• B.Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.
• C.Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
• D.Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.

Comment: *

Name: *

Email: *

Verification: *

The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A.Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• B.Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• C.Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• D.Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has an existing Salesforce org configured for SP-Initiated SAML SSO with their Idp. A second Salesforce org is being introduced into the environment and the IT team would like to ensure they can use the same Idp for new org. What action should the IT team take while implementing the second org?

• A.Use the same SAML Identity location as the first org.
• B.Use a different Entity ID than the first org.
• C.Use the same request bindings as the first org.
• D.Use the Salesforce Username as the SAML Identity Type.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) uses Salesforce to allow customers to keep track of the order status. The customers can log in to Salesforce using external authentication providers, such as Facebook and Google. UC is also leveraging the App Launcher to let customers access an of platform application for generating shipping labels.
The label generator application uses OAuth to provide users access. What license type should an Architect recommend for the customers?

• A.Customer Community license
• B.Identity license
• C.External Identity license
• D.Customer Community Plus license

Comment: *

Name: *

Email: *

Verification: *