The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

• A.Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
• B.Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.
• C.Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
• D.Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.

Comment: *

Name: *

Email: *

Verification: *

universal container plans to develop a custom mobile app for the sales team that will use salesforce for authentication and access management. The mobile app access needs to be restricted to only the sales team.
What would be the recommended solution to grant mobile app access to sales users?

• A.Use connected apps Oauth policies to restrict mobile app access to authorized users.
• B.Use the permission set license to assign the mobile app permission to sales users
• C.Use a custom attribute on the user object to control access to the mobile app
• D.Add a new identity provider to authenticate and authorize mobile users.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers is setting up their Customer Community self-registration process. They are uncomfortable with the idea of assigning new users to a default Account record.
What will happen when customers self-register in the Community?

• A.The self-registration process will produce an error to the user.
• B.The self-registration page will ask users to select an Account.
• C.The self-registration page will create a new Account record.
• D.The self-registration process will create a Person Account record.

Comment: *

Name: *

Email: *

Verification: *

Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

• A.Delegated Authentication will not work with rest services.
• B.Delegated Authentication will continue to work with a.net service.
• C.Delegated Authentication will not work with a.net service.
• D.Delegated Authentication will continue to work with rest services.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has implemented SAML-based Single Sign-on for their Salesforce application and is planning to use the Salesforce mobile app. UC wants to ensure that Single Sign-on is used for accessing the Salesforce mobile app.
Which two recommendations should the Architect make? (Choose two.)

• A.Use the existing SAML SSO flow along with Web Server Flow.
• B.Use the existing SAML SSO flow along with User Agent Flow.
• C.Configure the Salesforce App to use the My Domain URL.
• D.Configure the Embedded Web Browser to use My Domain URL.

Comment: *

Name: *

Email: *

Verification: *