Northern Trail Outfitters (NTO) is planning to build a new customer service portal and wants to use passwordless login, allowing customers to login with a one-time passcode sent to them via email or SMS.
How should the quantity of required Identity Verification Credits be estimated?

• A.Identity Verification Credits are consumed with each SMS (text message) sent and should be estimated based on the number of login verification challenges for SMS verification users.
• B.Each community comes with 10,000 Identity Verification Credits per month and only customers with more than 10,000 logins a month should estimate additional SMS verifications needed.
• C.Identity Verification Credits are consumed with each verification sent and should be estimated based on the number of logins that will incur a verification challenge.
• D.Identity Verification Credits are a direct add-on license based on the number of existing member-based or login-based Community licenses.

Comment: *

Name: *

Email: *

Verification: *

IT security at Unversal Containers (UC) us concerned about recent phishing scams targeting its users and wants to add additional layers of login protection. What should an Architect recommend to address the issue?

• A.Implement Single Sign-on using a corporate Identity store.
• B.Lock sessions to the IP address from which they originated.
• C.Use the Salesforce Authenticator mobile app with two-step verification
• D.Increase Password complexity requirements in Salesforce.

Comment: *

Name: *

Email: *

Verification: *

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.
Which two issues would cause these errors?
Choose 2 answers

• A.The certificate loaded into SSO configuration does not match the certificate used by the IdP.
• B.The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.
• C.The subject element is missing from the assertion sent to salesforce.
• D.The assertion sent to 5alesforce contains an assertion ID previously used.

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

• A.The Federation ID must be in the form of an email address.
• B.The Federation ID must be populated on the user record.
• C.The Federation ID must be a valid Salesforce Username
• D.The Federation ID must is case sensitive

Comment: *

Name: *

Email: *

Verification: *

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

• A.Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.
• B.Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.
• C.Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.
• D.Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

Comment: *

Name: *

Email: *

Verification: *