Salesforce Certified Platform Identity and Access Management Architect 認定 Plat-Arch-203 試験問題:

1. A financial enterprise is planning to set up a user authentication mechanism to login to the Salesforce system. Due to regulatory requirements, the CIO of the company wants user administration, including passwords and authentication requests, to be managed by an external system that is only accessible via a SOAP webservice.
Which authentication mechanism should an identity architect recommend to meet the requirements?

A) Just-in-Time Provisioning
B) Identity Connect
C) OAuth Web-Server Flow
D) Delegated Authentication

2. Universal Containers (UC) has an e-commerce website where customers can buy products, make payments and manage their accounts. UC decides to build a Customer Community on Salesforce and wants to allow the customers to access the community from their accounts without logging in again. UC decides to implement an SP-initiated SSO using a SAML-compliant Idp. In this scenario where Salesforce is the Service Provider, which two activities must be performed in Salesforce to make SP-initiated SSO work? Choose 2 answers

A) Configure SAML SSO settings.
B) Set up My Domain.
C) Create a Connected App.
D) Configure Delegated Authentication.

3. Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?

A) Add a banner to the community Home page asking users to update their profile and accept the new community rules.
B) Create tasks for users who need to update their data or accept the new community rules.
C) Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
D) Create a custom landing page and email campaign asking all community members to login and verify their data.

4. Northern Trail Outfitters (NTO) wants to give customers the ability to submit and manage issues with their purchases. It is important for NTO to give its customers the ability to login with their Amazon credentials.
What should an identity architect recommend to meet these requirements?

A) Configure a predefined authentication provider for Amazon.
B) Configure an OpenID Connect Authentication Provider for Amazon.
C) Create a custom external authentication provider for Amazon.
D) Configure Amazon as a connected app.

5. How should an Architect force users to authenticate with Two-factor Authentication (2FA) for Salesforce only when not connected to an internal company network?

A) Apply the "Two-factor Authentication for User Interface Logins" permission and Login IP Ranges for all Profiles.
B) Use an Apex Trigger on the UserLogin object to detect the user's IP address and prompt for 2FA if needed.
C) Add the list of company's network IP addresses to the Login Range list under 2FA Setup.
D) Use Custom Login Flows with Apex to detect the user's IP address and prompt for 2FA if needed.

質問と回答：