Quiz Summary
0 of 60 Questions completed
Questions:
Information
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading…
You must sign in or sign up to start the quiz.
You must first complete the following:
Results
Results
0 of 60 Questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 point(s), (0)
Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)
Average score |
|
Your score |
|
Categories
- Accepting Third-Party Identity in Salesforce 0%
- Access Management Best Practices 0%
- Community (Partner and Customer) 0%
- Identity Management Concepts 0%
- Salesforce as an Identity Provider 0%
- Salesforce Identity 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- Current
- Review
- Answered
- Correct
- Incorrect
-
Question 1 of 60
1. Question
CloudVista Solutions wants to implement a single sign-on solution leveraging Okta so that internal employees can use a single application for login. All the employees will log in to Okta and then will log in to Salesforce which will reside as a shortcut in the Okta application.
What role does Okta play in this scenario?
CorrectIncorrect -
Question 2 of 60
2. Question
CloudVista Solutions has planned to implement a single sign-on solution with different applications, including their Salesforce org. The IT team wants to leverage Microsoft Azure for authentications. They require all users to log in to the Microsoft Azure portal one time and click a browser shortcut, which would then log the users automatically in Salesforce.
In the above scenario, what role does Salesforce play?
CorrectIncorrect -
Question 3 of 60
3. Question
As a consumer, you recently set up an account with a bank, and you are trying to set up a bank account online. As part of the setup process, the bank is asking for your mobile phone number to send you a code. Once you enter the code, the bank web application lets you log in successfully.
What feature of identity management does your mobile phone provide as a service?
CorrectIncorrect -
Question 4 of 60
4. Question
A Salesforce Administrator created a connected app for a custom web application in Salesforce, which needs to be visible as a tile in App Launcher. The tile for the custom web application is missing in the App Launcher for all users in Salesforce. The Administrator has requested your assistance as the Identity Architect to resolve the issue.
Which reasons are the source of the issue? (Choose 2)
CorrectIncorrect -
Question 5 of 60
5. Question
What is an identity provider? (Choose 3)
CorrectIncorrect -
Question 6 of 60
6. Question
You have been contacted by your CIO to configure single sign-on in your org.
As an admin, who is the issuer when you configure SAML single sign-on for your Salesforce org?
CorrectIncorrect -
Question 7 of 60
7. Question
When you configure SAML single sign-on setting in your Salesforce org, what is the entity ID?
CorrectIncorrect -
Question 8 of 60
8. Question
As a security architect, your CIO has tasked you to configure SSO settings in your Salesforce org using an external third-party provider.
When you configure a third-party identity provider as a single sign-on org, what are the key components you would start capturing? (Choose 4)
CorrectIncorrect -
Question 9 of 60
9. Question
TRUE or FALSE: When configuring single sign-on, we can turn on SSO for individual users.
CorrectIncorrect -
Question 10 of 60
10. Question
CloudVista Solutions LDAP system stores user credentials as a numeric employee number. As a salesforce admin, you have been asked by your security team to leverage delegated authentication to the LDAP store as a preferred way for authenticating the users.
What additional steps are required for using delegated authentication? (Choose 2)
CorrectIncorrect -
Question 11 of 60
11. Question
What is the maximum time for OpenID Connect tokens to be valid during a session?
CorrectIncorrect -
Question 12 of 60
12. Question
CloudVista Solutions has multiple Salesforce orgs, which they acquired as part of an acquisition. The security team wants to leverage one of the orgs as an IdP and have the other Salesforce orgs as a service provider. There is a question raised to the security architect to recommend whether all the Salesforce instances need one common username for the employees.
TRUE or FALSE: They need a common username across all orgs.
CorrectIncorrect -
Question 13 of 60
13. Question
CloudVista Solutions wants to use Salesforce as their identity provider. They have a custom web application for managing benefits, which needs to leverage Salesforce for the login credentials. As a security architect, you have been tasked with setting up a connected app to configure the custom web app in your Salesforce Identity Provider org.
What are the valid subject type configuration options available to configure the connected app for the web application? (Choose 3)
CorrectIncorrect -
Question 14 of 60
14. Question
CloudVista Solutions uses a legacy identity management system that can accept SAML requests for authenticating users.
What feature of Salesforce security would you recommend as a security architect?
CorrectIncorrect -
Question 15 of 60
15. Question
CloudVista Solutions wants to leverage Identity Connect to synchronize their legacy Active Directory with Salesforce. As a security architect, you have been tasked by the CISO to come up with a best practice recommendation for synchronizing users between both systems.
What would be the best practice you would recommend to sync data between Active Directory and Salesforce for the first time? (Choose 2)
CorrectIncorrect -
Question 16 of 60
16. Question
TRUE or FALSE: Delegated authentication is the only solution to use when your external IdP supports SAML or OpenID Connect.
CorrectIncorrect -
Question 17 of 60
17. Question
Your IT team has decided to build a custom web service that will be used as an IdP for your Salesforce org to authenticate users. As a security architect, your IT team is asking for recommendations on the web service to be built as part of delegated authentication implementation in Salesforce.
What are the two best practices you would recommend your IT team to implement on their web service as part of delegated authentication implementation? (Choose 2)
CorrectIncorrect -
Question 18 of 60
18. Question
When a user tries to reset their password, they receive the reset password email with the link. When they access the link, they view a message, “Passwords cannot be reset for single sign-on users.”
What is causing the issue? (Choose 2)
CorrectIncorrect -
Question 19 of 60
19. Question
TRUE or FALSE: Delegated authentication is a feature that allows direct use of LDAP for user authentication.
CorrectIncorrect -
Question 20 of 60
20. Question
What is TRUE about troubleshooting delegated authentication issues? (Choose 2)
CorrectIncorrect -
Question 21 of 60
21. Question
Your Salesforce org is configured to use an external IdP as the single sign-on provider. As a security architect, before implementing SSO, you notice SSO errors for some users.
What tool would you use to troubleshoot SSO issues?
CorrectIncorrect -
Question 22 of 60
22. Question
Angus recently joined CloudVista Solutions as a Salesforce Admin. He has been getting complaints from users being unable to log in to Salesforce. The company recently implemented SSO using an external tool.
As the admin, what would you do first to validate user login issues?
CorrectIncorrect -
Question 23 of 60
23. Question
What is TRUE about the hybrid app flows? (Choose 4)
CorrectIncorrect -
Question 24 of 60
24. Question
CloudVista Solutions has an external web application used by the sales team to track order information. The sales team also uses Salesforce to manage opportunities, contracts, products, and pricing. The CIO wants the web application to access product, pricing, and contract documents from Salesforce.
As a security architect, you have recommended the hybrid application approach leveraging hybrid user-agent token flow to access data from Salesforce. The CIO is concerned about security and wants to ensure there is a secure way to get session information to access resources on Salesforce.
What are three ways you would recommend to obtain session information to access Salesforce data and files? (Choose 3)
CorrectIncorrect -
Question 25 of 60
25. Question
Which features of the hybrid app flow for web session management in Salesforce are TRUE? (Choose 4)
CorrectIncorrect -
Question 26 of 60
26. Question
What is TRUE about JWT bearer flow for server-to-server integration? (Choose 4)
CorrectIncorrect -
Question 27 of 60
27. Question
How are scopes defined for the JWT bearer flow for server-to-server integration in Salesforce? (Choose 2)
CorrectIncorrect -
Question 28 of 60
28. Question
What is TRUE about the JWT token in the JWT bearer flow for server-to-server integration login flow? (Choose 3)
CorrectIncorrect -
Question 29 of 60
29. Question
What is TRUE about the SAML bearer assertion flow? (Choose 4)
CorrectIncorrect -
Question 30 of 60
30. Question
What is TRUE about username/password flow? (Choose 3)
CorrectIncorrect -
Question 31 of 60
31. Question
As a security architect, you come across username and password flows used in your client’s Salesforce instance for integration with external applications. The CISO is concerned about security for the username and password flow and wants to replace the flow with a secure solution.
Please select the best alternate option that you would recommend to replace this flow.
CorrectIncorrect -
Question 32 of 60
32. Question
Abc Manufacturer has several applications which use mobile, Internet of Things (IoT), web applications, and integrations done using API. The CISO is concerned with the type of security authentication and wants to identify all scenarios that leverage an OAuth flow.
Please choose the options you would recommend to use the OAuth flow. (Choose 3)
CorrectIncorrect -
Question 33 of 60
33. Question
What are the components of Identity Connect? (Choose 3)
CorrectIncorrect -
Question 34 of 60
34. Question
As a security architect, what are the best practices for implementing Identity Connect? (Choose 3)
CorrectIncorrect -
Question 35 of 60
35. Question
What is TRUE about Identity Connect? (Choose 3)
CorrectIncorrect -
Question 36 of 60
36. Question
CloudVista Solutions has Active Directory as an IdP and wants to implement SSO with their Salesforce org. The CISO has directed that the users will be set up in Active Directory first, and Salesforce will act as a service provider.
What feature of Salesforce will you recommend for the following scenario?
CorrectIncorrect -
Question 37 of 60
37. Question
TRUE or FALSE: Identity Connect requires an on-premise application to be installed on the client network to sync with Active Directory.
CorrectIncorrect -
Question 38 of 60
38. Question
CloudVista Solutions wants to leverage Salesforce as a single sign-on solution for the enterprise. The security architect has recommended using Salesforce as an IdP and wants to use Salesforce as an IdP only.
What license type would you recommend the organization purchase from Salesforce to fulfill this requirement?
CorrectIncorrect -
Question 39 of 60
39. Question
CloudVista Solutions is using a customer community for external customers to log in to Salesforce and perform business functions. From a security perspective, Salesforce is used as an IdP for internal and external users to log in. There is a need for a new set of external users who need to leverage Salesforce as an IdP and log in and access the organization’s business functions.
What license type would you recommend?
CorrectIncorrect -
Question 40 of 60
40. Question
CloudVista Solutions has a Salesforce org that has many person accounts, as most of the customers tend to be individual customers with no organization information. As part of their expansion into the B2B line of business, they are looking to implement a partner portal that will provide access to business contacts and organizations.
TRUE or FALSE: The current person account data model can be leveraged for partners.
CorrectIncorrect -
Question 41 of 60
41. Question
Where are social sign-on options enabled for communities?
CorrectIncorrect -
Question 42 of 60
42. Question
CloudVista Solutions has a Salesforce org where they use person accounts. They are planning to implement a new Experience Cloud community where they want to create person accounts for external community users as part of the self-registration process. As a Salesforce Admin, you have been asked to identify if there is an out-of-the-box option to create person accounts automatically.
Where would you configure the option to create person accounts on the self-registration page?
CorrectIncorrect -
Question 43 of 60
43. Question
TRUE or FALSE: If a social sign-on is not listed as an Auth provider, it cannot be used on an Experience site.
CorrectIncorrect -
Question 44 of 60
44. Question
CloudVista Solutions has multiple communities leveraging Experience Cloud for customers and partners. The business wants to have customers leverage their Facebook and Twitter (X) login information and use social sign-on to log in to the Salesforce community.
As a security architect, you have recommended leveraging the Auth providers feature to implement the social sign-on for Facebook and Twitter (X). Your CISO wants to know whether you have to implement the Auth providers feature for each community portal in your Salesforce org.
Is this TRUE or FALSE?
CorrectIncorrect -
Question 45 of 60
45. Question
CloudVista Solutions has recently decided to use Salesforce as the identity management solution for all of its external applications.
The CISO is exploring the options for additional verification for users using their mobile licenses. As a security architect, you were tasked to identify how to use the identity verification credit codes add-on feature.
What will you recommend to CISO on where the mobile verification add-on license is to be used?
CorrectIncorrect -
Question 46 of 60
46. Question
CloudVista Solutions has recently implemented a Salesforce community to allow external users to use Salesforce and access certain business functions. The CIO has been tasked with allowing a secure way of authenticating users and providing a list of verification methods.
As a Salesforce Admin, what would be your answer to the verification methods that are available for authenticating a self-registered user? (Choose 2)
CorrectIncorrect -
Question 47 of 60
47. Question
A junior Salesforce Admin who joined the company is looking to modify out-of-the-box standard profiles instead of cloning them to fit the needs of your organization for a newly built Salesforce Experience Cloud implementation.
As a Salesforce Solution Architect, what is the primary reason you would advise the junior Salesforce Admin not to modify out-of-the-box standard profiles?
CorrectIncorrect -
Question 48 of 60
48. Question
What social sign-on providers are available with out-of-the-box integration with Salesforce for external users to log in to your Salesforce community? (Choose 3)
CorrectIncorrect -
Question 49 of 60
49. Question
Cloud University is planning to implement a student portal to support existing students. The CIO is concerned about duplicate management since students often use multiple email addresses.
As a Salesforce Architect, what out-of-the-box de-duping capabilities in Salesforce will allow users self-registering to use existing contacts by matching the email address to existing users?
CorrectIncorrect -
Question 50 of 60
50. Question
As a Salesforce Admin, you have been asked by the business team to identify external user registrations on your community portal. The community portal leverages out-of-the-box community user registration.
What objects in Salesforce will you check to identify if the external community users are created successfully? (Choose 3)
CorrectIncorrect -
Question 51 of 60
51. Question
What information is displayed by the Salesforce Authenticator app when a request is sent for approval? (Choose 4)
CorrectIncorrect -
Question 52 of 60
52. Question
CloudVista Solutions is planning to implement MFA on their Salesforce instance. The CISO has tasked you as a Security Architect to come up with different recommendations for implementing MFA in your Salesforce org.
What are the different ways you would recommend to your CISO to implement multi-factor authentication with your Salesforce instance? (Choose 4)
CorrectIncorrect -
Question 53 of 60
53. Question
Your org has enabled SSO with an external provider that offers MFA. Users are challenged by both the IdP provider and Salesforce, which requests MFA.
How do you fix this issue so that only IdP MFA is enforced?
CorrectIncorrect -
Question 54 of 60
54. Question
TRUE or FALSE: Email is a valid form for multi-factor authentication by Salesforce.
CorrectIncorrect -
Question 55 of 60
55. Question
What options are available to implement MFA with Apex? (Choose 3)
CorrectIncorrect -
Question 56 of 60
56. Question
The CISO of your organization is concerned with Salesforce users bypassing SSO when using apps like Data Loader.
As a security architect, what solution would you suggest that will enforce MFA for users accessing tools such as Data Loader and connected apps?
CorrectIncorrect -
Question 57 of 60
57. Question
A group of users try to access one of CloudVista Solutions’ connected apps and receive the error message, “Failed: Not approved for access.”.
What is the most likely cause of this issue?
CorrectIncorrect -
Question 58 of 60
58. Question
CloudVista Solutions has a mobile application that it wants to deploy to all of its Salesforce users, including customer community users. CloudVista Solutions would like to minimize the administration overhead.
Which two items should an architect recommend? (Choose 2)
CorrectIncorrect -
Question 59 of 60
59. Question
CloudVista Solutions has decided to use Salesforce as an identity provider (IdP) for multiple external applications. CloudVista Solutions wants to use the Salesforce App Launcher to control the applications that are available to individual users.
Which steps are required to make this happen? (Choose 3)
CorrectIncorrect -
Question 60 of 60
60. Question
CloudVista Solutions has been through an audit and has been asked to identify extraneous user activity in their Salesforce instance. The compliance team has asked the Salesforce team to report on login activity and report on issues.
What tool would you recommend as a security architect?
CorrectIncorrect