
Latest Plat-Arch-203 Actual Free Exam Questions Updated 246 Questions
Free Plat-Arch-203 Exam Braindumps certification guide Q&A
NEW QUESTION # 76
An Enterprise is using a Lightweight Directory Access Protocol (LDAP ) server as the only point for user authentication with a username/password. Salesforce delegated authentication is configured to integrate Salesforce under single sign-on (SSO).
Mow can end users change their password?
- A. Users can click on the "Forgot your Password" link on the Salesforce.com login page.
- B. Users can change it on the enterprise LDAP authentication portal.
- C. Users once logged In, can go to the Change Password screen in Salesforce.
- D. Users can request the Salesforce Admin to reset their password.
Answer: D
NEW QUESTION # 77
Universal containers wants to build a custom mobile app connecting to salesforce using Oauth, and would like to restrict the types of resources mobile users can access. What Oauth feature of Salesforce should be used to achieve the goal?
- A. Access Tokens
- B. Mobile pins
- C. Scopes
- D. Refresh Tokens
Answer: C
NEW QUESTION # 78
Universal Containers (UC) wants its closed Won opportunities to be synced to a Data warehouse in near real time. UC has implemented Outbound Message to enable near real-time data sync. UC wants to ensure that communication between Salesforce and Target System is secure. What certificate is sent along with the Outbound Message?
- A. The default client Certificate or the Certificate and Key Management menu.
- B. The Self-signed Certificates from the Certificate & Key Management menu.
- C. The default client Certificate from the Develop--> API menu.
- D. The CA-signed Certificate from the Certificate and Key Management Menu.
Answer: C
NEW QUESTION # 79
A manufacturer wants to provide registration for an Internet of Things (IoT) device with limited display input or capabilities.
Which Salesforce OAuth authorization flow should be used?
- A. OAuth 2.0 Device Flow
- B. OAuth 2.0 JWT Bearer How
- C. OAuth 2.0 User-Agent Flow
- D. OAuth 2.0 Asset Token Flow
Answer: A
NEW QUESTION # 80
Universal Containers (UC) is using Active Directory as its corporate identity provider and Salesforce as its CRM for customer care agents, who use SAML based sign sign-on to login to Salesforce. The default agent profile does not include the Manage User permission. UC wants to dynamically update the agent role and permission sets.
Which two mechanisms are used to provision agents with the appropriate permissions?
Choose 2 answers
- A. Use SAML Just-m-Time (JIT) Handler class run as current user to update role and permission sets.
- B. Use Login Flow in User Context to update role and permission sets.
- C. Use Login Flow in System Context to update role and permission sets.
- D. Use SAML Just-in-Time (JIT) handler class run as an admin user to update role and permission sets.
Answer: C,D
NEW QUESTION # 81
Universal Containers (UC) has an existing web application that it would like to access from Salesforce without requiring users to re-authenticate. The web application is owned UC and the UC team that is responsible for it is willing to add new javascript code and/or libraries to the application. What implementation should an Architect recommend to UC?
- A. Rewrite the web application as a set of Visualforce pages and Apex code.
- B. Add the web application as a ConnectedApp using OAuth User-Agent flow.
- C. Create a Canvas app and use Signed Requests to authenticate the users.
- D. Configure the web application as an item in the Salesforce App Launcher.
Answer: C
NEW QUESTION # 82
Universal Containers (UC) is looking to purchase a third-party application as an Identity Provider. UC is looking to develop a business case for the purchase in general and has enlisted an Architect for advice. Which two capabilities of an Identity Provider should the Architect detail to help strengthen the business case? Choose 2 answers
- A. The Identity provider can store credentials for multiple applications.
- B. The Identity Provider can authenticate multiple social media accounts.
- C. The Identity Provider can authenticate multiple applications.
- D. The Identity Provider can centralize enterprise password policy.
Answer: C,D
NEW QUESTION # 83
A global fitness equipment manufacturer is planning to sell fitness tracking devices and has the following requirements:
1) Customer purchases the device.
2) Customer registers the device using their mobile app.
3) A case should automatically be created in Salesforce and associated with the customers account in cases where the device registers issues with tracking.
Which OAuth flow should be used to meet these requirements?
- A. OAuth 2.0 SAML Bearer Assertion Flow
- B. OAuth 2.0 Username-Password Flow
- C. OAuth 2.0 Asset Token Flow
- D. OAuth 2.0 User-Agent Flow
Answer: C
NEW QUESTION # 84
A company's external application is protected by Salesforce through OAuth. The identity architect for the project needs to limit the level of access to the data of the protected resource in a flexible way.
What should be done to improve security?
- A. Create custom scopes and assign to the connected app.
- B. Leverage external objects and data classification policies.
- C. Define a permission set that grants access to the app and assign to authorized users.
- D. Select "Admin approved users are pre-authorized" and assign specific profiles.
Answer: A
NEW QUESTION # 85
Universal Containers wants to implement Single Sign-on for a Salesforce org using an external Identity Provider and corporate identity store.
What type of authentication flow is required to support deep linking'
- A. Service-Provider-Initiated SSO
- B. Web Server OAuth SSO flow
- C. Identity-Provider-initiated SSO
- D. StartURL on Identity Provider
Answer: A
NEW QUESTION # 86
Universal Containers (UC) is looking to build a Canvas app and wants to use the corresponding Connected App to control where the app is visible. Which two options are correct in regards to where the app can be made visible under the Connected App setting for the Canvas app? Choose 2 answers
- A. The sidebar of a Salesforce Console as a console component.
- B. As part of the body of a Salesforce Knowledge article.
- C. In the mobile navigation menu on Salesforce for Android.
- D. Included in the Call Control Tool that's part of Open CTI.
Answer: A,B
NEW QUESTION # 87
A group of users try to access one of universal containers connected apps and receive the following error message : "Failed : Not approved for access". what is most likely to cause of the issue?
- A. The salesforce administrators gave revoked the Oauth authorization.
- B. The connected App setting "All users may self-authorize" is enabled.
- C. The users do not have the correct permission set assigned to them.
- D. The use of high assurance sections are required for the connected App.
Answer: C
NEW QUESTION # 88
Northern Trail Outfitters (NTO) is planning to implement a community for its customers using Salesforce Experience Cloud . Customers are not able to self-register. NTO would like to have customers set their own passwords when provided access to the community.
Which two recommendations should an identity architect make to fulfill this requirement?
Choose 2 answers
- A. Allow Password reset using the API to update Experience Cloud site membership.
- B. Use Login Flows to allow users to reset password in Experience Cloud site.
- C. Enable Welcome emails while configuring the Experience Cloud site.
- D. Add customers as contacts and add them to Experience Cloud site.
Answer: A,B
NEW QUESTION # 89
An identity architect wants to secure Salesforce APIs using Security Assertion Markup Language (SAML). For secunty purposes, administrators will need to authorize the applications that will be consuming the APIs.
Which Salesforce OAuth authorization flow should be used?
- A. SAML Assertion Flow
- B. OAuth 2-0 SAML Bearer Assertion Flow
- C. OAuth 2.0 JWT Bearer Flow
- D. OAuth 2.0 User-Agent Flow
Answer: A
NEW QUESTION # 90
Universal containers (UC) has implemented SAML SSO to enable seamless access across multiple applications. UC has regional salesforce orgs and wants it's users to be able to access them from their main Salesforce org seamless. Which action should an architect recommend?
- A. Configure the main salesforce org as an Authentication provider.
- B. Configure the main salesforce org as the Identity provider.
- C. Configure the main Salesforce org as a service provider.
- D. Configure the regional salesforce orgs as Identity Providers.
Answer: B
NEW QUESTION # 91
Which two capabilities does My Domain enable in the context of a SAML SSO configuration? Choose 2 answers
- A. App Launcher
- B. Login Forensics
- C. SSO from Salesforce Mobile App
- D. Resource deep linking
Answer: C,D
NEW QUESTION # 92
Universal containers(UC) wants to integrate a third-party reward calculation system with salesforce to calculate rewards. Rewards will be calculated on a schedule basis and update back into salesforce. The integration between Salesforce and the reward calculation system needs to be secure. Which are the recommended best practices for using Oauth flows in this scenario? Choose 2 answers
- A. Oauth Username-password flow
- B. Oauth refresh token flow
- C. Oauthjwt bearer token flow
- D. Oauth SAML bearer assertion flow
Answer: C,D
NEW QUESTION # 93
Northern Trail Outfitters wants to implement a partner community. Active community users will need to review and accept the community rules, and update key contact information for each community member before their annual partner event.
Which approach will meet this requirement?
- A. Add a banner to the community Home page asking users to update their profile and accept the new community rules.
- B. Create a custom landing page and email campaign asking all community members to login and verify their data.
- C. Create tasks for users who need to update their data or accept the new community rules.
- D. Create a login flow that conditionally prompts users who have not accepted the new community rules and who have missing or outdated information.
Answer: D
NEW QUESTION # 94
A global fitness equipment manufacturer uses Salesforce to manage its sales cycle. The manufacturer has a custom order fulfillment app that needs to request order data from Salesforce. The order fulfillment app needs to integrate with the Salesforce API using OAuth 2.0 protocol.
What should an identity architect use to fulfill this requirement?
- A. Canvas App Integration
- B. Connected App and OAuth scopes
- C. Authentication Providers
- D. OAuth Tokens
Answer: B
NEW QUESTION # 95
Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?Universal Containers (UC) has a mobile application for its employees that uses data from Salesforce as well as uses Salesforce for Authentication purposes. UC wants its mobile users to only enter their credentials the first time they run the app. The application has been live for a little over 6 months, and all of the users who were part of the initial launch are complaining that they have to re-authenticate. UC has also recently changed the URI Scheme associated with the mobile app. What should the Architect at UC first investigate?
- A. Validate that the users are checking the box to remember their passwords.
- B. Confirm that the access Token's Time-To-Live policy has been set appropriately.
- C. Verify that the Callback URL is correctly pointing to the new URI Scheme.
- D. Check the Refresh Token policy defined in the Salesforce Connected App.
Answer: D
NEW QUESTION # 96
......
Plat-Arch-203 Certification Overview Latest Plat-Arch-203 PDF Dumps: https://itcertspass.prepawayexam.com/Salesforce/braindumps.Plat-Arch-203.ete.file.html