Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

A. Authentication Token

B. Session ID

C. Refresh Token

D. Access Token

An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers. What SAML SSO setting in Salesforce provides this capability?

A. Identity Provider Login URL.

B. Issuer.

C. Entity Id

D. SAML Identity Location.

Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

A. Use the updateuser() method on the registration handler class.

B. Use SAML just-in-time provisioning between Facebook and Salesforce

C. Use information in the signed request that is received from Facebook.

D. Develop a schedule job that calls out to Facebook on a nightly basis.

customer service representatives at Universal containers (UC) are complaining that whenever they click on links to case records and are asked to login with SAML SSO, they are being redirected to the salesforce home tab and not the specific case record. What item should an architect advise the identity team at UC to investigate first?

A. My domain is configured and active within salesforce.

B. The salesforce SSO settings are using http post

C. The identity provider is correctly preserving the Relay state

D. The users have the correct Federation ID within salesforce.

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.