Universal Containers (UC) wants to build a few applications that leverage the Salesforce REST API. UC has asked its Architect to describe how the API calls will be authenticated to a specific user. Which two mechanisms can the Architect provide? Choose 2 Answers

A. Authentication Token

B. Session ID

C. Refresh Token

D. Access Token

An Architect needs to advise the team that manages the Identity Provider how to differentiate Salesforce from other Service Providers. What SAML SSO setting in Salesforce provides this capability?

A. Identity Provider Login URL.

B. Issuer.

C. Entity Id

D. SAML Identity Location.

Universal containers(UC) has a customer Community that uses Facebook for authentication. UC would like to ensure that changes in the Facebook profile are reflected on the appropriate customer Community user. How can this requirement be met?

A. Use the updateuser() method on the registration handler class.

B. Use SAML just-in-time provisioning between Facebook and Salesforce

C. Use information in the signed request that is received from Facebook.

D. Develop a schedule job that calls out to Facebook on a nightly basis.

The CMO of an advertising company has invited an Identity and Access Management (IAM) specialist to discuss Salesforce out-of-box capabilities for configuring the company*s login and registration experience on Salesforce Experience

Cloud.

The CMO is looking to brand the login page with the company's logo, background color, login button color, and dynamic right-frame from an external URL.

Which two solutions should the IAM specialist recommend?

Choose 2 answers

A. Use Experience Builder to build branded Reset and Forgot Password pages.

B. Build custom pages for branding requirements in Experience Cloud.

C. Build custom site pages for reset and forgot password features.

D. Login and Registration pages can be branded in the Community Administration settings.

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

A. Use the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

B. Use Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

C. Use the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

D. Use a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.