Universal Containers has multiple Salesforce instances where users receive emails from different instances. Users should be logged into the correct Salesforce instance authenticated by their IdP when clicking on an email link to a Salesforce record. What should be enabled in Salesforce as a prerequisite?

A. My Domain

B. External Identity

C. Identity Provider

D. Multi-Factor Authentication

Universal containers (UC) is building a mobile application that will make calls to the salesforce REST API. Additionally UC would like to provide the optimal experience for its mobile users. Which two OAuth scopes should UC configure in the connected App? Choose 2 answers

A. Refresh token

B. API

C. full

D. Web

A security architect is rolling out a new multi-factor authentication (MFA) mandate, where all employees must go through a secure authentication process before accessing Salesforce. There are multiple Identity Providers (IdP) in place and the architect is considering how the "Authentication Method Reference" field (AMR) in the Login History can help.

Which two considerations should the architect keep in mind?

Choose 2 answers

A. AMR field shows the authentication methods used at IdP.

B. Both OIDC and Security Assertion Markup Language (SAML) are supported but AMR must be implemented at IdP.

C. High-assurance sessions must be configured under Session Security Level Policies.

D. Dependency on what is supported by OpenID Connect (OIDC) implementation at IdP.

Universal containers (UC) uses a home-grown employee portal for their employees to collaborate. UC decides to use salesforce ideas to allow the employees to post ideas from the employee portal. When clicking some links in the employee portal, the users should be redirected to salesforce, authenticated, and presented with relevant pages. What scope should be requested when using the Oauth token to meet this requirement?

A. Web

B. Full

C. API

D. Visualforce

Universal containers (UC) is concerned that having a self-registration page will provide a means for "bots" or unintended audiences to create user records, thereby consuming licences and adding dirty data. Which two actions should UC take to prevent unauthorised form submissions during the self-registration process? Choose 2 answers

A. Use open-ended security questions and complex password requirements

B. Primarily use lookup and picklist fields on the self registration page.

C. Require a captcha at the end of the self-registration process.

D. Use hidden fields populated via java script events in the self-registration page.

A global company's Salesforce Identity Architect is reviewing its Salesforce production org login history and is seeing some intermittent Security Assertion Markup Language (SAML SSO) 'Replay Detected and Assertion Invalid' login errors.

Which two issues would cause these errors?

Choose 2 answers

A. The subject element is missing from the assertion sent to salesforce.

B. The certificate loaded into SSO configuration does not match the certificate used by the IdP.

C. The current time setting of the company's identity provider (IdP) and Salesforce platform is out of sync by more than eight minutes.

D. The assertion sent to 5alesforce contains an assertion ID previously used.

Universal containers wants to implement single Sign-on for a salesforce org using an external identity provider and corporate identity store. What type of Authentication flow is required to support deep linking?

A. Web server Oauth SSO flow.

B. Identity-provider-initiated SSO

C. Service-provider-initiated SSO

D. Start URL on identity provider

Universal containers (UC) has implemented ansp-Initiated SAML flow between an external IDP and salesforce. A user at UC is attempting to login to salesforce1 for the first time and is being prompted for salesforce credentials instead of

being shown the IDP login page.

What is the likely cause of the issue?

A. The "Redirect to Identity Provider" option has been selected in the my domain configuration.

B. The user has not configured the salesforce1 mobile app to use my domain for login

C. The "Redirect to identity provider" option has not been selected the SAML configuration.

D. The user has not been granted the "Enable single Sign-on" permission

A financial services company uses Salesforce and has a compliance requirement to track information about devices from which users log in. Also, a Salesforce Security Administrator needs to have the ability to revoke the device from which users log in.

What should be used to fulfill this requirement?

A. Use multi-factor authentication (MFA) to meet the compliance requirement to track device information.

B. Use the Activations feature to meet the compliance requirement to track device information.

C. Use the Login History object to track information about devices from which users log in.

D. Use Login Flows to capture device from which users log in and store device and user information in a custom object.

Universal Containers (UC) has implemented SAML-based SSO solution for use with their multi-org Salesforce implementation, utilizing one of the the orgs as the Identity Provider. One user is reporting that they can log in to the Identity Provider org but get a generic SAML error message when accessing the other orgs. Which two considerations should the architect review to troubleshoot the issue? Choose 2 answers

A. The Federation ID must be a valid Salesforce Username

B. The Federation ID must is case sensitive

C. The Federation ID must be in the form of an email address.

D. The Federation ID must be populated on the user record.