Salesforce Exam Identity-and-Access-Management-designer Topic 14 Question 14 Discussion

Actual exam question for Salesforce's Identity-and-Access-Management-designer exam

Question #: 14
Topic #: 14

[All Identity-and-Access-Management-designer Questions]

Universal Containers (UC) is using a custom application that will act as the Identity Provider and will generate SAML assertions used to log in to Salesforce. UC is considering including custom parameters in the SAML assertion. These attributes contain sensitive data and are needed to authenticate the users. The assertions are submitted to salesforce via a browser form post. The majority of the users will only be able to access Salesforce via UC's corporate network, but a subset of admins and executives would be allowed access from outside the corporate network on their mobile devices. Which two methods should an Architect consider to ensure that the sensitive data cannot be tampered with, nor accessible to anyone while in transit?

AUse the Identity Provider's certificate to digitally sign and Salesforce's Certificate to encrypt the payload.

BUse Salesforce's Certificate to digitally sign the SAML Assertion and a Mobile Device Management client on the users' mobile devices.

CUse the Identity provider's certificate to digitally Sign and the Identity provider's certificate to encrypt the payload.

DUse a custom login flow to retrieve sensitive data using an Apex callout without including the attributes in the assertion.

Show Suggested Answer

Suggested Answer: A, C

by Meaghan at May 09, 2022, 12:44 AM

Limited Time Offer

25%

Off

Get Premium Identity-and-Access-Management-designer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!