Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 5 Question 27 Discussion

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?
B) Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically and or remove a permission set that grants the Export Reports Permission.
A) Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
C) Use SAML federated Authentication, treat SAML Sessions as High Assurance, and raise the session level required for exporting reports.
D) Use SAML federated Authentication with a Login Flow to dynamically add or remove a Permission Set that grants the Export Reports Permission.

Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Exam - Topic 5 Question 27 Discussion

Actual exam question for Salesforce's Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) exam
Question #: 27
Topic #: 5
[All Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions]

The security team at Universal Containers (UC) has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so. For all other users of Salesforce, users should be allowed to use AD Credentials or Salesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

Show Suggested Answer Hide Answer
Suggested Answer: B

by Tyra at Oct 18, 2023, 11:42 PM

Limited Time Offer

25%

Off

Get Premium Salesforce Certified Platform Identity and Access Management Architect (Plat-Arch-203) Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Rima
6 months ago
B could work, but it feels a bit complicated for just exporting reports.
upvoted 0 times
...
Rex
6 months ago
Wait, can we really block report exports like that? Sounds tricky!
upvoted 0 times
...
Dierdre
7 months ago
A is too restrictive, users need access for other tasks too.
upvoted 0 times
...
Anissa
7 months ago
I think D is the best choice, dynamic permission sets are super flexible!
upvoted 0 times
...
Vanesa
7 months ago
Option C seems solid, raising session levels is a good move.
upvoted 0 times
...
Cheryl
7 months ago
I’m leaning towards option B, but I’m a bit confused about how Custom SAML JIT Provisioning works in this context.
upvoted 0 times
...
Lillian
8 months ago
I practiced a similar question about permission sets, and I feel like option D might be the right approach since it mentions dynamically adding/removing permissions.
upvoted 0 times
...
Tegan
8 months ago
I think option C sounds familiar, treating SAML sessions as High Assurance could be a good way to manage access, but I’m not completely confident.
upvoted 0 times
...
Rolland
8 months ago
I remember we discussed SAML Federated Authentication in class, but I'm not sure how it specifically applies to blocking report exports.
upvoted 0 times
...
Meghann
8 months ago
This is a great example of how we need to really understand the security features and capabilities of Salesforce to solve these types of challenges. I'm feeling confident I can work through this.
upvoted 0 times
...
Avery
8 months ago
I'm a bit confused by the different options here. I'll need to review the details of SAML federated authentication and how it can be used to restrict access to specific actions.
upvoted 0 times
...
Elinore
8 months ago
Okay, I think I've got a handle on this. The key is using SAML federated authentication to control access to the report export functionality.
upvoted 0 times
...
Cecil
8 months ago
Hmm, this seems like a tricky one. I'll need to carefully read through the options and think about the implications of each approach.
upvoted 0 times
...
Tiera
8 months ago
I've seen this type of question before. I think option C is the way to go - using SAML federated authentication and raising the session level required for exporting reports.
upvoted 0 times
...
Helga
8 months ago
I'm a bit confused on this one. What exactly is the "web rewrite" method and how does it work with the virtual gateway?
upvoted 0 times
...
Nickole
8 months ago
Okay, I think I've got this. The default behavior is that the FCS is verified and kept, but the VLAN tag is removed for transport over the network. So the answer should be option D.
upvoted 0 times
...
Krissy
1 year ago
I'm feeling a bit report-ish about this question. Time to put on my thinking cap and make a choice that's not a total export-astrophe.
upvoted 0 times
Corinne
12 months ago
C) I think using SAML federated Authentication and treating SAML Sessions as High Assurance could be the way to go.
upvoted 0 times
...
Lemuel
12 months ago
B) That sounds like a good idea. Use SAML Federated Authentication and Custom SAML JIT Provisioning to dynamically add or remove a permission set.
upvoted 0 times
...
Coral
1 year ago
A) Use SAML Federated Authentication and block access to reports when accessed through a Standard Assurance session.
upvoted 0 times
...
...
Marge
1 year ago
Hmm, exporting reports, huh? Sounds like someone's trying to sneak a peek at the secret recipe for Salesforce's world-famous unicorn frappuccinos.
upvoted 0 times
...
Cherrie
1 year ago
Ah, the age-old battle of security vs. convenience. Option A sounds like the classic 'block everything' approach. I'll pass on that one.
upvoted 0 times
Chandra
11 months ago
User 4: True, that could provide an extra layer of security without completely blocking access.
upvoted 0 times
...
Olive
12 months ago
User 3: Option C could also work by raising the session level required for exporting reports.
upvoted 0 times
...
Kerrie
12 months ago
User 2: I agree, it allows for flexibility while still maintaining control over report exports.
upvoted 0 times
...
Ming
1 year ago
User 1: Option B sounds like a good compromise between security and convenience.
upvoted 0 times
...
...
Annita
1 year ago
Option B looks good, but I'm not sure about the dynamic provisioning aspect. Seems like it could get messy if not implemented properly.
upvoted 0 times
Audry
1 year ago
Hoa: Agreed, let's go with Option D for a simpler solution.
upvoted 0 times
...
Glenn
1 year ago
User 3: That could be a more straightforward approach to manage permissions for exporting reports.
upvoted 0 times
...
Hoa
1 year ago
User 2: Maybe we should consider Option D with the Login Flow instead.
upvoted 0 times
...
Alline
1 year ago
User 1: Option B does sound a bit complex with the dynamic provisioning.
upvoted 0 times
...
...
Pamella
1 year ago
I'm leaning towards option D. Using a login flow to manage the permission set seems more flexible than the other options.
upvoted 0 times
...
Anjelica
1 year ago
Option C seems like the way to go. Treating SAML sessions as high assurance and raising the session level for exporting reports is a neat way to control access without disrupting normal login.
upvoted 0 times
...
Roy
1 year ago
I'm not sure about option B. I think option D might be a better choice since it involves using a Login Flow to manage permissions.
upvoted 0 times
...
Loreta
1 year ago
I agree with Michel. Option B seems like the most efficient way to control access to exporting reports based on the user's login method.
upvoted 0 times
...
Michel
1 year ago
I think option B sounds like a good solution. It allows for dynamic permission management based on the user's credentials.
upvoted 0 times
...

Save Cancel