I don't recommend people not review for their maintenance exams. It will not serves you well in the long run. However, I understand that sometimes we don't have enough time to read thru the release notes or even watch release videos (which sometimes lacks information) at the same time pay for the maintenance fee. So proceed if you are really out of options.
Identity and Access Managment - Spring 18 Release
1) An administrator resets a user password in Salesforce. Which attribute will be updated with the "True" value in the Identity URL or UserInfo endpoint?
(A) password_reset
(B) active
(C) password_updated
(D) email_verified
ANSWER: D.
NOTE: See https://help.salesforce.com/articleView?id=remoteaccess_using_userinfo_endpoint.htm&type=5
2) Universal Containers uses Customer Community for its customers and wants to make sure that there is an extra layer of security to avoid unauthorized access. What is the recommended way of enabling two-factor authentication for external users?
(A) Use an AppExchange application to implement two-factor authentication for external users
(B) Use dynamic login on the customer community to allow customers to verify their identity
(C) Use custom login flows to implement two-factor authentication for external users
(D) Update external user profile to allow users to verify their identity and avoid unauthorized access
ANSWER: D.
NOTE: Initially I thought this is "C" because that was the old way of doing it but a new feature as part of Spring 18 was introduced. See https://releasenotes.docs.salesforce.com/en-us/spring18/release-notes/rn_security_auth_communities_verification.htm
3) Universal Containers uses Customer Community to allow its customer to register and perform self-service functions. Due to the growth of the business and customer base, UC wants to deliver a different experience to its customers based on run-time circumstances. What is the secure and recommended way of enabling this?
(A) Use custom login flows to deliver different experiences by extracting the source from the URL where the customer is visiting form
(B) Use an AppExchange product to customize the Customer Community login experience and deliver a personalized experience to customers
(C) Enable dynamic login experience by adding expid request parameter in the client configuration SSO initialization URL
(D) Develop Lightning components to deliver different experience to customers using their information stored in Salesforce
ANSWER: C
NOTE: Keyword "run-time circumstances". See https://releasenotes.docs.salesforce.com/en-us/spring18/release-notes/rn_security_identity_dynamic_auth_providers.htm
4) Universal Containers uses an external website to allow its customer to perform self-service functions. The website doesn't support authentication through SAML or OpenID Connect. UC has decided to implement Salesforce and authenticate its user via Salesforce.
What is the recommended solution to allow users to authenticate via Salesforce on the external website?
(A) Configure Salesforce as a Service Provider, and implement custom federation services using existing Identity store
(B) Migrate the website to Customer Community to allow a seamless experience and set existing passwords as their customer community user passwords
(C) Configure Customer Community Identity providers, and use Embedded Login to allow customers to authenticate on the website using configured identity providers
(D) Configure a connected app in Salesforce and use username-password flow to allow customer to authenticate on the website
ANSWER: C
NOTE: Keyword is "doesn't support SAML or OpenID Connect". See https://developer.salesforce.com/docs/atlas.en-us.212.0.externalidentityImplGuide.meta/identityImplGuide/external_identity_login_intro.htm
5) Universal Containers uses Salesforce for all of its internal users. Recently, Universal Containers started getting a lot of complaints from users regarding locked user accounts due to users not being able to reset their passwords.
(A) Enable two-factor authentication using lightning login to allow users to log in without their passwords
(B) Modify password policies and set Password Expires to "Never Expires" so that users can log in without any interruption
(C) Implement a third-party Identity Provider to centralize user management and authentication policies
(D) Configure social media authentication provider to allow users to log in via their social media credentials
ANSWER: A
