Salesforce Integration-Architect Exam With Confidence Using Practice Dumps

Named Credentials and Two way SSL are two security methods that an integration architect can leverage within Salesforce to secure the integration with an external system via HTTPS request. Named Credentials are a type of metadata that store authentication settings for accessing external services. They allow you to specify the URL of a service,the authentication protocol, and the credentials for accessing the service. Two way SSL is a type ofmutual authentication that requires both the client and the server to present their certificates to each other. This ensures that both parties are who theyclaim to be, and that the communication is encrypted. Two way SSL can be configured in Salesforce by uploading a certificate and a private key, and associating them with a named credential. References: Certification - Integration Architect - Trailhead, [Named Credentials], [Mutual Authentication]

An API gateway is a component that acts as a single point of entry for all cloud applications to access on-premise resources and services. It can provide security, routing, transformation, and other features to facilitate integration. An API gateway component should be deployable behind a DMZ or perimeter network, which is a subnetwork that separates the internal network from the external network and provides an additional layer of security. The middleware solution should also be capable of establishing a secure API gateway between cloud applications and on-premise resources, which may involve using protocols such as HTTPS, SSL/TLS, or VPN. The OAuth security protocol is not a requirement for choosing a middleware solution, as it is a standard for authorizing access to resources on behalf of a user. The middleware solution’s ability to interface directly with databases via an ODBC connection string is also not a requirement, as it is a specific feature that may or may not be needed depending on the integration scenario. Reference: Salesforce Integration Architecture Designer Resource Guide, page 14-15

Answer A is valid because creating an Auth provider in the package and setting the consumer key and consumer secretof the connected app in the central org can allow the package to authenticate with the central org using OAuth 2.0. An Auth provider is a configuration that specifies how to connect to an external service that uses a specific identity protocol. A connectedapp is an application that can access Salesforce resources using APIs and standard protocols. The consumer key and consumer secret are credentials that identify the connected app to Salesforce.

Answer C is valid because creating a connected app in the central org and adding the callback URL of each org the package is installed in to redirect to after successful authentication can enable the package to obtain an access token from the central org using OAuth 2.0. The callback URL is a parameter that specifies where the user should be redirected after granting or denying permission to access Salesforce resources. The access token is a credential that can be used to invoke the custom Apex REST endpoint in the central org.

Answer E is valid because using the Auth Provider configured and selecting the identity type as Named Principal with OAuth 2.0 as the protocol and selecting Start Authentication Flow on Save can initiate the authentication flow when installing the package. The identity type determines how the package accesses Salesforce resources on behalf of users or an application. The Named Principal identity type means that the package uses a single credential, such as a username and password or an access token, to access Salesforce resources for all users.TheStart Authentication Flow on Save option means that the package will prompt the user to enter the credential when saving the Auth Provider configuration.

Answer B is not valid because contacting Salesforce support and creating a case to temporarily enable API access for managed packages is not a necessary or recommended action. API access for managed packages is enabled by default and does not require any special permission or configuration from Salesforce support. Moreover, this action does not addressthe security requirement of using a specific integration account in the central org that will be authorized after installation of the package.

Answer D is not valid because using an encrypted field to store the password that the security team enters and using password management for external orgs and setting the encryption method to TLS 1.2 is not a secure or reliable solution. An encrypted field is a custom field that encrypts sensitive data at rest and masks it on the user interface. However, this fielddoes not prevent unauthorized access or leakage of data, as it can be decrypted by users who have the View Encrypted Data permission or by Apex code that runs in system mode. Moreover, this field does not support encryption methods such as TLS 1.2, which are used for securing data in transit, not at rest.