Universal containers (UC) is successfully using Delegated Authentication for their salesforce users. The service supporting Delegated Authentication is written in Java. UC has a new CIO that is requiring all company Web services be RESR-ful and written in . NET. Which two considerations should the UC Architect provide to the new CIO? Choose 2 answers

An Architect needs to set up a Facebook Authentication provider as a login option for a Salesforce Customer Community.
What portion of the authentication provider setup associates a Facebook user with a Salesforce user?

Containers (UC) uses an internal system for recruiting and would like to have the candidates' info available in the Salesforce automatically when they are selected. UC decides to use OAuth to connect to Salesforce from the recruiting system and would like to do the authentication using digital certificates. Which two OAuth flows should be considered to meet the requirement? Choose 2 answers

The security team at Universal Containers has identified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other uses of Salesforce, users should be allowed to use AD credentials or Salesforce credentials.
What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?

Universal Containers has built a custom token-based Two-Factor Authentication system for their existing on-premise applications. They are now implementing Salesforce and would like to enable a Two-Factor login process for it, as well.
What is the recommended solution an Architect should consider?