Universal Containers has implemented a multi-org strategy and would like to centralize the management of their Salesforce user profiles.
What should the Architect recommend to allow Salesforce profiles to be managed from a central system of record?

Universal Containers (UC) uses an internal company portal for their employees to collaborate. UC decides to use Salesforce Ideas and provide the ability for employees to post ideas from the company portal. They use SAML-based SSO to get into the Company portal and would like to leverage it to access Salesforce.
Most of the users don't exist in Salesforce and they would like the user records created in Salesforce Communities the first time they try to access Salesforce.
What recommendation should an Architect make to meet this requirement?

Universal containers (UC) wants to implement Delegated Authentication for a certain subset of Salesforce users. Which three items should UC take into consideration while building the Web service to handle the Delegated Authentication request? Choose 3 answers

Which three types of attacks would a 2-Factor Authentication solution help garden against?

The security team at Universal Containers (UC) hasidentified exporting reports as a high-risk action and would like to require users to be logged into Salesforce with their Active Directory (AD) credentials when doing so.
For all other users of Salesforce, users should be allowed to use AD Credentials orSalesforce credentials. What solution should be recommended to prevent exporting reports except when logged in using AD credentials while maintaining the ability to view reports when logged in with Salesforce credentials?