Answer A is valid because creating an Auth provider in the package and setting the consumer key and consumer secretof the connected app in the central org can allow the package to authenticate with the central org using OAuth 2.0. An Auth provider is a configuration that specifies how to connect to an external service that uses a specific identity protocol. A connectedapp is an application that can access Salesforce resources using APIs and standard protocols. The consumer key and consumer secret are credentials that identify the connected app to Salesforce.
Answer C is valid because creating a connected app in the central org and adding the callback URL of each org the package is installed in to redirect to after successful authentication can enable the package to obtain an access token from the central org using OAuth 2.0. The callback URL is a parameter that specifies where the user should be redirected after granting or denying permission to access Salesforce resources. The access token is a credential that can be used to invoke the custom Apex REST endpoint in the central org.
Answer E is valid because using the Auth Provider configured and selecting the identity type as Named Principal with OAuth 2.0 as the protocol and selecting Start Authentication Flow on Save can initiate the authentication flow when installing the package. The identity type determines how the package accesses Salesforce resources on behalf of users or an application. The Named Principal identity type means that the package uses a single credential, such as a username and password or an access token, to access Salesforce resources for all users.TheStart Authentication Flow on Save option means that the package will prompt the user to enter the credential when saving the Auth Provider configuration.
Answer B is not valid because contacting Salesforce support and creating a case to temporarily enable API access for managed packages is not a necessary or recommended action. API access for managed packages is enabled by default and does not require any special permission or configuration from Salesforce support.
Moreover, this action does not addressthe security requirement of using a specific integration account in the central org that will be authorized after installation of the package.
Answer D is not valid because using an encrypted field to store the password that the security team enters and using password management for external orgs and setting the encryption method to TLS 1.2 is not a secure or reliable solution. An encrypted field is a custom field that encrypts sensitive data at rest and masks it on the user interface. However, this fielddoes not prevent unauthorized access or leakage of data, as it can be decrypted by users who have the View Encrypted Data permission or by Apex code that runs in system mode.
Moreover, this field does not support encryption methods such as TLS 1.2, which are used for securing data in transit, not at rest.
References: Auth Provider: Connected Apps : OAuth 2.0 Web Server Authentication Flow : Named Credentials as Callout Endpoints : API Access in Packages : Encrypted Fields : Encryption Methods Available in Salesforce
11of30