Salesforce Certified Platform Integration Architect Practice Tests Total Questions: 492 – 12 Mock Exams
Practice Set 1
Time limit: 0
0 of 60 questions completed
Questions:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Information
Click on Start Test
You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" Salesforce Certified Platform Integration Architect Practice Test 1 "
0 of 60 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
Salesforce Certified Platform Integration Architect
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking on “View Answers” option. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Answered
Review
Question 1 of 60
1. Question
When making outbound calls from Salesforce, which of the following is a critical consideration?
Correct
Named credentials simplify and secure authentication by abstracting credentials and endpoint configuration. Session timeout and debug logs are less relevant for outbound calls. Trigger order is important within Salesforce logic but not related to making external calls.
Incorrect
Named credentials simplify and secure authentication by abstracting credentials and endpoint configuration. Session timeout and debug logs are less relevant for outbound calls. Trigger order is important within Salesforce logic but not related to making external calls.
Unattempted
Named credentials simplify and secure authentication by abstracting credentials and endpoint configuration. Session timeout and debug logs are less relevant for outbound calls. Trigger order is important within Salesforce logic but not related to making external calls.
Question 2 of 60
2. Question
In designing a scalable solution, what should be prioritized for predictable performance?
Correct
Bulkifying operations and reducing API calls helps keep performance stable and within limits. Increasing limits isnt possible. Batch frequency alone doesnt ensure performance. Synchronous patterns are more fragile.
Incorrect
Bulkifying operations and reducing API calls helps keep performance stable and within limits. Increasing limits isnt possible. Batch frequency alone doesnt ensure performance. Synchronous patterns are more fragile.
Unattempted
Bulkifying operations and reducing API calls helps keep performance stable and within limits. Increasing limits isnt possible. Batch frequency alone doesnt ensure performance. Synchronous patterns are more fragile.
Question 3 of 60
3. Question
What makes Platform Events a good choice for scalable integration?
Correct
Platform Events are designed for high-throughput, async, decoupled use cases. They do require schema and do not guarantee retries unless handled via replay IDs. Ordered delivery is limited and not always reliable.
Incorrect
Platform Events are designed for high-throughput, async, decoupled use cases. They do require schema and do not guarantee retries unless handled via replay IDs. Ordered delivery is limited and not always reliable.
Unattempted
Platform Events are designed for high-throughput, async, decoupled use cases. They do require schema and do not guarantee retries unless handled via replay IDs. Ordered delivery is limited and not always reliable.
Question 4 of 60
4. Question
How does Middleware contribute to scalable integrations?
Correct
Middleware enables scalable integration by providing retry, queuing, and flow control, especially under load. It doesnt bypass limits but works within constraints to buffer interactions.
Incorrect
Middleware enables scalable integration by providing retry, queuing, and flow control, especially under load. It doesnt bypass limits but works within constraints to buffer interactions.
Unattempted
Middleware enables scalable integration by providing retry, queuing, and flow control, especially under load. It doesnt bypass limits but works within constraints to buffer interactions.
Question 5 of 60
5. Question
Which Salesforce feature supports high-volume data ingestion while preserving scalability?
Correct
Bulk API is designed specifically for high-volume data ingestion. REST and Metadata APIs arent optimized for volume, and Streaming API is more for events than ingestion.
Incorrect
Bulk API is designed specifically for high-volume data ingestion. REST and Metadata APIs arent optimized for volume, and Streaming API is more for events than ingestion.
Unattempted
Bulk API is designed specifically for high-volume data ingestion. REST and Metadata APIs arent optimized for volume, and Streaming API is more for events than ingestion.
Question 6 of 60
6. Question
What is a key consideration when using Batch Apex for scale?
Correct
Scope size impacts resource usage and performance. Too large leads to timeouts; too small increases overhead. Logging is important but secondary.
Incorrect
Scope size impacts resource usage and performance. Too large leads to timeouts; too small increases overhead. Logging is important but secondary.
Unattempted
Scope size impacts resource usage and performance. Too large leads to timeouts; too small increases overhead. Logging is important but secondary.
Question 7 of 60
7. Question
What makes asynchronous processing a scalable option in Salesforce?
Correct
Asynchronous processes operate outside synchronous request limits, making them ideal for complex, high-volume operations. They dont avoid callouts or reduce governor limits but work within the architecture.
Incorrect
Asynchronous processes operate outside synchronous request limits, making them ideal for complex, high-volume operations. They dont avoid callouts or reduce governor limits but work within the architecture.
Unattempted
Asynchronous processes operate outside synchronous request limits, making them ideal for complex, high-volume operations. They dont avoid callouts or reduce governor limits but work within the architecture.
Question 8 of 60
8. Question
What should be avoided in scalable integration design?
Correct
Hardcoding credentials introduces security and maintainability issues. Other patterns promote scale and reliability.
Incorrect
Hardcoding credentials introduces security and maintainability issues. Other patterns promote scale and reliability.
Unattempted
Hardcoding credentials introduces security and maintainability issues. Other patterns promote scale and reliability.
Question 9 of 60
9. Question
Which design supports horizontal scale of integration endpoints?
Correct
Stateless APIs that can be load balanced allow easy scaling and resilience. Stateful or randomized designs make load balancing difficult.
Incorrect
Stateless APIs that can be load balanced allow easy scaling and resilience. Stateful or randomized designs make load balancing difficult.
Unattempted
Stateless APIs that can be load balanced allow easy scaling and resilience. Stateful or randomized designs make load balancing difficult.
Question 10 of 60
10. Question
What is a scalable approach for handling retries?
Correct
Dead-letter queues and exponential backoff manage retries reliably and avoid overload. Manual retries or logging alone arent scalable strategies.
Incorrect
Dead-letter queues and exponential backoff manage retries reliably and avoid overload. Manual retries or logging alone arent scalable strategies.
Unattempted
Dead-letter queues and exponential backoff manage retries reliably and avoid overload. Manual retries or logging alone arent scalable strategies.
Question 11 of 60
11. Question
What is the most appropriate error handling mechanism when an integration to an external payment system times out intermittently?
Correct
Exponential backoff with retries is the most scalable and resilient approach when dealing with intermittent timeouts. It reduces load on the system and gives the external service time to recover. Immediate retries can worsen the situation, especially if the external service is under strain. Simply logging the error or notifying support adds latency and doesnt solve the immediate issue. Returning an error to the user directly without retrying may degrade user experience.
Incorrect
Exponential backoff with retries is the most scalable and resilient approach when dealing with intermittent timeouts. It reduces load on the system and gives the external service time to recover. Immediate retries can worsen the situation, especially if the external service is under strain. Simply logging the error or notifying support adds latency and doesnt solve the immediate issue. Returning an error to the user directly without retrying may degrade user experience.
Unattempted
Exponential backoff with retries is the most scalable and resilient approach when dealing with intermittent timeouts. It reduces load on the system and gives the external service time to recover. Immediate retries can worsen the situation, especially if the external service is under strain. Simply logging the error or notifying support adds latency and doesnt solve the immediate issue. Returning an error to the user directly without retrying may degrade user experience.
Question 12 of 60
12. Question
Which technique is most secure for an outbound call from Salesforce to an external system containing sensitive data?
Correct
Mutual TLS ensures both client and server authenticate each other, providing a strong layer of security. It is more robust than sending credentials in headers, even over HTTPS. Query parameters should never contain sensitive data due to logging and caching. Plain HTTP is insecure and should never be used for sensitive information transmission.
Incorrect
Mutual TLS ensures both client and server authenticate each other, providing a strong layer of security. It is more robust than sending credentials in headers, even over HTTPS. Query parameters should never contain sensitive data due to logging and caching. Plain HTTP is insecure and should never be used for sensitive information transmission.
Unattempted
Mutual TLS ensures both client and server authenticate each other, providing a strong layer of security. It is more robust than sending credentials in headers, even over HTTPS. Query parameters should never contain sensitive data due to logging and caching. Plain HTTP is insecure and should never be used for sensitive information transmission.
Question 13 of 60
13. Question
An integration fails due to a downstream service being unavailable. What is the best approach to prevent data loss?
Correct
Storing failed transactions in a retry queue allows the system to retry the request once the service is available again, preventing data loss. Discarding the data is unacceptable for reliability. Simply notifying users or logging without retry logic doesnt ensure recovery. Retry queues are essential for building resilient integrations.
Incorrect
Storing failed transactions in a retry queue allows the system to retry the request once the service is available again, preventing data loss. Discarding the data is unacceptable for reliability. Simply notifying users or logging without retry logic doesnt ensure recovery. Retry queues are essential for building resilient integrations.
Unattempted
Storing failed transactions in a retry queue allows the system to retry the request once the service is available again, preventing data loss. Discarding the data is unacceptable for reliability. Simply notifying users or logging without retry logic doesnt ensure recovery. Retry queues are essential for building resilient integrations.
Question 14 of 60
14. Question
Which of the following should be considered when designing a scalable API solution for high-traffic use cases?
Correct
Caching reduces unnecessary load, and rate limiting protects APIs from being overwhelmed. Synchronous processing alone does not scale well under heavy load. Polling adds inefficiency and complexity. Hard-coded delays can introduce performance bottlenecks and are not scalable.
Incorrect
Caching reduces unnecessary load, and rate limiting protects APIs from being overwhelmed. Synchronous processing alone does not scale well under heavy load. Polling adds inefficiency and complexity. Hard-coded delays can introduce performance bottlenecks and are not scalable.
Unattempted
Caching reduces unnecessary load, and rate limiting protects APIs from being overwhelmed. Synchronous processing alone does not scale well under heavy load. Polling adds inefficiency and complexity. Hard-coded delays can introduce performance bottlenecks and are not scalable.
Question 15 of 60
15. Question
In designing error handling for a real-time integration, what is a best practice?
Correct
Catching exceptions and logging meaningful errors helps diagnose issues while preserving system stability. Failing silently or throwing unhandled exceptions leads to unpredictable behavior. Detailed errors may expose sensitive data. Proper error handling ensures reliability and auditability.
Incorrect
Catching exceptions and logging meaningful errors helps diagnose issues while preserving system stability. Failing silently or throwing unhandled exceptions leads to unpredictable behavior. Detailed errors may expose sensitive data. Proper error handling ensures reliability and auditability.
Unattempted
Catching exceptions and logging meaningful errors helps diagnose issues while preserving system stability. Failing silently or throwing unhandled exceptions leads to unpredictable behavior. Detailed errors may expose sensitive data. Proper error handling ensures reliability and auditability.
Question 16 of 60
16. Question
What design factor most influences long-term scalability of an integration solution?
Correct
Event-driven, decoupled systems enable scalable, resilient growth as volume and complexity increase. Utility classes and custom settings are good for maintainability, but not scalability. Manual methods don‘t scale.
Incorrect
Event-driven, decoupled systems enable scalable, resilient growth as volume and complexity increase. Utility classes and custom settings are good for maintainability, but not scalability. Manual methods don‘t scale.
Unattempted
Event-driven, decoupled systems enable scalable, resilient growth as volume and complexity increase. Utility classes and custom settings are good for maintainability, but not scalability. Manual methods don‘t scale.
Question 17 of 60
17. Question
What is a key requirement when designing a secure inbound integration with Salesforce?
Correct
Using encrypted tokens or certificates ensures only trusted systems can access Salesforce. Anonymous access and hard-coded credentials are insecure and should be avoided. Disabling authentication is a critical security risk.
Incorrect
Using encrypted tokens or certificates ensures only trusted systems can access Salesforce. Anonymous access and hard-coded credentials are insecure and should be avoided. Disabling authentication is a critical security risk.
Unattempted
Using encrypted tokens or certificates ensures only trusted systems can access Salesforce. Anonymous access and hard-coded credentials are insecure and should be avoided. Disabling authentication is a critical security risk.
Question 18 of 60
18. Question
When designing a solution expected to scale with business growth, which factor should be prioritized?
Correct
Asynchronous processing and queuing allow for better resource utilization and accommodate high volumes. Hard-coded limits and manual triggers do not scale. Synchronous-only logic can cause bottlenecks. Designing for scale requires elasticity and fault tolerance.
Incorrect
Asynchronous processing and queuing allow for better resource utilization and accommodate high volumes. Hard-coded limits and manual triggers do not scale. Synchronous-only logic can cause bottlenecks. Designing for scale requires elasticity and fault tolerance.
Unattempted
Asynchronous processing and queuing allow for better resource utilization and accommodate high volumes. Hard-coded limits and manual triggers do not scale. Synchronous-only logic can cause bottlenecks. Designing for scale requires elasticity and fault tolerance.
Question 19 of 60
19. Question
If an integration depends on an external system that performs nightly maintenance, what is the best design approach?
Correct
Queuing calls ensures no requests are lost and allows for reliable post-maintenance processing. Allowing failures or retries during downtime risks instability and degraded UX. Disabling the integration doesnt provide recovery.
Incorrect
Queuing calls ensures no requests are lost and allows for reliable post-maintenance processing. Allowing failures or retries during downtime risks instability and degraded UX. Disabling the integration doesnt provide recovery.
Unattempted
Queuing calls ensures no requests are lost and allows for reliable post-maintenance processing. Allowing failures or retries during downtime risks instability and degraded UX. Disabling the integration doesnt provide recovery.
Question 20 of 60
20. Question
A secure integration from a third-party system into Salesforce should avoid which of the following?
Correct
Sending credentials in query parameters is insecure because URLs can be logged and cached. OAuth and certificate-based authentication are more secure. Basic auth over HTTPS is acceptable but less preferred than token-based auth.
Incorrect
Sending credentials in query parameters is insecure because URLs can be logged and cached. OAuth and certificate-based authentication are more secure. Basic auth over HTTPS is acceptable but less preferred than token-based auth.
Unattempted
Sending credentials in query parameters is insecure because URLs can be logged and cached. OAuth and certificate-based authentication are more secure. Basic auth over HTTPS is acceptable but less preferred than token-based auth.
Question 21 of 60
21. Question
Which approach best ensures resiliency in integrations when external systems undergo planned maintenance?
Correct
Durable messaging helps maintain data integrity during system outages. While point-to-point APIs are simple, they lack fault tolerance. Retry logic without alerts can lead to silent failures. Scheduled integration with failover ensures resiliency and minimizes business disruption. It allows processing to continue or recover gracefully. Event-driven methods also help but require broader architecture changes.
Incorrect
Durable messaging helps maintain data integrity during system outages. While point-to-point APIs are simple, they lack fault tolerance. Retry logic without alerts can lead to silent failures. Scheduled integration with failover ensures resiliency and minimizes business disruption. It allows processing to continue or recover gracefully. Event-driven methods also help but require broader architecture changes.
Unattempted
Durable messaging helps maintain data integrity during system outages. While point-to-point APIs are simple, they lack fault tolerance. Retry logic without alerts can lead to silent failures. Scheduled integration with failover ensures resiliency and minimizes business disruption. It allows processing to continue or recover gracefully. Event-driven methods also help but require broader architecture changes.
Question 22 of 60
22. Question
What is a common approach to handle integration downtime during system upgrades?
Correct
Queue-based systems help decouple components and absorb traffic spikes or outages. Dead-letter queues ensure failed messages are captured for later inspection and retry. Simply deferring integration can result in data loss or business disruption. While batch jobs help, they often lack real-time error handling. Synchronous APIs are vulnerable to downtime unless protected with retries and timeouts.
Incorrect
Queue-based systems help decouple components and absorb traffic spikes or outages. Dead-letter queues ensure failed messages are captured for later inspection and retry. Simply deferring integration can result in data loss or business disruption. While batch jobs help, they often lack real-time error handling. Synchronous APIs are vulnerable to downtime unless protected with retries and timeouts.
Unattempted
Queue-based systems help decouple components and absorb traffic spikes or outages. Dead-letter queues ensure failed messages are captured for later inspection and retry. Simply deferring integration can result in data loss or business disruption. While batch jobs help, they often lack real-time error handling. Synchronous APIs are vulnerable to downtime unless protected with retries and timeouts.
Question 23 of 60
23. Question
When designing for high availability in integrations, which factor is most critical?
Correct
Load balancing and redundancy help distribute traffic and provide failover if a system fails. High availability focuses on continuous operations, which isn‘t guaranteed by simplified code or using a single vendor. Scalability supports growth, but without redundancy, it doesn‘t ensure uptime. Resilient architecture must include mechanisms for fault tolerance and traffic rerouting.
Incorrect
Load balancing and redundancy help distribute traffic and provide failover if a system fails. High availability focuses on continuous operations, which isn‘t guaranteed by simplified code or using a single vendor. Scalability supports growth, but without redundancy, it doesn‘t ensure uptime. Resilient architecture must include mechanisms for fault tolerance and traffic rerouting.
Unattempted
Load balancing and redundancy help distribute traffic and provide failover if a system fails. High availability focuses on continuous operations, which isn‘t guaranteed by simplified code or using a single vendor. Scalability supports growth, but without redundancy, it doesn‘t ensure uptime. Resilient architecture must include mechanisms for fault tolerance and traffic rerouting.
Question 24 of 60
24. Question
A company needs to ensure their integration can survive API schema changes. Which practice supports this requirement?
Correct
Schema mediation allows one system to adapt to another‘s schema changes without breaking the integration. It provides abstraction layers to manage changes flexibly. Strict typing causes breakage on minor changes. Versioning helps, but it doesn‘t prevent issues if consuming apps can‘t handle schema differences. JSON conversion is useful but doesnt inherently protect against structural changes.
Incorrect
Schema mediation allows one system to adapt to another‘s schema changes without breaking the integration. It provides abstraction layers to manage changes flexibly. Strict typing causes breakage on minor changes. Versioning helps, but it doesn‘t prevent issues if consuming apps can‘t handle schema differences. JSON conversion is useful but doesnt inherently protect against structural changes.
Unattempted
Schema mediation allows one system to adapt to another‘s schema changes without breaking the integration. It provides abstraction layers to manage changes flexibly. Strict typing causes breakage on minor changes. Versioning helps, but it doesn‘t prevent issues if consuming apps can‘t handle schema differences. JSON conversion is useful but doesnt inherently protect against structural changes.
Question 25 of 60
25. Question
What enables integrations to gracefully degrade during failures?
Correct
Circuit breakers detect failing services and prevent continuous retries, enabling fallback strategies that maintain partial functionality. Break-glass procedures are for manual emergency access, not automatic degradation. System refreshes improve data but dont assist during real-time failures. Raw API responses can aid debugging but dont mitigate the impact of failed services.
Incorrect
Circuit breakers detect failing services and prevent continuous retries, enabling fallback strategies that maintain partial functionality. Break-glass procedures are for manual emergency access, not automatic degradation. System refreshes improve data but dont assist during real-time failures. Raw API responses can aid debugging but dont mitigate the impact of failed services.
Unattempted
Circuit breakers detect failing services and prevent continuous retries, enabling fallback strategies that maintain partial functionality. Break-glass procedures are for manual emergency access, not automatic degradation. System refreshes improve data but dont assist during real-time failures. Raw API responses can aid debugging but dont mitigate the impact of failed services.
Question 26 of 60
26. Question
What design consideration improves resiliency against unexpected spikes in traffic?
Correct
API gateways help manage load by enforcing throttling and rate limiting, protecting downstream systems. Including tokens in the body violates security best practices. Extending timeouts can delay response and doesn‘t manage load. Single-threaded batch processing reduces throughput and increases failure risks. Throttling ensures systems stay performant under load.
Incorrect
API gateways help manage load by enforcing throttling and rate limiting, protecting downstream systems. Including tokens in the body violates security best practices. Extending timeouts can delay response and doesn‘t manage load. Single-threaded batch processing reduces throughput and increases failure risks. Throttling ensures systems stay performant under load.
Unattempted
API gateways help manage load by enforcing throttling and rate limiting, protecting downstream systems. Including tokens in the body violates security best practices. Extending timeouts can delay response and doesn‘t manage load. Single-threaded batch processing reduces throughput and increases failure risks. Throttling ensures systems stay performant under load.
Question 27 of 60
27. Question
How should error handling be designed in a fault-tolerant integration?
Correct
Exponential backoff reduces the load on failing systems by spacing out retries intelligently. Infinite retries risk overwhelming systems. Logging alone is not sufficient without corrective logic. Halting after one error is inefficient in batch or high-volume processing. Well-designed retries ensure recovery without cascading failures.
Incorrect
Exponential backoff reduces the load on failing systems by spacing out retries intelligently. Infinite retries risk overwhelming systems. Logging alone is not sufficient without corrective logic. Halting after one error is inefficient in batch or high-volume processing. Well-designed retries ensure recovery without cascading failures.
Unattempted
Exponential backoff reduces the load on failing systems by spacing out retries intelligently. Infinite retries risk overwhelming systems. Logging alone is not sufficient without corrective logic. Halting after one error is inefficient in batch or high-volume processing. Well-designed retries ensure recovery without cascading failures.
Question 28 of 60
28. Question
Which monitoring metric is MOST helpful to detect potential integration failure patterns?
Correct
Monitoring API latency trends reveals degradation in system responsiveness, which may indicate issues. User sessions and storage are less directly related to integration health. Report frequency isn‘t indicative of real-time system status. Latency data allows proactive detection of bottlenecks or outages.
Incorrect
Monitoring API latency trends reveals degradation in system responsiveness, which may indicate issues. User sessions and storage are less directly related to integration health. Report frequency isn‘t indicative of real-time system status. Latency data allows proactive detection of bottlenecks or outages.
Unattempted
Monitoring API latency trends reveals degradation in system responsiveness, which may indicate issues. User sessions and storage are less directly related to integration health. Report frequency isn‘t indicative of real-time system status. Latency data allows proactive detection of bottlenecks or outages.
Question 29 of 60
29. Question
For high-volume API integrations, which metric is best for assessing real-time performance?
Correct
API response time and throughput directly measure integration performance, especially under load. Login and token metrics relate to security, not integration speed. Record counts help understand volume, but not real-time processing. Monitoring these helps ensure SLAs are met.
Incorrect
API response time and throughput directly measure integration performance, especially under load. Login and token metrics relate to security, not integration speed. Record counts help understand volume, but not real-time processing. Monitoring these helps ensure SLAs are met.
Unattempted
API response time and throughput directly measure integration performance, especially under load. Login and token metrics relate to security, not integration speed. Record counts help understand volume, but not real-time processing. Monitoring these helps ensure SLAs are met.
Question 30 of 60
30. Question
When an integration is failing sporadically, what monitoring strategy helps pinpoint the issue?
Correct
Correlating logs across components allows end-to-end tracing of issues, helping identify root causes. Plain text logs may breach compliance and aren‘t scalable. CPU metrics alone miss application-level problems. Logging only failures can miss intermittent context needed for resolution. Cross-system correlation offers complete visibility.
Incorrect
Correlating logs across components allows end-to-end tracing of issues, helping identify root causes. Plain text logs may breach compliance and aren‘t scalable. CPU metrics alone miss application-level problems. Logging only failures can miss intermittent context needed for resolution. Cross-system correlation offers complete visibility.
Unattempted
Correlating logs across components allows end-to-end tracing of issues, helping identify root causes. Plain text logs may breach compliance and aren‘t scalable. CPU metrics alone miss application-level problems. Logging only failures can miss intermittent context needed for resolution. Cross-system correlation offers complete visibility.
Question 31 of 60
31. Question
How should you version APIs to avoid breaking changes?
Correct
Using a versioned path isolates changes and allows consumers to adopt updates safely. Silent changes and unannounced updates break integrations. Immediate deprecation does not allow transition time.
Incorrect
Using a versioned path isolates changes and allows consumers to adopt updates safely. Silent changes and unannounced updates break integrations. Immediate deprecation does not allow transition time.
Unattempted
Using a versioned path isolates changes and allows consumers to adopt updates safely. Silent changes and unannounced updates break integrations. Immediate deprecation does not allow transition time.
Question 32 of 60
32. Question
Which standard ensures message integrity and confidentiality in B2B communication between systems?
Correct
WS-Security is a standard specifically designed to ensure message integrity and confidentiality in SOAP-based B2B interactions. HTTPS only secures the transport layer, not the message itself. OAuth 2.0 is for authorization, and JWE is a format used to encrypt content, not a communication protocol by itself.
Incorrect
WS-Security is a standard specifically designed to ensure message integrity and confidentiality in SOAP-based B2B interactions. HTTPS only secures the transport layer, not the message itself. OAuth 2.0 is for authorization, and JWE is a format used to encrypt content, not a communication protocol by itself.
Unattempted
WS-Security is a standard specifically designed to ensure message integrity and confidentiality in SOAP-based B2B interactions. HTTPS only secures the transport layer, not the message itself. OAuth 2.0 is for authorization, and JWE is a format used to encrypt content, not a communication protocol by itself.
Question 33 of 60
33. Question
In designing a secure solution, when should Transport Layer Security (TLS) be applied?
Correct
TLS is essential for securing data in transit, ensuring it is encrypted during transmission over networks. It does not apply to data at rest and is unrelated to API usage metrics. Internal APIs may still require TLS if accessed over untrusted networks.
Incorrect
TLS is essential for securing data in transit, ensuring it is encrypted during transmission over networks. It does not apply to data at rest and is unrelated to API usage metrics. Internal APIs may still require TLS if accessed over untrusted networks.
Unattempted
TLS is essential for securing data in transit, ensuring it is encrypted during transmission over networks. It does not apply to data at rest and is unrelated to API usage metrics. Internal APIs may still require TLS if accessed over untrusted networks.
Question 34 of 60
34. Question
What should you consider when selecting an encryption method for integration?
Correct
Data sensitivity and compliance requirements dictate which encryption methods are acceptable. While architecture and data format influence implementation, they don‘t define security needs. Key management is critical, but without understanding sensitivity/compliance, encryption may be insufficient.
Incorrect
Data sensitivity and compliance requirements dictate which encryption methods are acceptable. While architecture and data format influence implementation, they don‘t define security needs. Key management is critical, but without understanding sensitivity/compliance, encryption may be insufficient.
Unattempted
Data sensitivity and compliance requirements dictate which encryption methods are acceptable. While architecture and data format influence implementation, they don‘t define security needs. Key management is critical, but without understanding sensitivity/compliance, encryption may be insufficient.
Question 35 of 60
35. Question
In an integration involving sensitive healthcare data, which standard is crucial for compliance?
Correct
HIPAA is mandatory for systems handling protected health information (PHI). PCI-DSS applies to payment data, ISO 27001 is a general security framework, and SOC 2 focuses on service organization controls. Choosing the wrong standard risks compliance violations.
Incorrect
HIPAA is mandatory for systems handling protected health information (PHI). PCI-DSS applies to payment data, ISO 27001 is a general security framework, and SOC 2 focuses on service organization controls. Choosing the wrong standard risks compliance violations.
Unattempted
HIPAA is mandatory for systems handling protected health information (PHI). PCI-DSS applies to payment data, ISO 27001 is a general security framework, and SOC 2 focuses on service organization controls. Choosing the wrong standard risks compliance violations.
Question 36 of 60
36. Question
Which of the following helps secure integrations through data masking at runtime?
Correct
Field-Level Security allows administrators to control visibility of sensitive data at runtime, effectively masking it. TLS encrypts in transit, OAuth scopes limit access to APIs, and Shield Encryption focuses on at-rest encryption rather than dynamic masking.
Incorrect
Field-Level Security allows administrators to control visibility of sensitive data at runtime, effectively masking it. TLS encrypts in transit, OAuth scopes limit access to APIs, and Shield Encryption focuses on at-rest encryption rather than dynamic masking.
Unattempted
Field-Level Security allows administrators to control visibility of sensitive data at runtime, effectively masking it. TLS encrypts in transit, OAuth scopes limit access to APIs, and Shield Encryption focuses on at-rest encryption rather than dynamic masking.
Question 37 of 60
37. Question
Which approach ensures non-repudiation in an integration system?
Correct
Signed message payloads ensure non-repudiation by allowing verification that a message truly came from the sender and was not altered. TLS and IP whitelisting protect transmission and access but dont provide verifiable origin. Logs can be altered and are not cryptographically secure.
Incorrect
Signed message payloads ensure non-repudiation by allowing verification that a message truly came from the sender and was not altered. TLS and IP whitelisting protect transmission and access but dont provide verifiable origin. Logs can be altered and are not cryptographically secure.
Unattempted
Signed message payloads ensure non-repudiation by allowing verification that a message truly came from the sender and was not altered. TLS and IP whitelisting protect transmission and access but dont provide verifiable origin. Logs can be altered and are not cryptographically secure.
Question 38 of 60
38. Question
Which is most appropriate for secure synchronous communication with external systems?
Correct
SOAP with WS-Security supports rich security mechanisms including encryption, signing, and authentication for synchronous communications. Webhooks and Platform Events are inherently asynchronous. Apex Callouts are not secure by default and depend on configuration.
Incorrect
SOAP with WS-Security supports rich security mechanisms including encryption, signing, and authentication for synchronous communications. Webhooks and Platform Events are inherently asynchronous. Apex Callouts are not secure by default and depend on configuration.
Unattempted
SOAP with WS-Security supports rich security mechanisms including encryption, signing, and authentication for synchronous communications. Webhooks and Platform Events are inherently asynchronous. Apex Callouts are not secure by default and depend on configuration.
Question 39 of 60
39. Question
Whats the best method to handle secret storage in Salesforce integrations?
Correct
Named Credentials offer secure, built-in handling of credentials with authentication support, encryption, and permission controls. Custom Metadata and Settings are accessible via Apex and not encrypted by default. Static Resources are visible in org files and should not contain secrets.
Incorrect
Named Credentials offer secure, built-in handling of credentials with authentication support, encryption, and permission controls. Custom Metadata and Settings are accessible via Apex and not encrypted by default. Static Resources are visible in org files and should not contain secrets.
Unattempted
Named Credentials offer secure, built-in handling of credentials with authentication support, encryption, and permission controls. Custom Metadata and Settings are accessible via Apex and not encrypted by default. Static Resources are visible in org files and should not contain secrets.
Question 40 of 60
40. Question
What pattern should be used to minimize exposure of sensitive data during logging?
Correct
Masking sensitive fields before writing to logs ensures that personally identifiable information (PII) or confidential data is not inadvertently exposed. Encrypting logs helps but doesn‘t prevent the storage of sensitive data. Public cloud folders are insecure, and logging all payloads increases exposure risk.
Incorrect
Masking sensitive fields before writing to logs ensures that personally identifiable information (PII) or confidential data is not inadvertently exposed. Encrypting logs helps but doesn‘t prevent the storage of sensitive data. Public cloud folders are insecure, and logging all payloads increases exposure risk.
Unattempted
Masking sensitive fields before writing to logs ensures that personally identifiable information (PII) or confidential data is not inadvertently exposed. Encrypting logs helps but doesn‘t prevent the storage of sensitive data. Public cloud folders are insecure, and logging all payloads increases exposure risk.
Question 41 of 60
41. Question
Whats a key consideration when Salesforce acts as an API provider?
Correct
Respecting rate limits ensures stability and prevents denial-of-service attacks. Detailed error messages might expose system details. Named Credentials are helpful and should not be avoided. Not all use cases require synchronous APIs.
Incorrect
Respecting rate limits ensures stability and prevents denial-of-service attacks. Detailed error messages might expose system details. Named Credentials are helpful and should not be avoided. Not all use cases require synchronous APIs.
Unattempted
Respecting rate limits ensures stability and prevents denial-of-service attacks. Detailed error messages might expose system details. Named Credentials are helpful and should not be avoided. Not all use cases require synchronous APIs.
Question 42 of 60
42. Question
In designing a REST API to be consumed by Salesforce, which is a best practice?
Correct
JSON and HTTP methods (GET, POST, etc.) are the REST standard and easily consumed by Salesforce. XML is less performant, CORS should be restricted, and disabling authentication creates security risks.
Incorrect
JSON and HTTP methods (GET, POST, etc.) are the REST standard and easily consumed by Salesforce. XML is less performant, CORS should be restricted, and disabling authentication creates security risks.
Unattempted
JSON and HTTP methods (GET, POST, etc.) are the REST standard and easily consumed by Salesforce. XML is less performant, CORS should be restricted, and disabling authentication creates security risks.
Question 43 of 60
43. Question
Which is the correct handling for a 429 (Too Many Requests) error in an integration?
Correct
Exponential backoff respects rate limits and prevents request storms. Retrying immediately or ignoring the error leads to more failures. Removing auth headers is unrelated and could break security.
Incorrect
Exponential backoff respects rate limits and prevents request storms. Retrying immediately or ignoring the error leads to more failures. Removing auth headers is unrelated and could break security.
Unattempted
Exponential backoff respects rate limits and prevents request storms. Retrying immediately or ignoring the error leads to more failures. Removing auth headers is unrelated and could break security.
Question 44 of 60
44. Question
What method helps Salesforce consume external REST APIs more securely?
Correct
Named Credentials abstract away endpoints and handle OAuth securely. Hardcoded URLs and static resources expose risks, while manual session handling adds unnecessary complexity.
Incorrect
Named Credentials abstract away endpoints and handle OAuth securely. Hardcoded URLs and static resources expose risks, while manual session handling adds unnecessary complexity.
Unattempted
Named Credentials abstract away endpoints and handle OAuth securely. Hardcoded URLs and static resources expose risks, while manual session handling adds unnecessary complexity.
Question 45 of 60
45. Question
Which Salesforce feature is used to define a RESTful API interface natively?
Correct
Apex REST Classes allow developers to create RESTful endpoints in Salesforce. Visualforce and Lightning Components are for UI, and Platform Events are event-driven, not request-response.
Incorrect
Apex REST Classes allow developers to create RESTful endpoints in Salesforce. Visualforce and Lightning Components are for UI, and Platform Events are event-driven, not request-response.
Unattempted
Apex REST Classes allow developers to create RESTful endpoints in Salesforce. Visualforce and Lightning Components are for UI, and Platform Events are event-driven, not request-response.
Question 46 of 60
46. Question
What is the most secure method for outbound API authentication from Salesforce to an external system?
Correct
Mutual TLS (mTLS) is the most secure option as it uses certificates on both the client and server side to establish trust. OAuth and JWT provide token-based authentication but may be vulnerable if token security isn‘t managed correctly. Basic Authentication is not secure due to static credentials, and Session ID via URL parameter is highly discouraged due to logging and exposure risks.
Incorrect
Mutual TLS (mTLS) is the most secure option as it uses certificates on both the client and server side to establish trust. OAuth and JWT provide token-based authentication but may be vulnerable if token security isn‘t managed correctly. Basic Authentication is not secure due to static credentials, and Session ID via URL parameter is highly discouraged due to logging and exposure risks.
Unattempted
Mutual TLS (mTLS) is the most secure option as it uses certificates on both the client and server side to establish trust. OAuth and JWT provide token-based authentication but may be vulnerable if token security isn‘t managed correctly. Basic Authentication is not secure due to static credentials, and Session ID via URL parameter is highly discouraged due to logging and exposure risks.
Question 47 of 60
47. Question
Whats the best method to allow Salesforce to consume a rate-limited third-party API?
Correct
Queueing with throttling aligns with rate limits and avoids request rejection. Bursts, hardcoded delays, or long timeouts are brittle and inefficient.
Incorrect
Queueing with throttling aligns with rate limits and avoids request rejection. Bursts, hardcoded delays, or long timeouts are brittle and inefficient.
Unattempted
Queueing with throttling aligns with rate limits and avoids request rejection. Bursts, hardcoded delays, or long timeouts are brittle and inefficient.
Question 48 of 60
48. Question
Which HTTP method is most appropriate for creating a resource via Salesforce callout?
Correct
POST is used to create resources in RESTful APIs. GET retrieves data, PUT replaces, and DELETE removes.
Incorrect
POST is used to create resources in RESTful APIs. GET retrieves data, PUT replaces, and DELETE removes.
Unattempted
POST is used to create resources in RESTful APIs. GET retrieves data, PUT replaces, and DELETE removes.
Question 49 of 60
49. Question
What should be implemented when integrating with systems having intermittent outages?
Correct
Queueing with retries ensures reliability when systems are temporarily unavailable. Real-time-only methods will fail, and increasing polling may overload systems. Disabling APIs is not a viable solution.
Incorrect
Queueing with retries ensures reliability when systems are temporarily unavailable. Real-time-only methods will fail, and increasing polling may overload systems. Disabling APIs is not a viable solution.
Unattempted
Queueing with retries ensures reliability when systems are temporarily unavailable. Real-time-only methods will fail, and increasing polling may overload systems. Disabling APIs is not a viable solution.
Question 50 of 60
50. Question
When Salesforce is an API consumer, how should it handle long-running operations?
Correct
Using callbacks or outbound messaging is better for long-running tasks since it decouples processing. Synchronous calls are prone to timeout, batch retries can overwhelm systems, and cache is not meant for integration control.
Incorrect
Using callbacks or outbound messaging is better for long-running tasks since it decouples processing. Synchronous calls are prone to timeout, batch retries can overwhelm systems, and cache is not meant for integration control.
Unattempted
Using callbacks or outbound messaging is better for long-running tasks since it decouples processing. Synchronous calls are prone to timeout, batch retries can overwhelm systems, and cache is not meant for integration control.
Question 51 of 60
51. Question
When making an outbound call to an external system from Salesforce, what is a best practice to ensure minimal latency?
Correct
Queueing outbound calls with Platform Events is ideal for reducing latency impact on the user experience. Synchronous callouts inside triggers are not allowed and can degrade performance. @future methods are useful but dont offer reliable transaction control. Named Credentials improve security and simplicity but don‘t reduce runtime latency.
Incorrect
Queueing outbound calls with Platform Events is ideal for reducing latency impact on the user experience. Synchronous callouts inside triggers are not allowed and can degrade performance. @future methods are useful but dont offer reliable transaction control. Named Credentials improve security and simplicity but don‘t reduce runtime latency.
Unattempted
Queueing outbound calls with Platform Events is ideal for reducing latency impact on the user experience. Synchronous callouts inside triggers are not allowed and can degrade performance. @future methods are useful but dont offer reliable transaction control. Named Credentials improve security and simplicity but don‘t reduce runtime latency.
Question 52 of 60
52. Question
Which consideration is most critical when the external system being called by Salesforce enforces strict rate limits?
Correct
A governor-aware throttle layer ensures that the outbound calls respect both Salesforce and the external systems limits. Increasing timeouts doesn‘t solve the issue. Retrying too soon can exacerbate rate limit issues. Platform Events add decoupling but don‘t inherently solve throttling.
Incorrect
A governor-aware throttle layer ensures that the outbound calls respect both Salesforce and the external systems limits. Increasing timeouts doesn‘t solve the issue. Retrying too soon can exacerbate rate limit issues. Platform Events add decoupling but don‘t inherently solve throttling.
Unattempted
A governor-aware throttle layer ensures that the outbound calls respect both Salesforce and the external systems limits. Increasing timeouts doesn‘t solve the issue. Retrying too soon can exacerbate rate limit issues. Platform Events add decoupling but don‘t inherently solve throttling.
Question 53 of 60
53. Question
Which is the most scalable approach when Salesforce sends data to a system that can only process one request per second?
Correct
Middleware can queue, throttle, and ensure scalability across distributed systems. Flow delays and batch Apex are not reliable for precise pacing. Direct callouts ignore rate limits and risk failure.
Incorrect
Middleware can queue, throttle, and ensure scalability across distributed systems. Flow delays and batch Apex are not reliable for precise pacing. Direct callouts ignore rate limits and risk failure.
Unattempted
Middleware can queue, throttle, and ensure scalability across distributed systems. Flow delays and batch Apex are not reliable for precise pacing. Direct callouts ignore rate limits and risk failure.
Question 54 of 60
54. Question
Which mechanism is most suitable for outbound data synchronization to systems that must remain highly available?
Correct
Middleware supporting event-driven architecture allows for reliable, real-time delivery with failure recovery and decoupling. Scheduled jobs and outbound messaging cant match its flexibility and reliability. Platform Events require the subscriber to always be up, which isnt always guaranteed.
Incorrect
Middleware supporting event-driven architecture allows for reliable, real-time delivery with failure recovery and decoupling. Scheduled jobs and outbound messaging cant match its flexibility and reliability. Platform Events require the subscriber to always be up, which isnt always guaranteed.
Unattempted
Middleware supporting event-driven architecture allows for reliable, real-time delivery with failure recovery and decoupling. Scheduled jobs and outbound messaging cant match its flexibility and reliability. Platform Events require the subscriber to always be up, which isnt always guaranteed.
Question 55 of 60
55. Question
When choosing the integration method for outbound communication, which factor should be prioritized?
Correct
SLA and data consistency drive the architecture, ensuring the business needs are met. Time to market and developer preferences may lead to suboptimal or non-compliant solutions. Compliance matters but is a subset of overall SLAs and data governance.
Incorrect
SLA and data consistency drive the architecture, ensuring the business needs are met. Time to market and developer preferences may lead to suboptimal or non-compliant solutions. Compliance matters but is a subset of overall SLAs and data governance.
Unattempted
SLA and data consistency drive the architecture, ensuring the business needs are met. Time to market and developer preferences may lead to suboptimal or non-compliant solutions. Compliance matters but is a subset of overall SLAs and data governance.
Question 56 of 60
56. Question
When should Apex callouts be avoided for outbound communication?
Correct
Long-running, blocking operations should not be handled with Apex callouts because of timeout and performance constraints. Small payloads and REST support are not blockers. If asynchronous behavior is acceptable, alternative patterns are more effective.
Incorrect
Long-running, blocking operations should not be handled with Apex callouts because of timeout and performance constraints. Small payloads and REST support are not blockers. If asynchronous behavior is acceptable, alternative patterns are more effective.
Unattempted
Long-running, blocking operations should not be handled with Apex callouts because of timeout and performance constraints. Small payloads and REST support are not blockers. If asynchronous behavior is acceptable, alternative patterns are more effective.
Question 57 of 60
57. Question
Which pattern helps prevent request failures due to temporary unavailability of the external system?
Correct
Queueing with delay and retry provides resilience and reduces strain on systems. Immediate retries can lead to cascading failures. Longer timeouts dont solve availability issues. Avoiding callouts altogether may not fulfill business needs.
Incorrect
Queueing with delay and retry provides resilience and reduces strain on systems. Immediate retries can lead to cascading failures. Longer timeouts dont solve availability issues. Avoiding callouts altogether may not fulfill business needs.
Unattempted
Queueing with delay and retry provides resilience and reduces strain on systems. Immediate retries can lead to cascading failures. Longer timeouts dont solve availability issues. Avoiding callouts altogether may not fulfill business needs.
Question 58 of 60
58. Question
How should you manage secrets when making outbound integrations from Salesforce?
Correct
Named Credentials integrated with external secret managers offer secure, scalable handling of secrets. Hardcoding is insecure, and Custom Metadata or Protected Settings dont meet compliance-grade secrecy standards.
Incorrect
Named Credentials integrated with external secret managers offer secure, scalable handling of secrets. Hardcoding is insecure, and Custom Metadata or Protected Settings dont meet compliance-grade secrecy standards.
Unattempted
Named Credentials integrated with external secret managers offer secure, scalable handling of secrets. Hardcoding is insecure, and Custom Metadata or Protected Settings dont meet compliance-grade secrecy standards.
Question 59 of 60
59. Question
When integrating Salesforce with a legacy SOAP-based system, which outbound approach is ideal?
Correct
SOAP Callouts with WSDL ensure compatibility with legacy systems using SOAP. REST and Platform Events dont natively support SOAP, and Salesforce Connect is for data virtualization, not direct message exchange.
Incorrect
SOAP Callouts with WSDL ensure compatibility with legacy systems using SOAP. REST and Platform Events dont natively support SOAP, and Salesforce Connect is for data virtualization, not direct message exchange.
Unattempted
SOAP Callouts with WSDL ensure compatibility with legacy systems using SOAP. REST and Platform Events dont natively support SOAP, and Salesforce Connect is for data virtualization, not direct message exchange.
Question 60 of 60
60. Question
For scalable outbound integration in a high-volume org, which design consideration is most critical?
Correct
Asynchronous architecture allows scalability and reliability under load. Static variables and recursion help avoid duplication but dont directly address scaling. Governor awareness is important but insufficient without architectural decisions.
Incorrect
Asynchronous architecture allows scalability and reliability under load. Static variables and recursion help avoid duplication but dont directly address scaling. Governor awareness is important but insufficient without architectural decisions.
Unattempted
Asynchronous architecture allows scalability and reliability under load. Static variables and recursion help avoid duplication but dont directly address scaling. Governor awareness is important but insufficient without architectural decisions.
X
Use Page numbers below to navigate to other practice tests
