Why A is correct: Platform Events can be delivered via CometD over TLS to external endpoints; verifying secure webhook delivery to Kafka proxy is essential. Why B is wrong: Bulk API is for batch, not real-time streaming. Why C is wrong: CDC uses CometD, not REST; TLS support must be confirmed. Why D is wrong: SOAP API isn’t used to push directly to Kafka.

Option 1 is correct because tight coupling means systems directly rely on each other’s structure, availability, and response format. The other options introduce loose coupling and decouple system logic.

Option 1 is correct because message queues allow one system to continue processing even if the other is temporarily offline. The other methods require immediate response and fail if any system is unavailable.

Option 1 is correct because the JWT Bearer Flow is specifically designed for secure, headless, server-to-server integrations where no interactive login is required. Option 2 requires a browser-based session. Option 3 is intended for user authentication via identity providers. Option 4 uses credentials directly and is less secure and more error-prone in automated server scenarios.

Option 1 is correct because Named Credentials securely manage authentication details and simplify integration configuration by abstracting endpoint and token logic. Option 2 adds unnecessary complexity and manual effort. Option 3 is a serious security risk and poor practice. Option 4 is incorrect, as token refresh still needs to be handled properly depending on the flow used.

Option 1 is correct because validating a token through introspection ensures it’s still active and issued by a trusted source. Option 2 assumes all tokens are valid, which is a security flaw. Option 3 exposes sensitive credentials unnecessarily. Option 4 can introduce significant risk and opens the system to misuse or privilege escalation.

Option 1 is correct because HIPAA mandates strict encryption standards for protected health information, both while stored and while transmitted between systems. Option 2 is related to performance, not security. Option 3 does not guarantee security or compliance. Option 4 is irrelevant to HIPAA and may introduce access risks without added benefit.

Option 1 is correct because permission sets can be assigned to control access to external calls via Named Credentials, ensuring only authorized users or processes can invoke them. Option 2 restricts data visibility but not integration logic. Option 3 is an insecure practice. Option 4 secures data, but does not control user access to external endpoints.

Option 2 is correct because the User-Agent flow enables end users to authenticate through the browser, often involving a third-party IdP. Option 1 is for server-to-server integration and not suited for UI-based flows. Option 3 exposes credentials and should be avoided where possible. Option 4 doesn‘t support user authentication directly.

Option 3 is correct because identifying the integration patterns and scalability of the middleware helps determine whether it can meet the demands of the current and future integration needs. Option 1 focuses on UI, which is irrelevant for backend system evaluations. Option 2 is a user behavior metric and not a technical constraint. Option 4 measures usage, not system compatibility.

Why A is correct: For real-time SOAP-based integration, ensuring the Salesforce outbound call can traverse the firewall to reach the on-premises SOAP endpoint is a critical boundary check. Why B is wrong: The ERP supports only SOAP 1.1; REST support is irrelevant here. Why C is wrong: Salesforce cannot call proprietary protocols unsupported by the ERP. Why D is wrong: ERP database type does not impact protocol-level integration.

Why B is correct: The key limitation is that Salesforce Bulk API v2 supports CSV by default; JSON export isn’t natively supported, so the architect must plan for conversion or middleware. Why A is wrong: CSV support by the warehouse is moot if Salesforce cannot output JSON. Why C is wrong: Export Service is for reports and not ideal for large nightly loads. Why D is wrong: Database vendor doesn’t dictate JSON format requirement.

Why C is correct: Enabling OAuth JWT flow requires that the IDP can generate a JWT with Salesforce’s audience and signing algorithm; verifying IDP capability is essential. Why A is wrong: While IP restrictions matter, JWT flow specifically requires IDP JWT issuance. Why B is wrong: JWT flow uses REST endpoints; SOAP version is irrelevant. Why D is wrong: VLAN segmentation is a network concern but secondary to authentication capability.

Why A is correct: Legacy middleware may fail on SOAP messages containing XML namespaces; understanding default namespace usage in Salesforce SOAP responses is critical. Why B is wrong: Platform events focus on JSON over CometD; not relevant to XML middleware. Why C is wrong: Streaming API doesn’t support XML. Why D is wrong: Middleware runtime version doesn’t affect XML parsing capabilities.

Why D is correct: The key is whether the managed HL7 connector can generate correct v2 messages conforming to HL7 standards; verifying connector capability is crucial. Why A is wrong: CSV import is unrelated to HL7 messaging. Why B is wrong: Email-to-case doesn’t produce HL7 messages. Why C is wrong: Community licenses are unrelated to HL7 standards.

Option 1 is correct because user-triggered API calls suggest a synchronous, real-time interaction between systems. The other options all involve delayed or scheduled processes that are not real-time.

Why B is correct: Batch Apex calling external services consumes API callouts; auditing existing callout patterns helps predict limit consumption. Why A is wrong: UI component size doesn’t impact API usage. Why C is wrong: User logins don’t count against API callout limits. Why D is wrong: Visualforce complexity affects rendering, not API limits.

Why A is correct: Schema differences directly affect data mapping and transformation logic; documenting these boundaries is essential for synchronization. Why B is wrong: Chatter groups are unrelated to data schema. Why C is wrong: Refresh schedules don’t impact schema alignment. Why D is wrong: Login hours don’t affect schema or integration.

Why C is correct: REST API calls cannot exceed payload size; confirming record and field payload sizes ensures requests remain within middleware limits. Why A is wrong: UI cache is unrelated to request payload. Why B is wrong: Analytics availability is unrelated to API payload size. Why D is wrong: Login URL formats don’t affect payload size.

Why A is correct: The nightly batch window dictates data latency; to meet sub-hourly requirements, the integration timing must be re-evaluated or replaced with real-time mechanisms. Why B is incorrect: Indexing affects query performance but doesn’t change integration frequency. Why C is incorrect: UI complexity doesn’t influence back-end update schedules. Why D is incorrect: Sandboxes are for development/testing, not production sync.

Why B is correct: Middleware polling cadence directly affects alert timeliness; reducing the interval or switching to event-driven integration addresses the requirement. Why A is incorrect: Report export size is irrelevant to polling behavior. Why C is incorrect: Chatter settings do not control opportunity event capture. Why D is incorrect: Currency codes do not impact integration latency.

Why C is correct: If the ERP lacks a REST endpoint, switching to REST is infeasible; understanding supported protocols is essential before design. Why A is incorrect: Session timeouts affect session longevity but not protocol support. Why B is incorrect: Desktop clients are unrelated to server-to-server integration. Why D is incorrect: DNS TTL impacts caching, not API protocol compatibility.

Why A is correct: The event bus’s max EPS is below requirement; capacity planning or clustering must be re-architected to handle load. Why B is incorrect: Object field count has negligible effect on event ingestion rate. Why C is incorrect: Controller complexity affects UI, not backend event processing. Why D is incorrect: Browser HTML support doesn’t relate to server throughput.

Why D is correct: Salesforce enforces DML batch sizes (default 200); any bulk deletion must respect or work around this governor limit. Why A is incorrect: Client-side frameworks don’t affect server-side DML limits. Why B is incorrect: Record types don’t alter delete operation limits. Why C is incorrect: Mobile app version is irrelevant to batch processing.

Why A is correct: Protocol mismatch between MQTT and HTTPS hooks is a fundamental boundary; identifying middleware extensibility is key to integration feasibility. Why B is incorrect: UI framework has no bearing on middleware protocols. Why C is incorrect: Mobile OS support relates to client apps, not middleware-partner protocols. Why D is incorrect: Email whitelisting is unrelated to streaming protocols.

Why C is correct: Without TLS encryption, PII data is exposed; enabling HTTPS is a non-negotiable security requirement. Why A is incorrect: Help text size does not affect encryption. Why B is incorrect: Choice of Apex vs Flow is unrelated to transport security. Why D is incorrect: Timezones affect data timestamps, not encryption.

Why B is correct: Direct DB writes and Apex callouts can conflict, causing locks; understanding isolation levels is critical to avoid sync failures. Why A is incorrect: UI theming has no impact on DB transactions. Why C is incorrect: Redirect whitelists affect web flows, not DB integration. Why D is incorrect: Mobile SDK capacity doesn’t relate to database sync.

Why D is correct: REST API imposes limits on returned rows per call; inefficient pagination can slow responses. Why A is incorrect: Attachment size is unrelated to REST query performance. Why B is incorrect: Chatter volume per record doesn’t affect metric queries. Why C is incorrect: Sharing model influences data visibility, not query throughput.

Why A is correct: Salesforce record IDs are org-specific; without an MDM layer or domain model, synthesizing a global unique ID is challenging. Why B is incorrect: Page layouts are UI concerns, not data unification. Why C is incorrect: Group names don’t affect account data. Why D is incorrect: Sandbox templates relate to dev environments, not production data consistency.

Why A is correct: The Authorization Code Grant with PKCE is optimized for mobile apps, securely exchanging tokens via the IdP and honoring Salesforce user context and permissions. It minimizes exposure of client secrets and aligns with best practices for native applications. Why B is wrong: Username–Password flow requires embedding credentials and doesn’t leverage the IdP or user’s interactive login. Why C is wrong: SAML Web SSO works for browser-based SSO but isn’t designed for native mobile SDK flow. Why D is wrong: JWT Bearer flow is intended for server-to-server without user interaction, not interactive mobile logins.

Option 1 is correct because batch updates prevent real-time data exchange, meaning business decisions may be made on outdated data. Option 2 refers to analytics, which is not caused by the integration pattern itself. Option 3 is a security concern, not an integration pattern issue. Option 4 deals with licensing and doesn’t impact data flow constraints.

Option 2 is correct because APIs allow real-time, accurate, and centralized data sharing across teams, supporting collaboration and consistency. Option 1 creates fragmentation. Option 3 is outdated and cannot support scale. Option 4 perpetuates data silos, undermining unified efforts.

Option 2 is correct because near real-time updates ensure that the forecast reflects current pipeline changes, improving planning accuracy. Option 1 results in stale data. Option 3 delays inputs, reducing responsiveness. Option 4 addresses access but not data quality or timeliness.

Option 2 is correct because CRM users need visibility into all case types—open and historical—to deliver personalized service. Option 1 limits historical visibility. Option 3 is operational data unrelated to CRM success. Option 4 provides partial interaction data and omits inbound activities.

Option 2 is correct because lack of integration causes incomplete data flows, creating gaps in CRM analytics and decision-making. Option 1 affects presentation, not insight. Option 3 is cosmetic. Option 4 is a user admin issue, not related to data.

Option 2 is correct because field reps need seamless mobile access and automated synchronization to use CRM effectively in real-time. Option 1 is time-consuming. Option 3 is inefficient and error-prone. Option 4 limits flexibility and delays updates.

Option 1 is correct because a fast-growing business must ensure their integration platform can handle rising API calls, data throughput, and user interactions. Option 2 is irrelevant to backend scalability. Option 3 lacks flexibility for global teams. Option 4 doesn‘t reflect modern distributed teams.

Option 2 is correct because regulations like GDPR, HIPAA, and CCPA mandate how data must be stored, accessed, and deleted, which must be considered when architecting integrations. Option 1 may be influenced but is a security detail, not the primary compliance layer. Option 3 is UI-focused. Option 4 is not supported by regulations.

Option 1 is correct because as companies scale globally, integrations must support regional differences in currency, language, and regulations. Option 2 limits scaling potential. Option 3 may conflict with regional compliance. Option 4 can’t support real-time international operations.

Option 2 is correct because audit logs provide visibility into data usage and changes, critical for proving compliance and identifying breaches. The other options are unrelated to governance, data integrity, or regulatory readiness.

Option 2 is correct because regulatory environments demand end-to-end encryption to protect sensitive data. Option 1 and 3 are aesthetic. Option 4 may be useful but not regulatory in nature.

Option 1 is correct because regulatory retention policies must be supported by the integration architecture through secure, searchable logging. The other options do not address legal data preservation.

Option 2 is correct because flexible, self-adapting integrations can adjust to partner changes, reducing manual maintenance and downtime. Hardcoded and static formats are brittle. Daily exports can’t support real-time needs.

Option 2 is correct because middleware supports modular, scalable, and reusable connections across systems, which is ideal for M&A scenarios. Point-to-point becomes unmanageable. Manual approaches don’t scale. CRM-only views lack cross-functional integration.

Option 2 is correct because GDPR mandates that individuals can request data deletion and must be able to audit what data is stored — requiring automated deletion and traceability. The other options are not tied to user rights or compliance.

Option 3 is correct because bi-directional synchronization ensures that data is updated and visible across all platforms, enabling departments to work with a single source of truth. Option 1 is slow and unreliable. Option 2 only identifies problems but doesn’t solve data alignment. Option 4 focuses on access rather than visibility.

Option 1 is correct because if a system cannot receive inbound API calls, Salesforce must initiate communication, usually through polling or outbound messaging. Option 2 is about testing, not runtime communication. Option 3 is a platform limitation, unrelated to external integration. Option 4 concerns the UI layer and is irrelevant in this backend integration.

Option 1 is correct because the constraint means the integration must split large datasets into smaller chunks. Option 2 is a format change, not related to record volume. Option 3 is a general feature toggle, not the solution here. Option 4 implies blocking behavior, but doesn’t address the data limit issue.

Option 1 is correct because the external system‘s once-daily update schedule is incompatible with real-time requirements, creating a significant business process constraint. Option 2 is incorrect because Salesforce does support outbound messages. Option 3 and 4 are false — REST supports any data type including prices and JSON is commonly used.

Option 1 is correct because scheduled jobs cause delays between data changes and data availability across systems, potentially leading to outdated information in business decisions. Option 2 is a best practice, not a constraint. Option 3 is incorrect — versioning is not automatic in most APIs. Option 4 is a protocol usage assumption and not the primary issue here.

Option 1 is correct because API concurrency limits can prevent systems from scaling during high-demand periods, such as during peak business hours or major data uploads. Option 2, while a platform limitation, does not inherently impact scalability unless it restricts throughput. Option 3 and 4 are configuration elements inside Salesforce and don’t typically limit integration scalability.

Option 1 is correct because when approval workflows are involved, data synchronization is delayed until human actions are completed, introducing process dependencies. Option 2 is a data format issue and unrelated to process timing. Option 3 is incorrect as flows can handle approvals. Option 4 is a design choice, not a hard requirement imposed by the process.

Option 1 is correct because firewalls often block incoming connections, so VPNs or tunnels are necessary to securely connect to on-premise data sources. Option 2 is about file format, which can be managed independently. Option 3 is incorrect — Salesforce can connect externally with the proper configuration. Option 4 refers to UI features and is irrelevant here.

Option 1 is correct because rate limits require the integration to batch requests or throttle them to avoid failures and disruptions. Option 2 is incorrect — OAuth works independently of rate limits. Option 3 is a protocol choice and not mandated by the API limit. Option 4 is overly restrictive and unnecessary.

Option 1 is correct because successful integration starts with mapping out all involved systems and identifying how they connect — whether via API, file exchange, or middleware. Option 2 assumes Salesforce is always the origin, which may not be true. Option 3 and 4 are unrelated to backend architecture and don’t support scalable synchronization.

Option 1 is correct because pub/sub allows systems to communicate asynchronously, reacting to events without tight coupling. Option 2 requires direct, synchronous responses, which isn’t ideal for distributed environments. Option 3 is scheduled and not reactive. Option 4 creates strong dependencies between systems.

Option 1 is correct because Salesforce can call an external system via web service and wait for the real-time response, which is ideal for inventory lookups. Option 2 is too slow. Option 3 is cosmetic and doesn’t ensure real-time accuracy. Option 4 is outdated and not scalable.

Option 1 is correct because as the number of systems grows, the number of point-to-point connections increases exponentially, leading to poor maintainability and difficulty in scaling. Option 2 may be true short-term but doesn’t address long-term risk. Option 3 and 4 are not core architectural drawbacks.

Option 1 is correct because middleware platforms can coordinate data flow, transformations, and error handling across multiple systems in a single place. Option 2 is a myth — custom logic is still often needed. Option 3 and 4 have no direct relevance to integration patterns.

Option 1 is correct because technical logs and architecture diagrams provide concrete evidence of how data moves between systems. Option 2 is inefficient and unnecessary. Option 3 and 4 don’t provide integration-level visibility.