Salesforce Sharing and Visibility Certification
Cloud Kicks has the following environment: • Two custom objects named Open Position and Candidate • The Candidate object has a lookup relationship to Open Position • Both objects are set to Private in sharing settings • The Human Resources team will own all Open Position and Candidate records Cloud Kicks request that their Salesforce Architect automatically share the Candidate when the Interviewer (lookup to user record) has been populated. The interviewer can be from any department. What approach should the Architect use to accomplish this goal? A. Build Apex Managed Sharing code to share Candidate with the Interviewer user. B. Build a criteria-based sharing rule between the Candidate and the Interviewer. C. Build a standard sharing rule between Candidate and the Interviewer. D. Build a workflow email notification to notify the interviewer of the record assignment
A. Build Apex Managed Sharing code to share Candidate with the Interviewer user.
Universal Containers has a Private Sharing Model and restrictive data access settings in place. The data governance team is planning to deploy a master data management tool that will need write access to all system data, and the Architect has been asked to prepare a Data Governance User Profile that has full access to all data regardless of Sharing and CRUD Settings. What is the optimal way to enable this requirement? A. Ensure the profile has the "Modify All Data permission enabled B. Create a Sharing Rule for required Objects, on an API Only profile C. Create an All Data Access app as a default for this Profile D. Enable the "Edit Read -Only Fields" permission for this Profile
A. Ensure the profile has the "Modify All Data permission enabled
A Visualforce controller has a requirement to be written with "Without Sharing" at the top level; however, certain methods within the page still need to enforce the user permissions for creating records and accessing certain fields. Which two methods below would be used to enforce this requirements? Choose 2 answers. A. Schema.DescribeFieldResult B. Schema.getGlobalDescribe C. UserInfo.getProfileID D. Schema.DescribeSObjectResult
A. Schema.DescribeFieldResult D. Schema.DescribeSObjectResult These are the two methods used to enforce user permission on field and object level.
Universal Containers has set Account Sharing to Private with Account Teams enabled. Which two user groups can add team members on the Account? Choose 2 answers A. The current Account Owner can add team members B. The user specified as the Manager on the Owner's User record C. Someone above the Account Owner in the Role Hierarchy with read access D. Any Account Team Member with read access on the Account
A. The current Account Owner can add team members C. Someone above the Account Owner in the Role Hierarchy with read access
Which users have access to Opportunity records owned by an external user, assuming no other changes to the sharing model have been implemented? A. The record owner and any user above the external user in the role hierarchy. B. The record owner only. C. The record owner and any user below the external user in the role hierarchy. D. The record owner and all internal users.
A. The record owner and any user above the external user in the role hierarchy. Opportunity (Standard Object) has grant access via hierarchy enabled by default. Account Owner has to have a role when enabling external user. So the external user roles are rolling up to the account owner role.
Universal Containers has a strict security model enforced through object, field, and row-based security mechanisms. The Architect would like to ensure the security model is being thoroughly tested using Apex automated tests.Which three considerations should be made when using the runAs() method to design Apex unit tests?Choose 3 answers A. runAs() can be used inside of test classes to validate record-level security. B. runAs() can be used outside of test classes to bypass record-level security. C. runAs() can be used inside of test classes to validate field-level permissions. D. runAs() does not enforce user permissions or field-level permissions in test classes. E. runAs() counts towards total DML statements issued within the transaction.
A. runAs() can be used inside of test classes to validate record-level security. D. runAs() does not enforce user permissions or field-level permissions in test classes. E. runAs() counts towards total DML statements issued within the transaction.
Which three advanced tools can Salesforce enable for large-scale role hierarchy realignments in organizations with large data volumes?Choose 3 answers. A. Partitioning by Divisions B. Granular Locking C. Parallel Sharing Rule Recalculation D. Deferred Sharing Calculation E. Skinny Table Indexing
B. Granular Locking C. Parallel Sharing Rule Recalculation D. Deferred Sharing Calculation Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_tools.htm https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-performance-and-scalability/
Universal Containers has the following Sharing Settings for their Org: - Account = Private - Contact = Controlled by Parent - Opportunity = Private - Case = Private They have enabled "Default Account Teams" and have trained users to set up their Default Team. Which three access levels can be set on the Account Team Member? Choose 3 answers. A. Contact Access B. Opportunity Access C. Account Access D. Contract Access E. Case Access
B. Opportunity Access C. Account Access E. Case Access Contact will not needed to be separately set because it is Controlled by Parent (Account).
Universal Containers has created a Reimbursement Custom Object to capture requests for reimbursement of expenses related to office supplies. The Reimbursement requests are sometimes sensitive and the Team Leads should not have access to the Reimbursement records submitted by the Users in the Call Center Agent role. The Director of Support will require access to all Reimbursement records. The role hierarchy is set as follows: Call Center Agent role reports to Team Lead role, which Reports to the Director of Support. Which steps would the Architect take to ensure proper sharing in this Role Hierarchy structure assuming Private Sharing Setting for the Reimbursement Object? A. Leave the Reimbursement Object in "Deployed" Status and set the Director of Supports Profile to "View All" in the object permissions B. Use an Approval Process to change the owner of the Reimbursement record upon submission to the Director of Support C. Disable Grant Access Using Hierarchies for the Object and create a Sharing Rule to enable sharing to the Director of Support D. The sharing scenario described will occur without any special configuration choices being made by the Architect
C. Disable Grant Access Using Hierarchies for the Object and create a Sharing Rule to enable sharing to the Director of Support Team Lead can't view their subordinate's records --> Disable Grant Access using Hierarchies Support Director need to see all of the records --> Sharing Rule
How would you make sure Visualforce page is security proof? Choose 3 answers A.Manually check for cross site B. Manually check for sql injection C. Submit to force security scanner D. Use web application tool for security E. Use debug to check hijacked requests
C. Submit to force security scanner D. Use web application tool for security E. Use debug to check hijacked requests
Which two statements are true regarding the configuration options available when using Salesforce setup? Choose 2 answers A. The Record Types setting is available in profiles, but NOT in permission sets B. The Tab Settings is available in profiles, but NOT in permission sets C. The Page Layout Assignments setting is available in profiles, but NOT in permission sets D. The Login Hours setting is available in profiles, but NOT in permission sets
C. The Page Layout Assignments setting is available in profiles, but NOT in permission sets D. The Login Hours setting is available in profiles, but NOT in permission sets
Universal Containers has a custom Visualforce application that uses a standard Apex controller on the Lead object. What should the Architect do to ensure that object-level security is implemented within this application? A. When defining the Visualforce page, use the "With Sharing" keyword B. To enforce user permissions in the Apex controller, use the runAs() method C. Within the Visualforce page, use the {!$ObjectType.lead.accessible} expression D. Within the Apex controller, use the Schema.DescribeSObjectResult isAccessible() method
C. Within the Visualforce page, use the {!$ObjectType.lead.accessible} expression Because it is standard controller, it is not editable, this needs to be controlled on the VSP page.
What is the security vulnerability in the following code snippet?<apex:form><apex:commandButton rerender="outputIt" value="Update It"/><apex:inputText value="{ !myTextField}"/></apex:form><apex:outputPanel id="outputIt">Value of myTextField is <apex:outputText vlue="{!myTextField}" escape="false"/></apex:outputPanel> A. SOQL Injection B. Access Control C. Arbitrary Redirects D. Cross-Site Scripting
D. Cross-Site Scripting Whenever you see escape = "false" - a sign for cross-site scripting vulnerability.
There is a custom object, Job, that has OWD set to "Private". It contains extremely private information that should only be available to the record owner and the hiring manager that is associated through a user Lookup field on the object. What is the best solution to grant access? A. Have the record owner manually share the record to the hiring manager. B. Create a workflow rule to grant access to the hiring manager. C. Do nothing, the OWD will grant the access. D. Use Apex Managed Sharing to grant the access to the hiring manager.
D. Use Apex Managed Sharing to grant the access to the hiring manager.
Universal Containers (UC) works with a dealer network to sell their products. There are approximately 5,000 dealers that do business with UC and UC has purchased a Partner Community to interact with each of their dealers on Opportunities. Each dealer is structured so that there are a group of managers who will oversee a larger team of agents. UC would like to set the Organization-Wide Defaults to Private for the Opportunity object, both internally and externally. Within each dealer, there are a few agents called Lead Agents who should be able to see the Opportunities for all of the other Agents at the dealer. What is the optimal solution for an Architect to recommend? A. Add a Sharing Set that shares Opportunities to the Lead Agent based on the Lead Agents Account. B. Build an Apex Managed Sharing rule that will assign specific Opportunities to Lead Agents. C. Grant Super User access to the Lead Agents as part of the Community user setup. D. Create a Sharing Rule to share opportunities to the owner's manager's role and below.
A. Add a Sharing Set that shares Opportunities to the Lead Agent based on the Lead Agents Account. As of 2018, Salesforce enabled sharing set for Partner Community License; previously its only available for high volume license. I think in this case sharing set will be cleaner and easier than sharing rule, because sharing rule will need to be created for each account, whereas sharing set will take care of itself as long as the contact account matches. Super User access give user access to not just his/her account but other account, in this case we don't want that. Apex Managed Sharing is not necessary, declarative option (i.e. Sharing Set) is available for this use case.
Which are two valid use cases for programmatic sharing? Choose 2 answers. A. An external system manages user record access. B. Frequent user ownership changes based on re-alignments. C. Native sharing functionality does not meet requirements. D. Setting user ownership for standard and custom objects.
A. An external system manages user record access. C. Native sharing functionality does not meet requirements. SOAP API is used if an external system manages user record access & Apex Managed Sharing (programmatic sharing) used only if sharing rules, manual sharing, etc is not meeting the requirements.
Which three capabilities are available with Enterprise Territory Management? Choose 3 answers. A. Assignment of Territory on Opportunities. B. Share a report or dashboard folder with a Territory. C. Metadata API Support D. Create a public group with Territory. E. Integration with Collaborative Forecasting.
A. Assignment of Territory on Opportunities. C. Metadata API Support (y) E. Integration with Collaborative Forecasting (y) Refer to: https://help.salesforce.com/articleView?id=000338795&type=1&mode=1 Based on the article, D. Create a public group with Territory is also available on Enterprise Territory Management.
A dummy user at Universal Containers owns more that 10,000 lead records. The system assigned all these leads to a dummy user. This is causing performance issues whenever role hierarchy changes. Which two options should be recommended to improve performance?Choose 2 answers. A. Assign ownership to a small number of users. B. Add the dummy user into a public group. C. Add the dummy user to the bottom of the role hierarchy. D. Do not assign a role to the dummy user.
A. Assign ownership to a small number of users. D. Do not assign a role to the dummy user. Record Ownership Skew Issue - Ensure the record ownership is spread across a number of users rather than a singular user. If it is not possible, refrain from assigning role to the dummy user; so any role hierarchy change and recalculation will not impact or touch this huge amount of records.
Below are some details regarding the organization at Universal Containers: - Richard and Kevin are the East sales reps and their manager is Karen, the East sales executive. - Sam and Wilder are West sales reps and their manager is Wendy, the West sales executive. - Bob is the CEO and manages both Karen and Wendy. Universal Containers role hierarchy follows their management structure. Richard owns an account, NewCompany, and Kevin owns an account, OldCompany. Karen manually shared her account NewWorld with Kevin. However, she has moved to a new role to lead all Named Accounts, and Phil, who replaced her, is the new owner of NewWorld. Which employees will have access to the NewWorld account? A. Bob and Phil B. Bob, Karen and Kevin C. Bob, Richard, Phil and Kevin D. Bob, Phil and Kevin
A. Bob and Phil When a record owner is updated, any manual share granted to a user is removed; hence Karen's record share to Kevin to NewWorld disappears when she updates the record owner to Phil. Bob owns the record, because he is Phil's boss (above him on the role hierarchy). By default role hierarchy is enabled for Account, standard object.
Universal Containers has two custom objects: Job and Job Interview. The Job Interview object has a lookup relationship to Job. Both objects are set to Private in sharing settings. The HR team will own all Job and Job Interview records. They have asked their Salesforce Architect to automatically share the Job Interview when the Interviewer (lookup to user record) has been populated. The interviewer can be from any department.What method should the Architect use to achieve this requirement? A. Build apex Managed Sharing code to share Job Interview with the Interviewer user. B. Build a criteria-based sharing rule between the Job Interview and the Interviewer. C. Build a standard sharing rule between Job Interview and the Interviewer. D. Build a workflow email notification to notify the interviewer of the record assignment
A. Build apex Managed Sharing code to share Job Interview with the Interviewer user. Whenever there is a user lookup that is not the owner, it is typically going to require apex managed sharing.
Universal Containers has Controlled by Parent sharing settings on the Contact object and Public Read Only sharing settings on Account, Opportunity, and Case objects. Which two options can the user see while adding Account team members to the Account? A. Case Access B. Opportunity Access C. Contact Access D. Activity Access
A. Case Access B. Opportunity Access Contact Access is 'Controlled by Parent' (Account) so there should not be an option to configure visibility for this object separately. Opportunity and Case are 'Public Read Only'; user can open up visibility as 'Read Only' or 'Read/Write'
Cloud Kicks has multiple business partners that assist with product fulfillments, and requires a web service to be exposed to the business partners. Each business partner needs to be able to query Cloud Kicks Salesforce instance to retrieve the status of orders. Additionally, each business partner should only be allowed access to orders for which the business partner is the fulfillment vendor. The architect does NOT want the business partners to utilize the standard APIs and would prefer a custom API be developed. Which three design elements should the Architect consider in order to ensure the data security of the solution? Choose 3 answers. A. Create a custom Apex Web Service using the "With Sharing" keyword B. Give each partner their own Salesforce login set to API Enabled on the profile C. Query the Orders object with Dynamic SOQL based upon the fulfillment ID D. Set the Orders object's sharing settings to Private in the Org-Wide Defaults E. Create a custom Apex web service with a fulfillment ID input attribute
A. Create a custom Apex Web Service using the "With Sharing" keyword B. Give each partner their own Salesforce login set to API Enabled on the profile D. Set the Orders object's sharing settings to Private in the Org-Wide Default
Universal Containers would like to create a custom team solution that can be used on a custom Loan object. The following requirements must be met: - The Loan custom object should be set to Private in the Org-Wide Defaults. - Any user added to the Custom Team object should have Read Only access to the corresponding Loan record. - If the Custom Team record is marked as "Primary" then the corresponding user should have Read/Edit access to the corresponding Loan record. Which two methods will allow the Architect to meet the requirements?Choose 2 answers. A. Create a custom trigger on the Custom Team object that inserts or updates records in the Loan_share object. B. Create a criteria-based sharing rule on the Loan object that will share the Loan record with the appropriate user in the Custom Team object. C. Create Apex Sharing Reasons on the Loan object to identify the reason the Loan record was share. D. Create an owner-based sharing rule on the Custom Team object that will share the Loan record to the owner of the Custom Team record.
A. Create a custom trigger on the Custom Team object that inserts or updates records in the Loan_share object. C. Create Apex Sharing Reasons on the Loan object to identify the reason the Loan record was share. Custom Team object requires programmatic creation of share record on the Custom Loan Object (Loan_share). Neither criteria based sharing rule or owner based sharing rule can be created on the go, there is also limit in terms of how many of these rules can be created per object.
Universal Containers has developed Apex code to manually create AccountShare records to grant specific users access to individual Accounts. What must the Architect do to ensure the AccountShare records are not deleted when the owner of the Account is changed? A. Create the share records and set the RowCause to a custom Apex Sharing Reason. B. Create the share records in a class with the "Without Sharing" keyword. C. Create the share records with the Delete on Owner Change field set to false. D. Create the share records and set the RowCause to Manual.
A. Create the share records and set the RowCause to a custom Apex Sharing Reason.
Which two license types can create and edit reports, when assigned the correct permissions? Choose two answers A. Customer Community Plus B. Customer Community C. Customer Community Plus Login D. Partner Community Plus Login
A. Customer Community Plus C. Customer Community Plus Login Partner Community Plus is not a thing. Refer to: https://help.salesforce.com/articleView?id=networks_analytics_limitations.htm&type=5
Universal Containers has created a custom object to store highly confidential client relationship data with Private sharing settings. Which two options would an Architect choose to ensure access only to the record owner and the administrator?Choose 2 answers. A. Disable "Grant Access Using Hierarchies." B. Disable the "Create" permission on all other profiles. C. Disable the "Read" permission on all other profiles. D. Disable the "View All" permission on all other profiles.
A. Disable "Grant Access Using Hierarchies." D. Disable the "View All" permission on all other profiles. In order to ensure only record owner + system administrator access to record, we need to: - Disable grant access using hierarchies; so that the roles above record owner's will not have access to the record. - View All permission grant user access to view all records within the object.
When writing test methods, what functionality is verified by the system method "runAs()"? A. Enforcement of a user's record sharing. B. Enforcement of a user's field-level security. C. Enforcement of a user permissions. D. Enforcement of a user's public group assignments.
A. Enforcement of a user's record sharing. runAs() does not validate user's permission, field-level security and public group assignment. It only validates record access.
Which two reasons should the Architect consider regarding the use of Apex Sharing Reasons? Choose 2 answers A. Ensuring the developer can more easily troubleshoot programmatic sharing. B. Ensuring the Share record is not deleted upon ownership change. C. Ensuring the Share record is deleted upon ownership change. D. Ensuring there is additional criteria available for Criteria-Based Sharing.
A. Ensuring the developer can more easily troubleshoot programmatic sharing. B. Ensuring the Share record is not deleted upon ownership change.
Universal Containers has set the Org-Wide Sharing Default for Accounts to Private and has created some sharing rules to extend access based on certain data access policies. An architect has been asked to review access to a certain set of key customer accounts.How might this review be conducted? A. Export the Account Share table and review. B. Run a Report on Sharing in the Admin Console. C. Log in as each user and Run the All Accounts List View. D. Use the Sharing button on each customer Account.
A. Export the Account Share table and review. Reviewing access on a set of record --> Account Share If 'user' has issue with visibility --> Login as the User If user wants to troubleshoot why user has access to a record --> Sharing Button, Why?
Universal Containers maintains Job information in a Custom Object that contains sensitive information. The only users who should be able to view and edit Job records are the user who owns the record and all users in the Delivery profile. Which three platform sharing tools are required to support the above requirements?Choose 3 answers. A. Grant access Using Hierarchy sharing setting on the Job Object set to false. B. "Modify All" permission for Job Object on the Delivery Profile. C. Criteria-Based sharing rule for the Delivery Profile on the Job Object. D. Organization-Wide Default sharing setting of Private on the Job Object. E. "View All Data" profile permission on the Delivery Profile.
A. Grant access Using Hierarchy sharing setting on the Job Object set to false. B. "Modify All" permission for Job Object on the Delivery Profile. D. Organization-Wide Default sharing setting of Private on the Job Object. - Disabling Grant access using hierarchy prevent user above the role of record owner accessing the record. - Modify All on Job Object within profile allows delivery profile to update all records in job object. - Private OWD close down visibility so other people can't access the record. Criteria based sharing rule does not work with 'Profile'. It has to be shared to roles, or public group, territory, etc. View All Data grant the profile users not only access to Job object but also everything else -- not necessarily what we want.
Universal Containers is looking to set up a new integration with its ERP system. The goal is to synchronize contacts in the ERP shipping tables with those in their CRM so that sales reps can view up to date contact information. The integration runs under a dummy Integration User who is at the top of the role hierarchy. The Organization-Wide Default sharing setting for Accounts is Private and Contacts is Controlled by Parent. A large number of contacts (100,000) have account data in the ERP system, but do not have corresponding Accounts in Salesforce.How should the Architect design the solution so that the sales team can see the contacts and there are no performance issues? A. Have the integration create both contacts and their corresponding accounts; use an Account sharing rule to grant sales reps access to the contacts. B. Have the integration create the contacts under one dummy account record; use an Account sharing rule to grant sales reps access to the contacts. C. Have the integration create the contacts with Salesforce without an account; use a Contact sharing rule to grant sales reps access to the contacts. D. Have the integration create both the contacts and their corresponding accounts; use a Contact Sharing rule to grant sales reps access to the contacts.
A. Have the integration create both contacts and their corresponding accounts; use an Account sharing rule to grant sales reps access to the contacts.
In order to comply with regulatory requirements, Universal Health must encrypt all Personally Identifiable Information (PII), both while it is being transmitted over the network and while it is at rest. Universal Health has completed a data audit and has determined that 12 fields on the contact record can contain PII, including the contact name and several other standard fields. Universal Health would like the fields to remain accessible in Salesforce. Which two options does Universal Health have to maintain compliance? Choose 2 answers. A. Implement a custom Apex trigger to automatically encrypt the PII data using the Apex Crypto Class. B. Update the field type of each of the 12 fields to "Text (Encrypted)" so that they are encrypted at rest. C. Enable Salesforce Platform Encryption and select the 12 contact fields to be encrypted. D. Use an external, third party encryption service to encrypt PII before it enters Salesforce.
A. Implement a custom Apex trigger to automatically encrypt the PII data using the Apex Crypto Class. D. Use an external, third party encryption service to encrypt PII before it enters Salesforce. Encrypted Field and Platform Encryption only solve at-rest encryption requirement.
Which two access grants are stored in the Group Maintenance tables? Choose 2 answers A. Inherited access grants B. Explicit grants C. Group Membership grants D. Implicit grants
A. Inherited access grants C. Group Membership grants Refer to: https://developer.salesforce.com/docs/atlas.en-us.salesforce_record_access_under_the_hood.meta/salesforce_record_access_under_the_hood/uth_groups.htm
Universal Containers has a set of Account Management users that should only see Accounts once the Account becomes a customer. The Type field on the Account identifies whether the Account is a Prospect, Customer, Partner or Other. Which two methods could an Architect use to enable this sharing requirement, assuming a private sharing model for Accounts?Choose 2 answers. A. Institute a process that calls for the Account Manager to be added to the Account Team once the Account becomes a customer. B. Create an Account Sharing Rule that shares all Accounts owned by Sales to be shared with Account Management roles and subordinates. C. Create a Public List View, where Accounts of Type Customer are included and share the List view with the Account Management public group. D. Create a Criteria-based Sharing rule that shares the Account to the Account Management Group when the Type is Customer.
A. Institute a process that calls for the Account Manager to be added to the Account Team once the Account becomes a customer. D. Create a Criteria-based Sharing rule that shares the Account to the Account Management Group when the Type is Customer. Owner-based sharing rule does not satisfy the requirement, does not fit the criteria. Public List View does not solve the issue because visibility is hidden on record side, so even if list view is public the record won't be there.
Which permissions bypass the FLS protections safeguarding a secret stored in a custom field? Please choose 3 answers: A. Modify All Data B. View All Data (Profile) C. Customize Application D. Deploy Apex E. View All Data (Object Specific)
A. Modify All Data C. Customize Application D. Deploy Apex
Universal Containers uses the Case object to track service tickets. They have implemented Case teams to allow multiple support representatives to manage the Cases. Which two "Filter by owner" options would the user see while creating a list view on the Case object?Choose 2 answers A. My Case Teams B. Roles C. Public Groups D. Queue
A. My Case Teams D. Queue
Universal Containers has requirement for the Architect to develop Apex Managed Sharing code for the custom Job object. The sharing settings for the Job object are set to Private. When assigning access level for the record, which two lines of code will cause a DML exception on insert to the database? Choose 2 answers A. Objectname.AccessLevel='Edit' B. Objectname.AccessLevel='All' C. Objectname.AccessLevel='None' D. Objectname.AccessLevel='Read'
A. Objectname.AccessLevel='Edit' D. Objectname.AccessLevel='Read' User requires at-least read access to the record for which the share is to be created
Which features does Salesforce provide for restricting login access to the application? Choose 2 answers. A. Profile-based login hour restrictions B. Role-based IP restrictions C. Organization-wide login hour restrictions D. Profile-based IP restrictions
A. Profile-based login hour restrictions D. Profile-based IP restrictions Role-based IP restriction + Org-wide Login Hour are not available.
The Architect at Universal Containers has created a List View to show all open Opportunities that were created in the last month, and would like to make this list view visible to certain groups of users. Which two options are available to the Architect for sharing the List View? A. Public Groups B. Profiles C. Roles and Subordinates D. Manual Sharing
A. Public Groups C. Roles and Subordinates
Universal Containers has successfully implemented a large Service Cloud rollout for their national call centre 3 months ago. One of their largest customer accounts, United Automotive, has over 15,000 open cases. Agents are now having trouble opening new cases for United Automotive. When they try to create a case, the following Error messages appear for them.UNABLE_TO_LOCK_ROW They notice that this only occurs for the United Automotive account. If they tray so save the case again it will usually work, but the problem seems to be happening more and more often. What option should the Architect recommend? A. Review the Account structure to split the United Automotive account into multiple branch accounts. B. Review the Customer Service Profile to ensure that they have Read/Write access to the appropriate Case and Account Fields. C. Review all Case Sharing Rules and consolidate where appropriate to reduce the total number of sharing rules. D. Review all Account sharing rules to ensure that the Customer Service team has Read/Write access to the United Automotive Account.
A. Review the Account structure to split the United Automotive account into multiple branch accounts. This issue is caused by data skew (15,000 cases lookup to the same account). In order to fix the issue, split account to branches and link cases to these branch accounts.
A developer at Universal Containers is building an integration within a managed package for their internal org that requires login to an external system. The end point requires basic authentication. The Architect would like to ensure that the username and password are managed securely.Which three options should the Architect recommend to secure the credentials? Choose 3 answers A. Store the credentials in protected custom metadata that are used in the Apex Callout. B. Store the credentials in Named Credentials that are used in the Apex Callout. C. Store the credentials in a custom object using encrypted fields. D. Store the credentials in protected custom settings that are used in the Apex Callout. E. Store the credentials in the Apex code, which will not be available to non-admins.
A. Store the credentials in protected custom metadata that are used in the Apex Callout. B. Store the credentials in Named Credentials that are used in the Apex Callout. D. Store the credentials in protected custom settings that are used in the Apex Callout.
The Architect notices that there are many duplicate Account records and numerous sharing rules created in Salesforce. What would be the reason? A. The Organization-Wide Default for the Account object is Private. B. The Organization-Wide Default for the Account object is Public Read/Write. C. The Organization-Wide Default for the Account object is Public Read-Only. D. The Object permissions for the Account object are Create, Read, and Edit.
A. The Organization-Wide Default for the Account object is Private. Duplicate Records - User create duplicate because they can't see existing record Numerous Sharing Rule created to open up visibility.
Universal Containers created a custom object called Defect and would like to enable the Sharing button on the Defect page layout to share the records manually to other users in the organization. In which scenario will the Sharing button appear? A. The Sharing model is either Private or Public Read only. B. The Sharing button always appears. C. The Sharing model is Public Read/Write. D. The Sharing model is Public Read/Write/Transfer.
A. The Sharing model is either Private or Public Read only. If the OWD is Public Read/Write there is nothing else to share. The button only comes up if there is additional visibility that can be set.
Universal Containers would like to customize the security and sharing features of Salesforce Account Teams. They have decided to implement a Custom Account Team object. They would like the new enhancement to include all of the features of the existing account team, but also utilize Apex and Visualforce on the custom Account Team object.Which two different approaches should the Architect consider when designing this enhancement?Choose 2 answers A. The need to synchronize the AccountTeamMember object with the Custom Account Team object data. B. The need to maintain the AccountShare object based upon the Custom Account Team object data. C. The need to dynamically create Criteria-Based Sharing rules with Custom Account Team object data. D. The need to customize Account screens in Visualforce, as the Account_share object cannot be maintained programmatically.
A. The need to synchronize the AccountTeamMember object with the Custom Account Team object data. B. The need to maintain the AccountShare object based upon the Custom Account Team object data.
Universal Containers regularly uploads large amounts of parent and child records into Salesforce to maintain integrations with other systems that update their date in scheduled batches or continuously in real time. Which two situations may pose a risk of producing locking errors? Choose 2 answers. A. Updates to child records that have the same parent records are being processed simultaneously in separate transactions. B. Updates to parent and child records are being processed in the same batch. C. Updates to parent records and their child records being processed simultaneously in separate threads. D. Updates to parent and child records are being processed synchronously in the same threads.
A. Updates to child records that have the same parent records are being processed simultaneously in separate transactions. C. Updates to parent records and their child records being processed simultaneously in separate threads. Whenever we see a process where child and parent records are processed in separate thread, it is a red flag as it can cause locking issue.
The Architect at Universal Containers would like to prevent users from editing encrypted fields. Assuming no customizations are implemented, which two options should the Architect choose to support the requirement?Choose 2 answers. A. Validation Rules B. Page Layout settings C. Workflow Rules D. Apex Triggers.
A. Validation Rules B. Page Layout settings Validation rule can prevent user from editing a field by popping up error message. Page Layout - Field can be updated to Read Only on page layout.
Universal Containers has a custom object to maintain Job information with a private sharing model. They Delivery group is distributed through the Role Hierarchy based on geography. As the Delivery group often collaborates on Jobs, all users in the Delivery profile require View access to all job records. In special cases, the Delivery user who owns a job must be able to grant a Product Development user access to a Job record. Which two platform features can be used to support these requirements?Choose 2 answers. A. Owner-based Sharing Rules B. "View All" Profile settings C. Criteria-based Sharing Rules D. Manual Sharing
B. "View All" Profile settings D. Manual Sharing Delivery - "View All" Profile because user is distributed throughout role hierarchy, but they are all under one profile. Grant "View All" access to the Job object on the profile. Product Development - "In Special Cases" calls for manual sharing usage.
User A at Universal Containers is in the default account team for User B. User B owns the ACME account and changed User A's team member access to the account.What is the impact of this change? A. Changes affect the default Opportunity team. B. Changes affect only the ACME Account. C. Changes affect the default Account team. D. Changes affect all child ACME Accounts.
B. Changes affect only the ACME Account. Only updated ACME Account Team Config --> Impact only ACME Account.
Universal Containers would like to track defects within Salesforce. A defect need to have the following fields: • Severity • Type • Status • Description There will be multiple Defects related to the standard Case object. Defects will be assigned to different owners which will often be different to the Case owner. Which option should the Architect choose to meet the requirement? A. Create a relationship between the standard defect object and the standard case object B. Create a custom object for defects and relate it to cases using lookup C. Create all defect fields on the case object to track the defect and lookup D. Create a custom object for defects and relate it to cases using master-detail
B. Create a custom object for defects and relate it to cases using lookup Defect record has its own owner so it would not be a master-detail.
Universal Containers has the following requirements: - A custom Loan object requires Org-Wide Defaults set to Private. - The owner of the Loan record will be the Loan Origination Officer. - The Loan record must be shared with a specific Underwriter on a loan-by-loan basis. - The Underwriters should only see the Loan records for which they are assigned. What should the Architect recommend to meet these requirements? A. Use criteria-based sharing rules to share the Loan object with the Underwriter based upon the criteria defined in the criteria-based sharing. B. Create a lookup relationship from the Loan object to the User object. Use a trigger on the Loan object to create the corresponding record in the Loan_share object. C. Create a master-detail relationship from the Loan to the User object. Loan records will be automatically shared with the Underwriter. D. Create an Apex Sharing Reason on the Loan object that shares the Loan with the Underwriter based upon the criteria defined in the Sharing Reason.
B. Create a lookup relationship from the Loan object to the User object. Use a trigger on the Loan object to create the corresponding record in the Loan_share object. Sharing a record to a specific user, that is not an owner --> Manual Sharing/Apex Sharing
Universal Containers has created a custom Sales Operations profile with read and edit access to the Category field on a custom object. There is a new requirement that 3 of the 100 users assigned to the Sales Operations Profile should have read-only access to the Category field. How can the Architect support this request? Choose one answer A. Create a permission set in the Category field to read-only and assign it to the users. B. Create a new profile without edit access to Category and assign it to the users. C. Create a new page layout with the Category Field set to read-only for these users. D. Create a custom permission to grant read-only access to Category and assign it to the users.
B. Create a new profile without edit access to Category and assign it to the users.
At Universal Containers, users should only see Accounts they or their subordinates own. All Accounts with the custom field "Key Customer" should be visible to all Senior Account Managers. There is a custom field on the Account record that contains sensitive information and should be hidden from all users, except 3 designated users who require view and edit access. These three users come from different user groups, and will change occasionally. Which three platform security features are required to support these requirements with the minimum amount of effort? Choose 3 answers. A. Owner-Based Sharing Rules B. Criteria-Based Sharing Rules C. Permission Sets D. Role Hierarchy E. Apex Managed sharing
B. Criteria-Based Sharing Rules C. Permission Sets D. Role Hierarchy Users should only see Accounts they or their subordinates own --> Role Hierarchy All Accounts with the custom field "Key Customer" should be visible to all Senior Account Managers --> Criteria-Based Sharing Rules 3 designated users who require view and edit access (from different user groups) --> Permission Set
Which two options can help mitigate the risks of import failures associated with large-volume bulk data loads?Choose 2 answers. A. Minimize user group hierarchy. B. Defer Sharing Calculation. C. Increase batch size. D. Group records by ParentID within a batch.
B. Defer Sharing Calculation. D. Group records by ParentID within a batch. Defer sharing calculation helps ensure calculation happens after the load; so there is less risk of errors or locking issue happening in the middle of the load. Grouping records by ParentID within a batch helps minimize locking conflict. Refer to: https://developer.salesforce.com/docs/atlas.en-us.salesforce_large_data_volumes_bp.meta/salesforce_large_data_volumes_bp/ldv_deployments_best_practices_api_loading_data.htm
A sales representative at Universal Containers needs assistance from specific product managers when selling certain deals. Product managers do not have access to opportunities they don't own, as the sharing model is Private, but need to gain access when they are assisting with a specific deal. How can an Architect accomplish the requirement? A. Create a sharing rule to allow the product manager to access the opportunity. B. Enable opportunity teams and allow users to add the product manager. C. Enable account team and allow users to add the product manager. D. Use similar opportunities to share opportunities related to the product manager.
B. Enable opportunity teams and allow users to add the product manager. Opportunity Team allows sales rep to easily add a user and their role/access level to access the opportunity. This is also enabled via declarative config which is preferred than code/apex sharing.
Universal Containers wants to create a way to store sensitive Invoice Data in Salesforce. A User who owns an Account should not see every Invoice, but only invoices that they or their subordinates own. Which two features should be considered during this solution implementation?Choose 2 answers. A. Deploy the Relationship between Accounts and the Invoices Object as Master-Detail. B. Ensure that the Organization-Wide Default sharing for Invoices is set to Private. C. Create a Workflow that populates the Invoice sharing object upon Insert. D. Deploy the Relationship between Accounts and the Invoices Object as Lookup.
B. Ensure that the Organization-Wide Default sharing for Invoices is set to Private. D. Deploy the Relationship between Accounts and the Invoices Object as Lookup. To hide visibility to organization in general - Private OWD Invoice that they or their subordinates 'own'. Lookup relationship allows for ownership, but master/detail (detail record) does not have an associated owner.
Universal Containers, a global corporation of 50,000 users, has a 24x7 call center operated by 20,000 users that includes employees and contractors. Their sales organization is 10,000 strong and they started processing about 100,000 updates to opportunity custom fields called Priority and NextStep. They also started processing 20,000 updates to a highly nested territory hierarchy. There was a third mass update on a Next Step field on the Action Plan custom object that has Case as a lookup field. Users started seeing a Group membership lock error in the system. What is a probable cause for this error? A. Lock contention on Account records because of Opportunity object updates. B. Lock contention due to system-initiated sharing rule recalculation C. Lock contention on Case records because of Action Plan custom object updates. D. Lock contention on Territory object because of Territory object updates.
B. Lock contention due to system-initiated sharing rule recalculation
Universal Containers is updating its Organization-Wide Sharing Settings for the Account Object from a "Public Read/Write" model to a "Private" model, so that they can hide certain national accounts from sales reps and sales managers. These national accounts should only be accessible by sales directors and above. Universal Container's Role Hierarchy matches its organizational hierarchy.Which two options should the Architect consider when designing the solution? Choose 2 answers A. Sales directors will need a sharing rule created so that they can see accounts owned by Sales Users. B. National accounts must be owned by a user who is above the sales managers in the Role Hierarchy. C. Apex managed sharing will have to be disabled for the account object to protect the national accounts. D. If a sales rep is added to the Opportunity Team for a national account, they will gain access to account data.
B. National accounts must be owned by a user who is above the sales managers in the Role Hierarchy. D. If a sales rep is added to the Opportunity Team for a national account, they will gain access to account data.
What should the Architect do to ensure Field-Level Security is enforced on a custom Visualforce page using the Standard Lead Controller? A. Use the "With Sharing" keyword on the Standard Lead Controller. B. Nothing; Field-Level Security will automatically be enforced. C. Use the {!Schema.sObjectType.Lead.fields.isAccessible()} expression D. Use the Schema.SObject.Lead.isAccessible() method.
B. Nothing; Field-Level Security will automatically be enforced. When rendering Visualforce pages, the platform will automatically enforce CRUD and FLS when the developer references SObjects and SObject fields directly in the Visualforce page. Refer to: https://developer.salesforce.com/wiki/enforcing_crud_and_fls
Ursa Major Solar has the goal of increasing performance of the following: • Record Access • Sharing Calculations Which three areas should an Architect review to help Ursa Major Solar achieve this goal? A. Custom Object data, to ensure that no Account has more than 10,000 Custom Objects that look up to it B. Opportunity data, to ensure that no Account has more than 10,000 Opportunity records that are related to it. C. Record ownership, to ensure that no user owns more than 10,000 Object records in the system. D. Apex Managed Sharing triggers, to ensure that no trigger is querying more than 10,000 Object records. E. Case Data, to ensure that no Account has more than 10,000 Case records that are related to it
B. Opportunity data, to ensure that no Account has more than 10,000 Opportunity records that are related to it. E. Case Data, to ensure that no Account has more than 10,000 Case records that are related to it C. Record ownership, to ensure that no user owns more than 10,000 Object records in the system. Data Skew: where an account is related to >10k child records. This is a risk to sharing and record visibility performance issues. Ownership Skew: When a single user owns more than 10,000 records of an object, we call that condition ownership data skew. One of the common patterns involves customers concentrating ownership of data so that a single user or queue, or all the members of a single role or public group, owns most or all of the records for a particular object. Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_group_membership_data_skew.htm
Which two options provide implicit record access to users?Choose 2 answers A. Read-only access to parent account for a user, based on a criteria-based sharing rule. B. Read-only access to the parent account for a user with access to a child case C. Access to child opportunities for the owner of the parent account. D. Access to related leads for the owner of the parent campaign.
B. Read-only access to the parent account for a user with access to a child case C. Access to child opportunities for the owner of the parent account. Implicit sharing is available for account, opportunity, case. Criteria-based sharing rule is not implicit sharing. Lead and Campaign do not have implicit sharing. Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_object_relationships_implicit_sharing.htm
Universal Containers is designing a new community using the Customer Community license type. They would like to have the users complete survey questions through the community interface and store the responses in a Custom Object that has a lookup to the account object. Any internal user who has access to the account should be able to see all survey responses. All Customer Community users should be able to see surveys filled in by other users for their company, but not surveys for other companies. What are the correct security settings to achieve this? A. Set all Organization-Wide Default settings to be "Public Read/Write" for both internal and external users. B. Set all Organization-Wide Default security to be "Private" for both internal and external users and use Sharing Rules to grant the desired access. C. Set all Organization-Wide Default security to be "Public Read/Write" for internal users and "Private" for external users. D. Set the custom object to be master-detail to the Account and leave the Organization-Wide Default settings as their default values.
B. Set all Organization-Wide Default security to be "Private" for both internal and external users and use Sharing Rules to grant the desired access. Internal User who has access to account can see survey responses. Aka not all user can view all surveys --> Private.
Universal Containers has developed an AppExchange managed package for their distribution partners, which required a private key to be generated for each partner and used by the code. Universal Containers support representatives must be able to access the private key value to debug connection issues, but it must not be possible for the partner to access the value.How can the Architect best support this requirement? A. Store the value in a text field on a protected custom setting in the package. B. Store the value in a static variable in a class included in the managed package. C. Store the value in the text field on a list custom setting in the managed package. D. Store the value in an encrypted field on a custom object in the package.
B. Store the value in a static variable in a class included in the managed package.
ACME Corporation is a global Telco that has recently implemented Enterprise Territory Management to better align their sales teams and sales processes. They are in Q4 of their fiscal year and they have completely revamped their Territory structure and created a plan for a new structure that would support the new fiscal year. Their current territory model has 8000 territories. Their new model would be a new set of 8500 territories, and their org limit is 10,000 territories. Which Enterprise Territory Management feature can ACME take advantage of in order to help them keep within their org limits? A. Territory Type B. Territory Model State C. Territory Hierarchy D. Territory Type Priority
B. Territory Model State
Universal Containers has recently implemented Enterprise Territory Management to better align their sales teams and sales processes. They are in Q4 of their fiscal year and they have completely revamped their Territory structure and created a plan for a new structure that would support the new fiscal year. Their current territory model has 8,000 territories. Their new model would be a new set of 8,500 territories, and their org limit is 10,000 territories.Which Enterprise Territory Management feature can Universal Containers take advantage of in order to help them stay within their org limits? A. Territory Hierarchy B. Territory Model State C. Territory Type D. Territory Type Priority
B. Territory Model State In this case we can move 8,000 territories (current) to archive (active --> archived), and move the new set 8,500 to active state (planning --> active) Refer to: https://help.salesforce.com/articleView?id=tm2_territory_model_state.htm&type=5
Universal Containers is implementing a community of High-Volume Community users. Community users should be able to see records associated to their Account or Contact record. The Architect is planning to use a Sharing Set to provide access to the records. When setting up the Sharing Set, certain objects are not available in the list of Available Objects. Which two reasons explain why an object is excluded from the list of Available Objects in a Sharing Set? A. The object is a custom object, and therefore not available for a sharing set. B. The object's Organization-Wide sharing setting is set to Public Read/Write. C. The object's Organization-Wide sharing setting is set to Private. D. The custom object does not have a lookup to Accounts or Contacts.
B. The object's Organization-Wide sharing setting is set to Public Read/Write. D. The custom object does not have a lookup to Accounts or Contacts. Refer to: https://help.salesforce.com/articleView?id=networks_setting_light_users.htm&type=5
Universal Containers has set Opportunity Sharing to Private with Opportunity Teams enabled.Which three options can change the Owner of the Opportunity?Choose 3 answers. A. Any Opportunity Team Member on the current Opportunity. B. The current Opportunity Owner can transfer the Ownership. C. The System Administrator or a user with the "Transfer Records" permission. D. The user specified as the Manager on the Owner's User Profile. E. Someone above the Opportunity Owner in the Role Hierarchy.
B. The current Opportunity Owner can transfer the Ownership. C. The System Administrator or a user with the "Transfer Records" permission E. Someone above the Opportunity Owner in the Role Hierarchy.
Universal Containers has requirement to integrate Salesforce with an external system to control record access.What option should the Architect consider when designing a solution? A. Use the Security API to modify the role hierarchy in Salesforce. B. Use the SOAP API to maintain the related SObject_share records. C. Use the Metadata API to maintain the related SObject records. D. Use the SOAP API to create new Criteria-Based Sharing Rules in Salesforce.
B. Use the SOAP API to maintain the related SObject_share records.
Universal Containers has a custom Visualforce Application that uses a custom Apex Controller. Within this Visualforce Application, what should the Architect do to ensure that object-level security is enforced? A. Utilize the "With Sharing" keyword when defining the Visualforce Page. B. Use the Schema.DescribeSObjectResult isAccesible() method in the Apex Controller C. Utilize the "With Sharing" keyword when defining the Apex Controller Class D. Use the "Without Sharing" keyword when defining the Apex Controller Class
B. Use the Schema.DescribeSObjectResult isAccesible() method in the Apex Controller With Sharing --> Record access Schema.DescribeSObjectResult --> Object access (CRED) Schema.DescribeFieldResult --> Field Level Access Refer to: https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-programmatic-sharing/
Universal Containers has implemented a community for its customers using the Customer Community license type. They have implemented a custom object to store service requests that has a lookup to the account record.The Organization-Wide Default External Access for the service request object is set to Private. Universal Containers wants their customers to be able to see service requests for their account through the community. Customers should not see service requests for other accounts. What Salesforce feature can the Architect use to implement this? A. Use manual sharing to share the service requests manually when a new community user is added. B. Use a Sharing Set to share service requests related to the account based on the community user's profile. C. Use a Sharing Rule to share service requests to the community user based on their role. D. Use Apex Managed Sharing to share service requests related to the account to the appropriate community users.
B. Use a Sharing Set to share service requests related to the account based on the community user's profile. Sharing Set is built to allow record share to user using contact/account lookup on the record.
Universal Containers wants to store Payment Term Details on the Account object, but the fields should only be visible on certain record types and for certain user profiles.How can a System Administrator quickly determine which user profiles, page layouts, and record types include certain fields? A. Log in as each user profile and view the Account Page Layouts. B. Use the Field Accessibility Viewer for the fields in question C. Universally require the field at the field level. D. Click the Field-Level Security for the field on each Profile.
B. Use the Field Accessibility Viewer for the fields in question
A manager at Ursa Major Solar wants to validate sharing and visibility changes. What is the recommended approach? A. Use Administrative and User reports to view the Active Users. B. Use the Login As feature for a sample user in each role and profile. C. Use Field Audit Trail to audit the field meta-data and visibility. D. Use the Sharing button to test Profile and Permission set changes.
B. Use the Login As feature for a sample user in each role and profile.
Universal Containers has a custom object, Employee Review, with an Organization-Wide Default security setting of Private. A user lookup on the Employee Review object is populated when a reviewer is assigned to perform a review. How can this user be granted edit access to the record if they are not the owner? A. The user will be granted access to the record automatically when the user lookup is populated. B. Create a workflow rule to share the Employee Review record with the user in the lookup field. C. Create an Apex trigger to insert an Employee Review Share record with an access level of Edit. D. Create a criteria-based sharing rule to share the record with the user in the lookup field.
C. Create an Apex trigger to insert an Employee Review Share record with an access level of Edit. Anytime you see 'user lookup' that is not an owner, its a candidate for apex trigger that do an insertion of share record for that user.
Universal Containers has implemented a strict software architecture for their custom Apex code. One of the requirements is that all SOQL queries are contained within reusable classes. Depending on the context of the Apex transaction, the queries should be able to run either "With Sharing" or "Without Sharing". Which two ways allow the Architect to meet these requirements? Choose 2 answers. A. Create a reusable SOQLQueries class; do not specify "With" or "Without Sharing" on the SOQLQueries class. B. Create a reusable SOQLQueries class; do not specify "With" or "Without Sharing" on the SOQLQueries class and use the runAs() method to dynamically set the context. C. Create a reusable SOQLQueries class; specify "With Sharing" on the methods that require user context and "Without Sharing" on the methods requiring system context. D. Create a SystemSOQLQueries class and a UserSOQLQueries class; set the "With Sharing" keyword on the User SOQLQueries class and "Without Sharing" on the SystemSOQLQueries class.
C. Create a reusable SOQLQueries class; specify "With Sharing" on the methods that require user context and "Without Sharing" on the methods requiring system context. - 1 class, definition (with or without sharing) can be called on methods. D. Create a SystemSOQLQueries class and a UserSOQLQueries class; set the "With Sharing" keyword on the User SOQLQueries class and "Without Sharing" on the SystemSOQLQueries class. - 2 classes one with sharing and one without sharing. runAs() only runs on test and not on other code.
Universal Containers has a custom Job object with a private sharing model. Based on the size and location of the Job, different teams must have access to edit the specific Job record. To support this requirement, Apex Managed Sharing has been implemented to share records with the required users. Since the teams change frequently, managed sharing recalculations need to be manually run frequently. What can the Architect do to optimize this process? A. Change the sharing model on the Job object to Public Read/Write. B. Create a scheduled job to automatically run the sharing recalculations on a nightly basis. C. Create public groups for each team, and share the jobs with the groups instead of users. D. Create a custom Visualforce page to edit the jobs and specify Without Sharing on the controller.
C. Create public groups for each team, and share the jobs with the groups instead of users. Sharing the record to group instead of user eliminate the need to keep updating the share table when 'team' who works with the record changes. There will be 1 share record to Group A instead of 1 record for Ann, 1 record for Ben. Only the Public Group needs to be updated but share table will not be updated.
Assuming granular locking is enabled, what activity can happen in parallel to changing a community account owner without risking group membership lock errors? A. Deletion of a Role B. Creation of a Role C. Creation of a Territory D. Deletion of a Territory
C. Creation of a Territory Honestly this one is hard to understand, but refer to this table in the article: https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-performance-and-scalability/
What is required to implement Filter-Based Opportunity Territory Assignment? A. Define an account assignment with a filter criteria rule for Filter-Based Opportunity Territory Assignment. B. Define a Territory assignment rule with filter criteria for Filter-Based Opportunity Territory Assignment. C. Define a custom Apex class for Filter-Based Opportunity Territory Assignment in the system. D. Define an Opportunity assignment rule with filter criteria for Filter-Based Opportunity TerritoryAssignment.
C. Define a custom Apex class for Filter-Based Opportunity Territory Assignment in the system. Refer to: https://help.salesforce.com/articleView?id=tm2_enable_ota.htm&type=5
Universal Containers has recently activated an integration that synchronizes customer information and orders into their CRM of choice: Salesforce.com. One of their largest customers, United Air, has over 12,000 unique contacts. Since the integration was activated, sales reps are having trouble adding contacts to the United Air account. When a sales rep adds a contact, they get the following error message:UNABLE_TO_LOCK_ROWThis issue seems to affect the United Air account and several other large customers. The sales rep can usually save the contact by trying again later in the evening.What should the Architect recommend as a possible solution? A. Add a role-based sharing rule so all sales team members have Read/Write access to contacts. B. Remove sharing rules and replace them with Apex sharing for Unite Air and the other large accounts. C. Implement an account hierarchy and redistribute the contacts evenly under the child accounts. D. Create a permission set for the sales team to grant them Read/Write access to all account fields.
C. Implement an account hierarchy and redistribute the contacts evenly under the child accounts. Locking is caused by Data Skew. To solve this we should create account branch/hierarchy and redistribute contact across these child accounts.
In order to comply with Regulatory Requirements, Universal Containers must store sensitive customer information on -premise. Universal Containers would like this on-premise information to be accessible from Salesforce.What technology can Universal Containers use to achieve this? A. Implement a third-party tokenization service. B. Implement an on-premise database. C. Implement a third-party proxy server. D. Implement the Salesforce Shield toolkit.
C. Implement a third-party proxy server.
A Sales Rep at Universal Containers wants to create a dashboard to see how his sales numbers compare with his peers. Assuming a Private model, which two permissions would the Sales Rep need to meet this requirement?Choose 2 answers A. Manage Custom Report Types B. Customize Application C. Manage Dashboards D. View All Data
C. Manage Dashboards D. View All Data Manage Dashboard is needed to create the dashboard. View All Data permission required for sales rep to see peers data.
The System Administrator at Universal Containers has created two list views called ListV1 and ListV2. One group of users should only see ListV1 and the second group of users should only see ListV2. Two public groups were created to restrict visibility to the respective list views. However, users in both groups are able to see both list views. What system permission in their profile enabled the users to see all list views? A. Manage Custom List Views B. Manage Private List Views C. Manage Public List Views D. Manage Custom Permissions
C. Manage Public List Views Manage Public List Views allow user to view all list views in the system.
Universal Containers has a Private Sharing Model for the Opportunity object. Sales Rep A at Universal containers created the Opportunity record and then transferred ownership of the Opportunity record to Sales Rep B. both Sales Rep A and B have the same role in the Role Hierarchy. What access will Sales Rep A have to the Opportunity after the transfer? A. Read/Write B. Full Access C. No Access D. Read Only
C. No Access
Universal Containers is a fast-growing company that sells containers globally. It has thousands of dealerships throughout the world where local dealers service Containers sold locally. They recently opened two dealerships in California: NorthCal and SoCal. Universal Containers implemented a new partner community to enable their dealers. Each dealership has a dealer Manager who has all service agents report into them. Assuming a private sharing model, what is the best option to enable dealer managers to have visibility to customer cases within their dealership and not across all dealerships? A. Create sharing groups that share all cases to all agents under the Dealer manager. B. Create a batch job that creates sharing rules as needed, based on the cases created. C. No changes are needed to the sharing and visibility model to implement their requirement. D. Build a trigger that creates manual sharing of cases as needed whenever a new case is created.
C. No changes are needed to the sharing and visibility model to implement their requirement. By default cases (standard object) has grant access via hierarchy enabled. When partner account is created, a role hierarchy (3-levels) automatically created. Records owned by service agents will also be accessible by roles above the service agent, which is the dealer manager.
Which two settings are available in profiles, but not permission sets?Choose 2 answers. A. Tab Settings B. Record Types C. Page Layout Assignments D. Login Hours
C. Page Layout Assignments D. Login Hours Page Layout and Login Hours are currently only configurable via Profile. Tab settings and availability of Record Type for the user can be added to permission set as well.
Which two options are available to share a Report or Dashboard folder with other users in the Organization? Choose 2 answers. A. Teams B. Profiles C. Public Groups D. Roles.
C. Public Groups D. Roles.
Which two are potential security vulnerabilities in the following code snippet? <apex:page> <apex:form> <apex:outputText value="Enter Name" /> <apex:inputText value=" { !name}" /> <apex:commandButton value="Query" action=" {!query}" /><apex:form> <apex:page> Public class SOQLController {Public String name{Get {return name;}Set {name=value;}} Public PageReference query() {String qryString= 'SELECT Id FROM Contact WHERE' +'(IsDeleted = false and Name like \'#' + name + '#\')';queryResult = Database.query{qryString};return null;}} Choose 2 answers. A. Cross-Site Scripting B. Arbitrary Redirects C. SOQL Injection D. Bypassing Field and Object Security
C. SOQL Injection D. Bypassing Field and Object Security No checking of user's access to record, object, or field SOQL Injection on Dynamic Query - Use static query and bind variables.
Universal Containers has a junction object called "Job Production Facility". With 2 master-detail relationships to the Job and Production Facility custom objects. Both master records have a private sharing model. What statement is true if a user's profile allows access (Create/Read) to the Job, but no access to the Production Facility Object? A. The user will see the junction object but not the link to the Production Facility. B. The user will see the junction object and the link to the Production Facility. C. The user will not be able to see the junction object records or the field values. D. The user will be granted read access to the Production Facility record.
C. The user will not be able to see the junction object records or the field values. In order to get access to the junction object, user need to have access to both parents. Refer to: https://help.salesforce.com/articleView?id=relationships_considerations.htm&type=5
A user at Universal Containers would like to give access to a Report folder to someone else in the organization. Which two access permissions should the user have to support this requirement?Choose 2 answers. A. The "Viewer" Report folder permission B. The "Editor" Report folder permission. C. The "Manage Reports in Public Folders" Profile permission. D. The "Manager" Report folder permission.
C. The "Manage Reports in Public Folders" Profile permission. D. The "Manager" Report folder permission.
A remote user is complaining that they can't see a certain account when they run a particular Private Account List View that they created for themselves. How might a System Administrator assist in troubleshooting this issue? Choose one answer A. VPN to the User's location and establish a remote desktop session. B. Have the User send the List View link URL via email and investigate. C. Use the Login As feature to see what the User is seeing in her login. D. Temporarily make the user a System Administrator so she can fix the issue.
C. Use the Login As feature to see what the User is seeing in her login.
Universal Containers has a requirement to integrate Salesforce with an external system to control record access. What option should the Architect consider when designing a solution? A. Use the Metadata API to maintain the related SObject records B. Use the Security API to modify the role hierarchy in Salesforce C. Use the SOAP API to maintain the related SObject_share records D. Use the SOAP API to create new Criteria-Based Sharing Rules in Sales
C. Use the SOAP API to maintain the related SObject_share records
Universal Containers has just deployed a change to its role hierarchy. A manager is reporting that their staff can now see Accounts that they do not own and should not have access to. How should the Architect troubleshoot? A. While logged in as the System Administrator, use the Field Accessibility Viewer to view a matrix of who has access to Accounts. B. While logged in as the one of the Staff members, navigate to a sample account and use the Sharing button to determine who has access. C. While logged in as the one of the Staff members, navigate to their user record and inspect their profile and role membership. D. While logged in as the System Administrator, use the Field Accessibility Viewer to view a matrix of who has access to Accounts.
C. While logged in as the one of the Staff members, navigate to their user record and inspect their profile and role membership. Record is not 'owned' by the user, so it is likely any manual or sharing rule to user or role. Since this change is related to role hierarchy change it is probably related to role changes.
The following list contains possible ways of viewing the contents of encrypted custom fields. Which options would show the contents in clear text? Please choose 3 answers: A. Stack trace viewer in the developer console B. Debug log output from system.debug(object.encryptedField__c) C. Workflow field update copying encrypted field to unencrypted field D. Trigger field update copying encrypted field to unencrypted field E. Webservice that returns secret as a string
C. Workflow field update copying encrypted field to unencrypted field D. Trigger field update copying encrypted field to unencrypted field E. Webservice that returns secret as a string
Universal Containers has a private sharing model on Accounts. Apex Managed Sharing is required to share certain account records with all users who are assigned to a specific Role in the Role Hierarchy. What should be the recommended way for the Architect to implement this? A. Create an AccountShare record associated to a public group containing the Users in the Role. B. Create an AccountShare record associated to each user who is assigned to the Role. C. Create an AccountShare record associated to the required Role. D. Create an AccountShare record associated to a public group containing the Role.
D. Create an AccountShare record associated to a public group containing the Role. User can create public group containing a role and uncheck grant access using hierarchy.
Get Cloudy Consulting has the following environment: • Global 24x7 Salesforce implementation that supports Marketing, Order Management, Sales, and other miscellaneous business divisions. • A nested territory hierarchy, 12000 sales users and 22000 support agents. • A high demand for new applications and changes to the platform • New releases delivered every two weeks on the platform, based on an agile development model An architect needs to help get cloudy consulting with system recovery from a maintenance restart on Salesforce servers.Which Salesforce feature should the architect use to achieve this goal? A. Enable Filter-Based Opportunity Territory Assignment B. Enable Granular Locking on the system C. Enable Deferred Sharing Rule recalculation D. Enable Parallel Sharing Rule recalculation
D. Enable Parallel Sharing Rule recalculation Parallel Sharing Rule recalculation is used for system recovery from maintenance restart Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_tools_parallel_sharing_rule_recalculation.htm
Universal Containers has recently implemented an integration that is populating 50 custom fields on the account object. They would like these fields to be available to Managers for reporting but do not want them to clutter the page layouts. What should the Architect recommend as a solution? A. Add the fields to the Managers' Account Page Layout; mark the page layout section as Collapsed. B. Grant the Managers access to the fields using a Role-Based Sharing Rule; leave them hidden on the page layout. C. Add the fields to a Custom Report; grant the Managers' Role access to the report folder. D. Grant Managers access to the fields using Field-Level Security; do not add them to a page layout.
D. Grant Managers access to the fields using Field-Level Security; do not add them to a page layout. Manager does not need to see the fields on page layout; so do not add them to page layout. To grant manager access to the field, enable it on field level security for their profile.
Universal Containers has the following requirements: - The Commercial Account and Consumer Account support departments should not collaborate. - The Commercial and Consumer sales users roll up to the same VP of Sales, but there should be no collaboration between sales departments. - The Commercial sales department should share its customers with the Commercial support department. - The Consumer sales department shares its customers with the Consumer support department. - The Commercial and Consumer support departments roll up to the same Support Director. - The sales departments will remain the Account Owner for the Accounts that they sell to. What is the recommended Org-Wide Sharing Default for Accounts, and how would the Architect enable proper Commercial and Consumer Sales to Support Account Sharing for this scenario? A. Private Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Role(s) and Consumer Sales Role(s) to Commercial Support Role(s). B. Private Account Sharing with Sharing Rules from Commercial support Role(s) to Commercial Support Role(s) and Consumer Sales Role(s) to Consumer Support Role(s). C. Read-Only Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Group(s) and Consumer Sales Role(s) to Commercial Support Groups(s). D. Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Groups(s) and Consumer Sales Group(s) to Consumer Support Group(s).
D. Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Groups(s) and Consumer Sales Group(s) to Consumer Support Group(s). Requirement: The Commercial Account and Consumer Account support departments should not collaborate --> Account should be hidden to some user, so OWD should start with Private. Commercial Sales share customers to Commercial Support Consumer Sales share customers to consumer support.
For the Universal Containers Commercial and Consumer support departments, having access to Activities for Contacts with which they interact is important. Commercial support users should not see Consumer Accounts/Contacts and Consumer support users should not see Commercial Accounts/Contacts. Assuming the Organization-Wide Default for Activities is set to "Controlled by Parent" what is the minimum level of Sharing access a support user would need to Accounts/Contacts to view associated Activities? A. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Public Read/Write access to Accounts/Contacts. B. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Private access to Accounts/Contacts. C. The users need no access to Accounts/Contacts with the proper Activity Sharing Rules and Profile Permissions for the Accounts Tab. D. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Public Read only access to Accounts/Contacts.
D. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Public Read only access to Accounts/Contacts. Because Activity is set to "Controlled by Parent", if a department user need to 'access' or view an activity related to contacts they interact, they will at the very least need 'Public Read Only' Access. This can be accomplished by Sharing Rule to each department and grant Public Read Only access to the record. Knowing that some Account/Contact needs to be hidden from some users, it is a given that Account/Contact needs to have 'Private' OWD.
What feature in Salesforce is needed to restrict access to a custom object that has Public Read/Write access? A. Role Hierarchy B. Record Type C. Page Layout D. Profile
D. Profile While OWD is PRW, if the profile does not have read or edit access on the object, user cannot read or edit the object.
Universal Containers has enabled External Default Sharing and wants to allow for external users to have the External Sharing Default set to Public Read-Only for a custom object. Which two options are valid Internal Default sharing settings for the custom object? Choose 2 answers. A. Controlled by Parent B. Public Read/Write C. Private D. Public read Only.
D. Public read Only. B. Public Read/Write Internal Default Sharing should always be more open than External Default Sharing. Since External Default Sharing is Public Read-Only, Internal can only be Public Read-Only & Public Read/Write
Universal Containers has Public Read Only sharing settings on the Opportunity object. What Opportunity access options can the user see while adding account team members to the Account? A. Read Only B. Private and Read Only C. Private D. Read Only and Read/Write
D. Read Only and Read/Write Since the base is Public Read Only, user can only open up more or stay the same; so Read Only or Read/Write.
Universal Containers would like to restrict users' access to export reports. What option supports this requirement? A. Remove the "Report Manager" user permission. B. Remove the Export button from the report page layout. C. Remove "Allow Export" on the report folder settings. D. Remove the "Export Reports" profile permission.
D. Remove the "Export Reports" profile permission.
Universal Containers does not want the Users in the Custom Sales Department Profile to be able to delete Opportunities. How would the Architect prevent a certain set of users from deleting Opportunities? A. Remove the Delete button from the Opportunity Page Layout and Record Type settings. B. Create a Validation Rule that checks the User's Profile before allowing the IsDeleted flag to be set to True. C. Override the Standard button with a Visualforce Page that warns them that they do not have permission to delete. D. Remove the "Opportunity Delete" Permission from the Sales Team's User Profile in the Object Permissions.
D. Remove the "Opportunity Delete" Permission from the Sales Team's User Profile in the Object Permissions.
Universal Containers is creating a custom Visualforce page to allow users to edit contact records. The developer has used an apex:outputField for the Phone field on the contact object. What is the expected behavior if a user without field-level security accesses the Visualforce page? A. The user encounters an error while saving the record. B. The output field is visible to the user. C. The user is able to enter a value into the Phone field. D. The field is automatically removed from the page.
D. The field is automatically removed from the page. "An <apex:outputField> component respects the attributes of the associated field, including how it should be displayed to the user." Refer to: https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_compref_outputField.htm
Universal Containers has junction object called "Job Production Facility", with 2 master-detail relationships to the Job and Production Facility custom objects. Both master records have a private sharing model.What statement is true if a user's profile allows access (Create/Read) to the Job, but no access to the Production Facility Object? A. The user will be granted read access to the Production Facility record B. The user will see the junction object and the link to the Production Facility. C. The user will see the junction object but not the link to the Production Facility. D. The user will not be able to see the junction object records or the field values.
D. The user will not be able to see the junction object records or the field values.
The Collections department at Universal Containers uses Salesforce to track its efforts. All Invoices and invoice line items are store in salesforce. Invoice line item object details, such as quantity and extended amount, should be summarized at the invoice object level, and all users who can see a given invoice should always see all invoice line items. Without leveraging Apex code, how should an Architect create the relationship between the Invoice object and the Invoice Line Item object? A. The invoice Line Item object should have a Lookup to the Invoice object. B. The Invoice object should have a Master-Detail to the Invoice Line Item object. C. The Invoice object should have an inner join to the Invoice Line Item object. D. The Invoice Line Item object should have a Master-Detail to the Invoice Object.
D. The Invoice Line Item object should have a Master-Detail to the Invoice Object. With Master-Detail relationship, user who has access to the parent object (Invoice) will automatically have access to the child object (Invoice Line Item). Master-Detail relationship field is configured on the Invoice Line Item object.
Universal Containers has a requirement to share Accounts automatically to the users at a field office. They currently have the following setup in their environment: - Accounts are set to Private in the Org-Wide Default. - The field office is specified by a lookup in the account object. - There are 400 field offices. - The users in each field office are managed using public groups. Based upon a lookup relationship field on the Account, how should the Architect meet their requirement? A. Use Account Teams to share the Account with the appropriate field office. B. Use Manual Sharing to share the Account with the appropriate field office. C. Use Criteria-Based Sharing to share the Account with the appropriate field office. D. Use Programmatic Sharing to share the Account with the appropriate field office.
D. Use Programmatic Sharing to share the Account with the appropriate field office. manual sharing and account team does not use lookup on account record. there is a limit (300) sharing rule in an object. If there is 400 field offices, assuming a sharing rule for each office, we would have already exceeded the limit.
Universal Health is planning to store patient notes in Salesforce. Patient notes consist of long text notes taken by a use to document phone calls with a patient.A date audit has identified that these notes can contain Personally Identifiable Information (PII) and PersonalHealth Information (PHI). The regulatory requirements state that this data must be encrypted at rest as well as in transit.What should the Architect do in order to make sure Universal Health stays compliant? A. No action is required; all Salesforce data is encrypted at rest as part of Salesforce's standard trust measures. B. Enable Salesforce Shield Platform Data Encryption and mark the patient notes field as encrypted. C. Create a new Custom Field of type "Text (Encrypted)" and move the patient notes data into the new field. D. Use an Apex trigger and the Apex Crypto class to encrypt patient notes as soon as they are saved to Salesforce.
D. Use an Apex trigger and the Apex Crypto class to encrypt patient notes as soon as they are saved to Salesforce. Apex Crypto Class - Used for requirement where encrypted information at rest and in transit
At Universal Containers, the Sales VP likes to re-assign Opportunity Teams every six months. Each Opportunity Team has the following resources: - AE (owner) - Sales Engineers Vertical Overlay Sales Ops What should the Architect use to re-assign Opportunity Team members so they have access to the appropriate Opportunity records? Choose one answer A. From the User Setup menu, click "Update Team members on open Opportunities." B. Build a Visualforce page that will query the default team and update open Opportunities. C. From the Opportunity record detail page, use the "Update Team Members" function. D. Use the Mass Reassign Opportunity Team wizard on the Opportunity Tab Home Page.
D. Use the Mass Reassign Opportunity Team wizard on the Opportunity Tab Home Page.
Universal Containers requires that some employees are able to view and edit records of a custom object called Positions, but no users can delete them. How can Universal Containers accomplish this goal? a. Remove the Delete Access for positions from all user roles b. Remove the Delete Permission for positions from all profiles c. Set the Organization wide default for positions to Read-Only d. Assign the Read-Only profile to all users
b. Remove the Delete Permission for positions from all profiles
