Salesforce Sharing and Visibility Certification

Ace your homework & exams now with Quizwiz!

Cloud Kicks has the following environment: • Two custom objects named Open Position and Candidate • The Candidate object has a lookup relationship to Open Position • Both objects are set to Private in sharing settings • The Human Resources team will own all Open Position and Candidate records Cloud Kicks request that their Salesforce Architect automatically share the Candidate when the Interviewer (lookup to user record) has been populated. The interviewer can be from any department. What approach should the Architect use to accomplish this goal? A. Build Apex Managed Sharing code to share Candidate with the Interviewer user. B. Build a criteria-based sharing rule between the Candidate and the Interviewer. C. Build a standard sharing rule between Candidate and the Interviewer. D. Build a workflow email notification to notify the interviewer of the record assignment

A. Build Apex Managed Sharing code to share Candidate with the Interviewer user.

Universal Containers has a Private Sharing Model and restrictive data access settings in place. The data governance team is planning to deploy a master data management tool that will need write access to all system data, and the Architect has been asked to prepare a Data Governance User Profile that has full access to all data regardless of Sharing and CRUD Settings. What is the optimal way to enable this requirement? A. Ensure the profile has the "Modify All Data permission enabled B. Create a Sharing Rule for required Objects, on an API Only profile C. Create an All Data Access app as a default for this Profile D. Enable the "Edit Read -Only Fields" permission for this Profile

A. Ensure the profile has the "Modify All Data permission enabled

A Visualforce controller has a requirement to be written with "Without Sharing" at the top level; however, certain methods within the page still need to enforce the user permissions for creating records and accessing certain fields. Which two methods below would be used to enforce this requirements? Choose 2 answers. A. Schema.DescribeFieldResult B. Schema.getGlobalDescribe C. UserInfo.getProfileID D. Schema.DescribeSObjectResult

A. Schema.DescribeFieldResult D. Schema.DescribeSObjectResult These are the two methods used to enforce user permission on field and object level.

Universal Containers has set Account Sharing to Private with Account Teams enabled. Which two user groups can add team members on the Account? Choose 2 answers A. The current Account Owner can add team members B. The user specified as the Manager on the Owner's User record C. Someone above the Account Owner in the Role Hierarchy with read access D. Any Account Team Member with read access on the Account

A. The current Account Owner can add team members C. Someone above the Account Owner in the Role Hierarchy with read access

Which users have access to Opportunity records owned by an external user, assuming no other changes to the sharing model have been implemented? A. The​ ​record​ ​owner​ ​and​ ​any​ ​user​ ​above​ ​the​ ​external​ ​user​ ​in​ ​the​ ​role​ ​hierarchy. B. The record owner only. C. The record owner and any user below the external user in the role hierarchy. D. The record owner and all internal users.

A. The​ ​record​ ​owner​ ​and​ ​any​ ​user​ ​above​ ​the​ ​external​ ​user​ ​in​ ​the​ ​role​ ​hierarchy. Opportunity (Standard Object) has grant access via hierarchy enabled by default. Account Owner has to have a role when enabling external user. So the external user roles are rolling up to the account owner role.

Universal​ ​Containers​ ​has​ ​a​ ​strict​ ​security​ ​model​ ​enforced​ ​through​ ​object,​ ​field,​ ​and​ ​row-based​ ​security mechanisms.​ ​ ​The​ ​Architect​ ​would​ ​like​ ​to​ ​ensure​ ​the​ ​security​ ​model​ ​is​ ​being​ ​thoroughly​ ​tested​ ​using​ ​Apex automated​ ​tests.Which​ ​three​ ​considerations​ ​should​ ​be​ ​made​ ​when​ ​using​ ​the​ ​runAs()​ ​method​ ​to​ ​design​ ​Apex​ ​unit​ ​tests?Choose​ ​3​ ​answers A. runAs()​ ​can​ ​be​ ​used​ ​inside​ ​of​ ​test​ ​classes​ ​to​ ​validate​ ​record-level​ ​security. B. runAs() can be used outside of test classes to bypass record-level security. C. runAs() can be used inside of test classes to validate field-level permissions. D. runAs()​ ​does​ ​not​ ​enforce​ ​user​ ​permissions​ ​or​ ​field-level​ ​permissions​ ​in​ ​test​ ​classes. E. runAs()​ ​counts​ ​towards​ ​total​ ​DML​ ​statements​ ​issued​ ​within​ ​the​ ​transaction.

A. runAs()​ ​can​ ​be​ ​used​ ​inside​ ​of​ ​test​ ​classes​ ​to​ ​validate​ ​record-level​ ​security. D. runAs()​ ​does​ ​not​ ​enforce​ ​user​ ​permissions​ ​or​ ​field-level​ ​permissions​ ​in​ ​test​ ​classes. E. runAs()​ ​counts​ ​towards​ ​total​ ​DML​ ​statements​ ​issued​ ​within​ ​the​ ​transaction.

Which three advanced tools can Salesforce enable for large-scale role hierarchy realignments in organizations with large data volumes?Choose 3 answers. A. Partitioning​ ​by​ ​Divisions B. Granular Locking C. Parallel Sharing Rule Recalculation D. Deferred​ ​Sharing​ ​Calculation E. Skinny​ ​Table​ ​Indexing

B. Granular Locking C. Parallel Sharing Rule Recalculation D. Deferred​ ​Sharing​ ​Calculation Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_tools.htm https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-performance-and-scalability/

Universal Containers has the following Sharing Settings for their Org: - Account = Private - Contact = Controlled by Parent - Opportunity = Private - Case = Private They have enabled "Default Account Teams" and have trained users to set up their Default Team. Which three access levels can be set on the Account Team Member? Choose 3 answers. A. Contact Access B. Opportunity​ ​Access C. Account​ ​Access D. Contract Access E. Case​ ​Access

B. Opportunity​ ​Access C. Account​ ​Access E. Case​ ​Access Contact will not needed to be separately set because it is Controlled by Parent (Account).

Universal Containers has created a Reimbursement Custom Object to capture requests for reimbursement of expenses related to office supplies. The Reimbursement requests are sometimes sensitive and the Team Leads should not have access to the Reimbursement records submitted by the Users in the Call Center Agent role. The Director of Support will require access to all Reimbursement records. The role hierarchy is set as follows: Call Center Agent role reports to Team Lead role, which Reports to the Director of Support. Which steps would the Architect take to ensure proper sharing in this Role Hierarchy structure assuming Private Sharing Setting for the Reimbursement Object? A. Leave the Reimbursement Object in "Deployed" Status and set the Director of Supports Profile to "View All" in the object permissions B. Use an Approval Process to change the owner of the Reimbursement record upon submission to the Director of Support C. Disable Grant Access Using Hierarchies for the Object and create a Sharing Rule to enable sharing to the Director of Support D. The sharing scenario described will occur without any special configuration choices being made by the Architect

C. Disable Grant Access Using Hierarchies for the Object and create a Sharing Rule to enable sharing to the Director of Support Team Lead can't view their subordinate's records --> Disable Grant Access using Hierarchies Support Director need to see all of the records --> Sharing Rule

How would you make sure Visualforce page is security proof? Choose 3 answers A.Manually check for cross site B. Manually check for sql injection C. Submit to force security scanner D. Use web application tool for security E. Use debug to check hijacked requests

C. Submit to force security scanner D. Use web application tool for security E. Use debug to check hijacked requests

Which two statements are true regarding the configuration options available when using Salesforce setup? Choose 2 answers A. The Record Types setting is available in profiles, but NOT in permission sets B. The Tab Settings is available in profiles, but NOT in permission sets C. The Page Layout Assignments setting is available in profiles, but NOT in permission sets D. The Login Hours setting is available in profiles, but NOT in permission sets

C. The Page Layout Assignments setting is available in profiles, but NOT in permission sets D. The Login Hours setting is available in profiles, but NOT in permission sets

Universal Containers has a custom Visualforce application that uses a standard Apex controller on the Lead object. What should the Architect do to ensure that object-level security is implemented within this application? A. When defining the Visualforce page, use the "With Sharing" keyword B. To enforce user permissions in the Apex controller, use the runAs() method C. Within the Visualforce page, use the {!$ObjectType.lead.accessible} expression D. Within the Apex controller, use the Schema.DescribeSObjectResult isAccessible() method

C. Within the Visualforce page, use the {!$ObjectType.lead.accessible} expression Because it is standard controller, it is not editable, this needs to be controlled on the VSP page.

What is the security vulnerability in the following code snippet?<apex:form><apex:commandButton rerender="outputIt" value="Update It"/><apex:inputText value="{ !myTextField}"/></apex:form><apex:outputPanel id="outputIt">Value of myTextField is <apex:outputText vlue="{!myTextField}" escape="false"/></apex:outputPanel> A. SOQL Injection B. Access Control C. Arbitrary Redirects D. Cross-Site Scripting

D. Cross-Site Scripting Whenever you see escape = "false" - a sign for cross-site scripting vulnerability.

There is a custom object, Job, that has OWD set to "Private". It contains extremely private information that should only be available to the record owner and the hiring manager that is associated through a user Lookup field on the object. What is the best solution to grant access? A. Have the record owner manually share the record to the hiring manager. B. Create a workflow rule to grant access to the hiring manager. C. Do nothing, the OWD will grant the access. D. Use Apex Managed Sharing to grant the access to the hiring manager.

D. Use Apex Managed Sharing to grant the access to the hiring manager.

Universal Containers (UC) works with a dealer network to sell their products. There are approximately 5,000 dealers that do business with UC and UC has purchased a Partner Community to interact with each of their dealers on Opportunities. Each dealer is structured so that there are a group of managers who will oversee a larger team of agents. UC would like to set the Organization-Wide Defaults to Private for the Opportunity object, both internally and externally. Within each dealer, there are a few agents called Lead Agents who should be able to see the Opportunities for all of the other Agents at the dealer. What is the optimal solution for an Architect to recommend? A. Add​ ​a​ ​Sharing​ ​Set​ ​that​ ​shares​ ​Opportunities​ ​to​ ​the​ ​Lead​ ​Agent​ ​based​ ​on​ ​the​ ​Lead​ ​Agents​ ​Account. B. Build an Apex Managed Sharing rule that will assign specific Opportunities to Lead Agents. C. Grant Super User access to the Lead Agents as part of the Community user setup. D. Create a Sharing Rule to share opportunities to the owner's manager's role and below.

A. Add​ ​a​ ​Sharing​ ​Set​ ​that​ ​shares​ ​Opportunities​ ​to​ ​the​ ​Lead​ ​Agent​ ​based​ ​on​ ​the​ ​Lead​ ​Agents​ ​Account. As of 2018, Salesforce enabled sharing set for Partner Community License; previously its only available for high volume license. I think in this case sharing set will be cleaner and easier than sharing rule, because sharing rule will need to be created for each account, whereas sharing set will take care of itself as long as the contact account matches. Super User access give user access to not just his/her account but other account, in this case we don't want that. Apex Managed Sharing is not necessary, declarative option (i.e. Sharing Set) is available for this use case.

Which are two valid use cases for programmatic sharing? Choose 2 answers. A. An​ ​external​ ​system​ ​manages​ ​user​ ​record​ ​access. B. Frequent user ownership changes based on re-alignments. C. Native​ ​sharing​ ​functionality​ ​does​ ​not​ ​meet​ ​requirements. D. Setting user ownership for standard and custom objects.

A. An​ ​external​ ​system​ ​manages​ ​user​ ​record​ ​access. C. Native​ ​sharing​ ​functionality​ ​does​ ​not​ ​meet​ ​requirements. SOAP API is used if an external system manages user record access & Apex Managed Sharing (programmatic sharing) used only if sharing rules, manual sharing, etc is not meeting the requirements.

Which three capabilities are available with Enterprise Territory Management? Choose 3 answers. A. Assignment​ ​of​ ​Territory​ ​on​ ​Opportunities. B. Share a report or dashboard folder with a Territory. C. Metadata​ ​API​ ​Support D. Create​ ​a​ ​public​ ​group​ ​with​ ​Territory. E. Integration with Collaborative Forecasting.

A. Assignment​ ​of​ ​Territory​ ​on​ ​Opportunities. C. Metadata​ ​API​ ​Support (y) E. Integration with Collaborative Forecasting (y) Refer to: https://help.salesforce.com/articleView?id=000338795&type=1&mode=1 Based on the article, D. Create​ ​a​ ​public​ ​group​ ​with​ ​Territory is also available on Enterprise Territory Management.

A dummy user at Universal Containers owns more that 10,000 lead records. The system assigned all these leads to a dummy user. This is causing performance issues whenever role hierarchy changes. Which two options should be recommended to improve performance?Choose 2 answers. A. Assign​ ​ownership​ ​to​ ​a​ ​small​ ​number​ ​of​ ​users. B. Add the dummy user into a public group. C. Add the dummy user to the bottom of the role hierarchy. D. Do​ ​not​ ​assign​ ​a​ ​role​ ​to​ ​the​ ​dummy​ ​user.

A. Assign​ ​ownership​ ​to​ ​a​ ​small​ ​number​ ​of​ ​users. D. Do​ ​not​ ​assign​ ​a​ ​role​ ​to​ ​the​ ​dummy​ ​user. Record Ownership Skew Issue - Ensure the record ownership is spread across a number of users rather than a singular user. If it is not possible, refrain from assigning role to the dummy user; so any role hierarchy change and recalculation will not impact or touch this huge amount of records.

Below are some details regarding the organization at Universal Containers: - Richard and Kevin are the East sales reps and their manager is Karen, the East sales executive. - Sam and Wilder are West sales reps and their manager is Wendy, the West sales executive. - Bob is the CEO and manages both Karen and Wendy. Universal Containers role hierarchy follows their management structure. Richard owns an account, NewCompany, and Kevin owns an account, OldCompany. Karen manually shared her account NewWorld with Kevin. However, she has moved to a new role to lead all Named Accounts, and Phil, who replaced her, is the new owner of NewWorld. Which employees will have access to the NewWorld account? A. Bob​ ​and​ ​Phil B. Bob, Karen and Kevin C. Bob, Richard, Phil and Kevin D. Bob, Phil and Kevin

A. Bob​ ​and​ ​Phil When a record owner is updated, any manual share granted to a user is removed; hence Karen's record share to Kevin to NewWorld disappears when she updates the record owner to Phil. Bob owns the record, because he is Phil's boss (above him on the role hierarchy). By default role hierarchy is enabled for Account, standard object.

Universal Containers has two custom objects: Job and Job Interview. The Job Interview object has a lookup relationship to Job. Both objects are set to Private in sharing settings. The HR team will own all Job and Job Interview records. They have asked their Salesforce Architect to automatically share the Job Interview when the Interviewer (lookup to user record) has been populated. The interviewer can be from any department.What method should the Architect use to achieve this requirement? A. Build apex Managed Sharing code to share Job Interview with the Interviewer user. B. Build a criteria-based sharing rule between the Job Interview and the Interviewer. C. Build a standard sharing rule between Job Interview and the Interviewer. D. Build a workflow email notification to notify the interviewer of the record assignment

A. Build apex Managed Sharing code to share Job Interview with the Interviewer user. Whenever there is a user lookup that is not the owner, it is typically going to require apex managed sharing.

Universal Containers has Controlled by Parent sharing settings on the Contact object and Public Read Only sharing settings on Account, Opportunity, and Case objects. Which two options can the user see while adding Account team members to the Account? A. Case​ ​Access B. Opportunity​ ​Access C. Contact Access D. Activity Access

A. Case​ ​Access B. Opportunity​ ​Access Contact Access is 'Controlled by Parent' (Account) so there should not be an option to configure visibility for this object separately. Opportunity and Case are 'Public Read Only'; user can open up visibility as 'Read Only' or 'Read/Write'

Cloud Kicks has multiple business partners that assist with product fulfillments, and requires a web service to be exposed to the business partners. Each business partner needs to be able to query Cloud Kicks Salesforce instance to retrieve the status of orders. Additionally, each business partner should only be allowed access to orders for which the business partner is the fulfillment vendor. The architect does NOT want the business partners to utilize the standard APIs and would prefer a custom API be developed. Which three design elements should the Architect consider in order to ensure the data security of the solution? Choose 3 answers. A. Create a custom Apex Web Service using the "With Sharing" keyword B. Give each partner their own Salesforce login set to API Enabled on the profile C. Query the Orders object with Dynamic SOQL based upon the fulfillment ID D. Set the Orders object's sharing settings to Private in the Org-Wide Defaults E. Create a custom Apex web service with a fulfillment ID input attribute

A. Create a custom Apex Web Service using the "With Sharing" keyword B. Give each partner their own Salesforce login set to API Enabled on the profile D. Set the Orders object's sharing settings to Private in the Org-Wide Default

Universal Containers would like to create a custom team solution that can be used on a custom Loan object. The following requirements must be met: - The Loan custom object should be set to Private in the Org-Wide Defaults. - Any user added to the Custom Team object should have Read Only access to the corresponding Loan record. - If the Custom Team record is marked as "Primary" then the corresponding user should have Read/Edit access to the corresponding Loan record. Which two methods will allow the Architect to meet the requirements?Choose 2 answers. A. Create a custom trigger on the Custom Team object that inserts or updates records in the Loan_share object. B. Create​ ​a​ ​criteria-based​ ​sharing​ ​rule​ ​on​ ​the​ ​Loan​ ​object​ ​that​ ​will​ ​share​ ​the​ ​Loan​ ​record​ ​with​ ​the appropriate​ ​user​ ​in​ ​the​ ​Custom​ ​Team​ ​object. C. Create Apex Sharing Reasons on the Loan object to identify the reason the Loan record was share. D. Create​ ​an​ ​owner-based​ ​sharing​ ​rule​ ​on​ ​the​ ​Custom​ ​Team​ ​object​ ​that​ ​will​ ​share​ ​the​ ​Loan​ ​record​ ​to​ ​the owner​ ​of​ ​ ​the​ ​Custom​ ​Team​ ​record.

A. Create a custom trigger on the Custom Team object that inserts or updates records in the Loan_share object. C. Create Apex Sharing Reasons on the Loan object to identify the reason the Loan record was share. Custom Team object requires programmatic creation of share record on the Custom Loan Object (Loan_share). Neither criteria based sharing rule or owner based sharing rule can be created on the go, there is also limit in terms of how many of these rules can be created per object.

Universal​ ​Containers​ ​has​ ​developed​ ​Apex​ ​code​ ​to​ ​manually​ ​create​ ​AccountShare​ ​ ​records​ ​to​ ​grant​ ​specific​ ​users access​ ​to​ ​individual​ ​Accounts.​ ​What​ ​must​ ​the​ ​Architect​ ​do​ ​to​ ​ensure​ ​the​ ​AccountShare​ ​records​ ​are​ ​not​ ​deleted when​ ​the​ ​owner​ ​of​ ​the​ ​Account​ ​is​ ​changed? A. Create​ ​the​ ​share​ ​records​ ​and​ ​set​ ​the​ ​RowCause​ ​to​ ​a​ ​custom​ ​Apex​ ​Sharing​ ​Reason. B. Create the share records in a class with the "Without Sharing" keyword. C. Create the share records with the Delete on Owner Change field set to false. D. Create the share records and set the RowCause to Manual.

A. Create​ ​the​ ​share​ ​records​ ​and​ ​set​ ​the​ ​RowCause​ ​to​ ​a​ ​custom​ ​Apex​ ​Sharing​ ​Reason.

Which two license types can create and edit reports, when assigned the correct permissions? Choose two answers A. Customer Community Plus B. Customer Community C. Customer Community Plus Login D. Partner Community Plus Login

A. Customer Community Plus C. Customer Community Plus Login Partner Community Plus is not a thing. Refer to: https://help.salesforce.com/articleView?id=networks_analytics_limitations.htm&type=5

Universal Containers has created a custom object to store highly confidential client relationship data with Private sharing settings. Which two options would an Architect choose to ensure access only to the record owner and the administrator?Choose 2 answers. A. Disable​ ​"Grant​ ​Access​ ​Using​ ​Hierarchies." B. Disable the "Create" permission on all other profiles. C. Disable the "Read" permission on all other profiles. D. Disable​ ​the​ ​"View​ ​All"​ ​permission​ ​on​ ​all​ ​other​ ​profiles.

A. Disable​ ​"Grant​ ​Access​ ​Using​ ​Hierarchies." D. Disable​ ​the​ ​"View​ ​All"​ ​permission​ ​on​ ​all​ ​other​ ​profiles. In order to ensure only record owner + system administrator access to record, we need to: - Disable grant access using hierarchies; so that the roles above record owner's will not have access to the record. - View All permission grant user access to view all records within the object.

When writing test methods, what functionality is verified by the system method "runAs()"? A. Enforcement​ ​of​ ​a​ ​user's​ ​record​ ​sharing. B. Enforcement of a user's field-level security. C. Enforcement of a user permissions. D. Enforcement of a user's public group assignments.

A. Enforcement​ ​of​ ​a​ ​user's​ ​record​ ​sharing. runAs() does not validate user's permission, field-level security and public group assignment. It only validates record access.

Which​ ​two​ ​reasons​ ​should​ ​the​ ​Architect​ ​consider​ ​regarding​ ​the​ ​use​ ​of​ ​Apex​ ​Sharing​ ​Reasons? Choose​ ​2​ ​answers A. Ensuring​ ​the​ ​developer​ ​can​ ​more​ ​easily​ ​troubleshoot​ ​programmatic​ ​sharing. B. Ensuring​ ​the​ ​Share​ ​record​ ​is​ ​not​ ​deleted​ ​upon​ ​ownership​ ​change. C. Ensuring the Share record is deleted upon ownership change. D. Ensuring there is additional criteria available for Criteria-Based Sharing.

A. Ensuring​ ​the​ ​developer​ ​can​ ​more​ ​easily​ ​troubleshoot​ ​programmatic​ ​sharing. B. Ensuring​ ​the​ ​Share​ ​record​ ​is​ ​not​ ​deleted​ ​upon​ ​ownership​ ​change.

Universal​ ​Containers​ ​has​ ​set​ ​the​ ​Org-Wide​ ​Sharing​ ​Default​ ​for​ ​Accounts​ ​to​ ​Private​ ​and​ ​has​ ​created​ ​some sharing​ ​rules​ ​to​ ​extend​ ​access​ ​based​ ​on​ ​certain​ ​data​ ​access​ ​policies.​ ​ ​An​ ​architect​ ​has​ ​been​ ​asked​ ​to​ ​review access​ ​to​ ​a​ ​certain​ ​set​ ​of​ ​key​ ​customer​ ​accounts.How might this review be conducted? A. Export​ ​the​ ​Account​ ​Share​ ​table​ ​and​ ​review. B. Run a Report on Sharing in the Admin Console. C. Log in as each user and Run the All Accounts List View. D. Use the Sharing button on each customer Account.

A. Export​ ​the​ ​Account​ ​Share​ ​table​ ​and​ ​review. Reviewing access on a set of record --> Account Share If 'user' has issue with visibility --> Login as the User If user wants to troubleshoot why user has access to a record --> Sharing Button, Why?

Universal Containers maintains Job information in a Custom Object that contains sensitive information. The only users who should be able to view and edit Job records are the user who owns the record and all users in the Delivery profile. Which three platform sharing tools are required to support the above requirements?Choose 3 answers. A. Grant​ ​access​ ​Using​ ​Hierarchy​ ​sharing​ ​setting​ ​on​ ​the​ ​Job​ ​Object​ ​set​ ​to​ ​false. B. "Modify​ ​All"​ ​permission​ ​for​ ​Job​ ​Object​ ​on​ ​the​ ​Delivery​ ​Profile. C. Criteria-Based sharing rule for the Delivery Profile on the Job Object. D. Organization-Wide​ ​Default​ ​sharing​ ​setting​ ​of​ ​Private​ ​on​ ​the​ ​Job​ ​Object. E. "View All Data" profile permission on the Delivery Profile.

A. Grant​ ​access​ ​Using​ ​Hierarchy​ ​sharing​ ​setting​ ​on​ ​the​ ​Job​ ​Object​ ​set​ ​to​ ​false. B. "Modify​ ​All"​ ​permission​ ​for​ ​Job​ ​Object​ ​on​ ​the​ ​Delivery​ ​Profile. D. Organization-Wide​ ​Default​ ​sharing​ ​setting​ ​of​ ​Private​ ​on​ ​the​ ​Job​ ​Object. - Disabling Grant access using hierarchy prevent user above the role of record owner accessing the record. - Modify All on Job Object within profile allows delivery profile to update all records in job object. - Private OWD close down visibility so other people can't access the record. Criteria based sharing rule does not work with 'Profile'. It has to be shared to roles, or public group, territory, etc. View All Data grant the profile users not only access to Job object but also everything else -- not necessarily what we want.

Universal​ ​Containers​ ​is​ ​looking​ ​to​ ​set​ ​up​ ​a​ ​new​ ​integration​ ​with​ ​its​ ​ERP​ ​system.​ ​ ​The​ ​goal​ ​is​ ​to​ ​synchronize contacts​ ​in​ ​the​ ​ERP​ ​shipping​ ​tables​ ​with​ ​those​ ​in​ ​their​ ​CRM​ ​so​ ​that​ ​sales​ ​reps​ ​can​ ​view​ ​up​ ​to​ ​date​ ​contact information.​ ​ ​The​ ​integration​ ​runs​ ​under​ ​a​ ​dummy​ ​Integration​ ​User​ ​who​ ​is​ ​at​ ​the​ ​top​ ​of​ ​the​ ​role​ ​hierarchy.​ ​ ​The Organization-Wide​ ​Default​ ​sharing​ ​setting​ ​for​ ​Accounts​ ​is​ ​Private​ ​and​ ​Contacts​ ​is​ ​Controlled​ ​by​ ​Parent.​ ​ ​A​ ​large number​ ​of​ ​contacts​ ​(100,000)​ ​have​ ​account​ ​data​ ​in​ ​the​ ​ERP​ ​system,​ ​but​ ​do​ ​not​ ​have​ ​corresponding​ ​Accounts​ ​in Salesforce.How​ ​should​ ​the​ ​Architect​ ​design​ ​the​ ​solution​ ​so​ ​that​ ​the​ ​sales​ ​team​ ​can​ ​see​ ​the​ ​contacts​ ​and​ ​there​ ​are no​ ​performance​ ​issues? A. Have the integration create both contacts and their corresponding accounts; use an Account sharing rule to grant sales reps access to the contacts. B. Have the integration create the contacts under one dummy account record; use an Account sharing rule to grant sales reps access to the contacts. C. Have​ ​the​ ​integration​ ​create​ ​the​ ​contacts​ ​with​ ​Salesforce​ ​without​ ​an​ ​account;​ ​use​ ​a​ ​Contact​ ​sharing rule​ ​to​ ​grant​ ​sales​ ​reps​ ​access​ ​to​ ​the​ ​contacts. D. Have the integration create both the contacts and their corresponding accounts; use a Contact Sharing rule to grant sales reps access to the contacts.

A. Have the integration create both contacts and their corresponding accounts; use an Account sharing rule to grant sales reps access to the contacts.

In order to comply with regulatory requirements, Universal Health must encrypt all Personally Identifiable Information (PII), both while it is being transmitted over the network and while it is at rest. Universal Health has completed a data audit and has determined that 12 fields on the contact record can contain PII, including the contact name and several other standard fields. Universal Health would like the fields to remain accessible in Salesforce. Which two options does Universal Health have to maintain compliance? Choose 2 answers. A. Implement a custom Apex trigger to automatically encrypt the PII data using the Apex Crypto Class. B. Update the field type of each of the 12 fields to "Text (Encrypted)" so that they are encrypted at rest. C. Enable Salesforce Platform Encryption and select the 12 contact fields to be encrypted. D. Use an external, third party encryption service to encrypt PII before it enters Salesforce.

A. Implement a custom Apex trigger to automatically encrypt the PII data using the Apex Crypto Class. D. Use an external, third party encryption service to encrypt PII before it enters Salesforce. Encrypted Field and Platform Encryption only solve at-rest encryption requirement.

Which​ ​two​ ​access​ ​grants​ ​are​ ​stored​ ​in​ ​the​ ​Group​ ​Maintenance​ ​tables? Choose 2 answers A. Inherited​ ​access​ ​grants B. Explicit grants C. Group Membership grants D. Implicit​ ​grants

A. Inherited​ ​access​ ​grants C. Group Membership grants Refer to: https://developer.salesforce.com/docs/atlas.en-us.salesforce_record_access_under_the_hood.meta/salesforce_record_access_under_the_hood/uth_groups.htm

Universal Containers has a set of Account Management users that should only see Accounts once the Account becomes a customer. The Type field on the Account identifies whether the Account is a Prospect, Customer, Partner or Other. Which two methods could an Architect use to enable this sharing requirement, assuming a private sharing model for Accounts?Choose 2 answers. A. Institute a process that calls for the Account Manager to be added to the Account Team once the Account becomes a customer. B. Create an Account Sharing Rule that shares all Accounts owned by Sales to be shared with Account Management roles and subordinates. C. Create​ ​a​ ​Public​ ​List​ ​View,​ ​where​ ​Accounts​ ​of​ ​Type​ ​Customer​ ​are​ ​included​ ​and​ ​share​ ​the​ ​List​ ​view​ ​with​ ​the Account​ ​Management​ ​public​ ​group. D. Create​ ​a​ ​Criteria-based​ ​Sharing​ ​rule​ ​that​ ​shares​ ​the​ ​Account​ ​to​ ​the​ ​ ​Account​ ​Management​ ​Group​ ​when​ ​the Type​ ​is​ ​Customer.

A. Institute a process that calls for the Account Manager to be added to the Account Team once the Account becomes a customer. D. Create​ ​a​ ​Criteria-based​ ​Sharing​ ​rule​ ​that​ ​shares​ ​the​ ​Account​ ​to​ ​the​ ​ ​Account​ ​Management​ ​Group​ ​when​ ​the Type​ ​is​ ​Customer. Owner-based sharing rule does not satisfy the requirement, does not fit the criteria. Public List View does not solve the issue because visibility is hidden on record side, so even if list view is public the record won't be there.

Which permissions bypass the FLS protections safeguarding a secret stored in a custom field? Please choose 3 answers: A. Modify All Data B. View All Data (Profile) C. Customize Application D. Deploy Apex E. View All Data (Object Specific)

A. Modify All Data C. Customize Application D. Deploy Apex

Universal​ ​Containers​ ​uses​ ​the​ ​Case​ ​object​ ​to​ ​track​ ​service​ ​tickets.​ ​ ​They​ ​have​ ​implemented​ ​Case​ ​teams​ ​to​ ​allow multiple​ ​support​ ​representatives​ ​to​ ​manage​ ​the​ ​Cases. Which​ ​two​ ​"Filter​ ​by​ ​owner"​ ​options​ ​would​ ​the​ ​user​ ​see​ ​while​ ​creating​ ​a​ ​list​ ​view​ ​on​ ​the​ ​Case​ ​object?Choose​ ​2​ ​answers A. My​ ​Case​ ​Teams B. Roles C. Public Groups D. Queue

A. My​ ​Case​ ​Teams D. Queue

Universal​ ​Containers​ ​has​ ​requirement​ ​for​ ​the​ ​Architect​ ​to​ ​develop​ ​Apex​ ​Managed​ ​Sharing​ ​code​ ​for​ ​the​ ​custom Job​ ​object.​ ​ ​The​ ​sharing​ ​settings​ ​for​ ​the​ ​Job​ ​object​ ​are​ ​set​ ​to​ ​Private. When assigning access level for the record, which two lines of code will cause a DML exception on insert to the database? Choose 2 answers A. Objectname.AccessLevel='Edit' B. Objectname.AccessLevel='All' C. Objectname.AccessLevel='None' D. Objectname.AccessLevel='Read'

A. Objectname.AccessLevel='Edit' D. Objectname.AccessLevel='Read' User requires at-least read access to the record for which the share is to be created

Which features does Salesforce provide for restricting login access to the application? Choose 2 answers. A. Profile-based​ ​login​ ​hour​ ​restrictions B. Role-based IP restrictions C. Organization-wide login hour restrictions D. Profile-based​ ​IP​ ​restrictions

A. Profile-based​ ​login​ ​hour​ ​restrictions D. Profile-based​ ​IP​ ​restrictions Role-based IP restriction + Org-wide Login Hour are not available.

The​ ​Architect​ ​at​ ​Universal​ ​Containers​ ​has​ ​created​ ​a​ ​List​ ​View​ ​to​ ​show​ ​all​ ​open​ ​Opportunities​ ​that​ ​were​ ​created in​ ​the​ ​last​ ​month,​ ​and​ ​would​ ​like​ ​to​ ​make​ ​this​ ​list​ ​view​ ​visible​ ​to​ ​certain​ ​groups​ ​of​ ​users. Which​ ​two​ ​options​ ​are​ ​available​ ​to​ ​the​ ​Architect​ ​for​ ​sharing​ ​the​ ​List​ ​View? A. Public​ ​Groups B. Profiles C. Roles​ ​and​ ​Subordinates D. Manual Sharing

A. Public​ ​Groups C. Roles​ ​and​ ​Subordinates

Universal​ ​Containers​ ​has​ ​successfully​ ​implemented​ ​a​ ​large​ ​Service​ ​Cloud​ ​rollout​ ​for​ ​their​ ​national​ ​call​ ​centre​ ​3 months​ ​ago.​ ​ ​One​ ​of​ ​their​ ​largest​ ​customer​ ​accounts,​ ​United​ ​Automotive,​ ​has​ ​over​ ​15,000​ ​open​ ​cases.​ ​Agents are​ ​now​ ​having​ ​trouble​ ​opening​ ​new​ ​cases​ ​for​ ​United​ ​Automotive.​ ​ ​When​ ​they​ ​try​ ​to​ ​create​ ​a​ ​case,​ ​the following​ ​Error​ ​messages​ ​appear​ ​for​ ​them.UNABLE_TO_LOCK_ROW They​ ​notice​ ​that​ ​this​ ​only​ ​occurs​ ​for​ ​the​ ​United​ ​Automotive​ ​account.​ ​If​ ​they​ ​tray​ ​so​ ​save​ ​the​ ​case​ ​again​ ​it​ ​will usually​ ​work,​ ​but​ ​the​ ​problem​ ​seems​ ​to​ ​be​ ​happening​ ​more​ ​and​ ​more​ ​often. What​ ​option​ ​should​ ​the​ ​Architect​ ​recommend? A. Review​ ​the​ ​Account​ ​structure​ ​to​ ​split​ ​the​ ​United​ ​Automotive​ ​account​ ​into​ ​multiple​ ​branch​ ​accounts. B. Review the Customer Service Profile to ensure that they have Read/Write access to the appropriate Case and Account Fields. C. Review all Case Sharing Rules and consolidate where appropriate to reduce the total number of sharing rules. D. Review all Account sharing rules to ensure that the Customer Service team has Read/Write access to the United Automotive Account.

A. Review​ ​the​ ​Account​ ​structure​ ​to​ ​split​ ​the​ ​United​ ​Automotive​ ​account​ ​into​ ​multiple​ ​branch​ ​accounts. This issue is caused by data skew (15,000 cases lookup to the same account). In order to fix the issue, split account to branches and link cases to these branch accounts.

A​ ​developer​ ​at​ ​Universal​ ​Containers​ ​is​ ​building​ ​an​ ​integration​ ​within​ ​a​ ​managed​ ​package​ ​for​ ​their​ ​internal​ ​org that​ ​requires​ ​login​ ​to​ ​an​ ​external​ ​system.​ ​ ​The​ ​end​ ​point​ ​requires​ ​basic​ ​authentication.​ ​ ​The​ ​Architect​ ​would like​ ​to​ ​ensure​ ​that​ ​the​ ​username​ ​and​ ​password​ ​are​ ​managed​ ​securely.Which​ ​three​ ​options​ ​should​ ​the​ ​Architect​ ​recommend​ ​to​ ​secure​ ​the​ ​credentials? Choose​ ​3​ ​answers A. Store the credentials in protected custom metadata that are used in the Apex Callout. B. Store​ ​the​ ​credentials​ ​in​ ​Named​ ​Credentials​ ​that​ ​are​ ​used​ ​in​ ​the​ ​Apex​ ​Callout. C. Store​ ​the​ ​credentials​ ​in​ ​a​ ​custom​ ​object​ ​using​ ​encrypted​ ​fields. D. Store​ ​the​ ​credentials​ ​in​ ​protected​ ​custom​ ​settings​ ​that​ ​are​ ​used​ ​in​ ​the​ ​Apex​ ​Callout. E. Store the credentials in the Apex code, which will not be available to non-admins.

A. Store the credentials in protected custom metadata that are used in the Apex Callout. B. Store​ ​the​ ​credentials​ ​in​ ​Named​ ​Credentials​ ​that​ ​are​ ​used​ ​in​ ​the​ ​Apex​ ​Callout. D. Store​ ​the​ ​credentials​ ​in​ ​protected​ ​custom​ ​settings​ ​that​ ​are​ ​used​ ​in​ ​the​ ​Apex​ ​Callout.

The​ ​Architect​ ​notices​ ​that​ ​there​ ​are​ ​many​ ​duplicate​ ​Account​ ​records​ ​and​ ​numerous​ ​sharing​ ​rules​ ​created​ ​in Salesforce. What​ ​would​ ​be​ ​the​ ​reason? A. The​ ​Organization-Wide​ ​Default​ ​for​ ​the​ ​Account​ ​object​ ​is​ ​Private. B. The Organization-Wide Default for the Account object is Public Read/Write. C. The Organization-Wide Default for the Account object is Public Read-Only. D. The Object permissions for the Account object are Create, Read, and Edit.

A. The​ ​Organization-Wide​ ​Default​ ​for​ ​the​ ​Account​ ​object​ ​is​ ​Private. Duplicate Records - User create duplicate because they can't see existing record Numerous Sharing Rule created to open up visibility.

Universal Containers created a custom object called Defect and would like to enable the Sharing button on the Defect page layout to share the records manually to other users in the organization. In which scenario will the Sharing button appear? A. The​ ​Sharing​ ​model​ ​is​ ​either​ ​Private​ ​or​ ​Public​ ​Read​ ​only. B. The Sharing button always appears. C. The Sharing model is Public Read/Write. D. The Sharing model is Public Read/Write/Transfer.

A. The​ ​Sharing​ ​model​ ​is​ ​either​ ​Private​ ​or​ ​Public​ ​Read​ ​only. If the OWD is Public Read/Write there is nothing else to share. The button only comes up if there is additional visibility that can be set.

Universal​ ​Containers​ ​would​ ​like​ ​to​ ​customize​ ​the​ ​security​ ​and​ ​sharing​ ​features​ ​of​ ​Salesforce​ ​Account​ ​Teams. They​ ​have​ ​decided​ ​to​ ​implement​ ​a​ ​Custom​ ​Account​ ​Team​ ​object.​ ​ ​They​ ​would​ ​like​ ​the​ ​new​ ​enhancement​ ​to include​ ​all​ ​of​ ​the​ ​features​ ​of​ ​the​ ​existing​ ​account​ ​team,​ ​but​ ​also​ ​utilize​ ​Apex​ ​and​ ​Visualforce​ ​on​ ​the​ ​custom Account​ ​Team​ ​object​.Which two different approaches should the Architect consider when designing this enhancement?Choose 2 answers A. The​ ​need​ ​to​ ​synchronize​ ​the​ ​AccountTeamMember​ ​object​ ​with​ ​the​ ​Custom​ ​Account​ ​Team​ ​object data. B. The​ ​need​ ​to​ ​maintain​ ​the​ ​AccountShare​ ​object​ ​based​ ​upon​ ​the​ ​Custom​ ​Account​ ​Team​ ​object​ ​data. C. The need to dynamically create Criteria-Based Sharing rules with Custom Account Team object data. D. The need to customize Account screens in Visualforce, as the Account_share object cannot be maintained programmatically.

A. The​ ​need​ ​to​ ​synchronize​ ​the​ ​AccountTeamMember​ ​object​ ​with​ ​the​ ​Custom​ ​Account​ ​Team​ ​object data. B. The​ ​need​ ​to​ ​maintain​ ​the​ ​AccountShare​ ​object​ ​based​ ​upon​ ​the​ ​Custom​ ​Account​ ​Team​ ​object​ ​data.

Universal Containers regularly uploads large amounts of parent and child records into Salesforce to maintain integrations with other systems that update their date in scheduled batches or continuously in real time. Which two situations may pose a risk of producing locking errors? Choose 2 answers. A. Updates​ ​to​ ​child​ ​records​ ​that​ ​have​ ​the​ ​same​ ​parent​ ​records​ ​are​ ​being​ ​processed​ ​simultaneously​ ​in separate​ ​transactions. B. Updates to parent and child records are being processed in the same batch. C. Updates​ ​to​ ​parent​ ​records​ ​and​ ​their​ ​child​ ​records​ ​being​ ​processed​ ​simultaneously​ ​in​ ​separate​ ​threads. D. Updates to parent and child records are being processed synchronously in the same threads.

A. Updates​ ​to​ ​child​ ​records​ ​that​ ​have​ ​the​ ​same​ ​parent​ ​records​ ​are​ ​being​ ​processed​ ​simultaneously​ ​in separate​ ​transactions. C. Updates​ ​to​ ​parent​ ​records​ ​and​ ​their​ ​child​ ​records​ ​being​ ​processed​ ​simultaneously​ ​in​ ​separate​ ​threads. Whenever we see a process where child and parent records are processed in separate thread, it is a red flag as it can cause locking issue.

The Architect at Universal Containers would like to prevent users from editing encrypted fields. Assuming no customizations are implemented, which two options should the Architect choose to support the requirement?Choose 2 answers. A. Validation​ ​Rules B. Page​ ​Layout​ ​settings C. Workflow Rules D. Apex Triggers.

A. Validation​ ​Rules B. Page​ ​Layout​ ​settings Validation rule can prevent user from editing a field by popping up error message. Page Layout - Field can be updated to Read Only on page layout.

Universal Containers has a custom object to maintain Job information with a private sharing model. They Delivery group is distributed through the Role Hierarchy based on geography. As the Delivery group often collaborates on Jobs, all users in the Delivery profile require View access to all job records. In special cases, the Delivery user who owns a job must be able to grant a Product Development user access to a Job record. Which two platform features can be used to support these requirements?Choose 2 answers. A. Owner-based Sharing Rules B. "View​ ​All"​ ​Profile​ ​settings C. Criteria-based Sharing Rules D. Manual​ ​Sharing

B. "View​ ​All"​ ​Profile​ ​settings D. Manual​ ​Sharing Delivery - "View All" Profile because user is distributed throughout role hierarchy, but they are all under one profile. Grant "View All" access to the Job object on the profile. Product Development - "In Special Cases" calls for manual sharing usage.

User​ ​A​ ​at​ ​Universal​ ​Containers​ ​is​ ​in​ ​the​ ​default​ ​account​ ​team​ ​for​ ​User​ ​B.​ ​ ​User​ ​B​ ​owns​ ​the​ ​ACME​ ​account​ ​and changed​ ​User​ ​A's​ ​team​ ​member​ ​access​ ​to​ ​the​ ​account.What​ ​is​ ​the​ ​impact​ ​of​ ​this​ ​change? A. Changes affect the default Opportunity team. B. Changes​ ​affect​ ​only​ ​the​ ​ACME​ ​Account. C. Changes affect the default Account team. D. Changes affect all child ACME Accounts.

B. Changes​ ​affect​ ​only​ ​the​ ​ACME​ ​Account. Only updated ACME Account Team Config --> Impact only ACME Account.

Universal Containers would like to track defects within Salesforce. A defect need to have the following fields: • Severity • Type • Status • Description There will be multiple Defects related to the standard Case object. Defects will be assigned to different owners which will often be different to the Case owner. Which option should the Architect choose to meet the requirement? A. Create a relationship between the standard defect object and the standard case object B. Create a custom object for defects and relate it to cases using lookup C. Create all defect fields on the case object to track the defect and lookup D. Create a custom object for defects and relate it to cases using master-detail

B. Create a custom object for defects and relate it to cases using lookup Defect record has its own owner so it would not be a master-detail.

Universal​ ​Containers​ ​has​ ​the​ ​following​ ​requirements: - A​ ​custom​ ​Loan​ ​object​ ​requires​ ​Org-Wide​ ​Defaults​ ​set​ ​to​ ​Private. - The​ ​owner​ ​of​ ​the​ ​Loan​ ​record​ ​will​ ​be​ ​the​ ​Loan​ ​Origination​ ​Officer. - The​ ​Loan​ ​record​ ​must​ ​be​ ​shared​ ​with​ ​a​ ​specific​ ​Underwriter​ ​on​ ​a​ ​loan-by-loan​ ​basis. - The​ ​Underwriters​ ​should​ ​only​ ​see​ ​the​ ​Loan​ ​records​ ​for​ ​which​ ​they​ ​are​ ​assigned. What​ ​should​ ​the​ ​Architect​ ​recommend​ ​to​ ​meet​ ​these​ ​requirements? A. Use​ ​criteria-based​ ​sharing​ ​rules​ ​to​ ​share​ ​the​ ​Loan​ ​object​ ​with​ ​the​ ​Underwriter​ ​based​ ​upon​ ​the criteria​ ​defined​ ​in​ ​the​ ​criteria-based​ ​sharing. B. Create a lookup relationship from the Loan object to the User object. Use a trigger on the Loan object to create the corresponding record in the Loan_share object. C. Create a master-detail relationship from the Loan to the User object. Loan records will be automatically shared with the Underwriter. D. Create an Apex Sharing Reason on the Loan object that shares the Loan with the Underwriter based upon the criteria defined in the Sharing Reason.

B. Create a lookup relationship from the Loan object to the User object. Use a trigger on the Loan object to create the corresponding record in the Loan_share object. Sharing a record to a specific user, that is not an owner --> Manual Sharing/Apex Sharing

Universal Containers has created a custom Sales Operations profile with read and edit access to the Category field on a custom object. There is a new requirement that 3 of the 100 users assigned to the Sales Operations Profile should have read-only access to the Category field. How can the Architect support this request? Choose one answer A. Create a permission set in the Category field to read-only and assign it to the users. B. Create a new profile without edit access to Category and assign it to the users. C. Create a new page layout with the Category Field set to read-only for these users. D. Create a custom permission to grant read-only access to Category and assign it to the users.

B. Create a new profile without edit access to Category and assign it to the users.

At Universal Containers, users should only see Accounts they or their subordinates own. All Accounts with the custom field "Key Customer" should be visible to all Senior Account Managers. There is a custom field on the Account record that contains sensitive information and should be hidden from all users, except 3 designated users who require view and edit access. These three users come from different user groups, and will change occasionally. Which three platform security features are required to support these requirements with the minimum amount of effort? Choose 3 answers. A. Owner-Based Sharing Rules B. Criteria-Based​ ​Sharing​ ​Rules C. Permission​ ​Sets D. Role​ ​Hierarchy E. Apex Managed sharing

B. Criteria-Based​ ​Sharing​ ​Rules C. Permission​ ​Sets D. Role​ ​Hierarchy Users should only see Accounts they or their subordinates own --> Role Hierarchy All Accounts with the custom field "Key Customer" should be visible to all Senior Account Managers --> Criteria-Based Sharing Rules 3 designated users who require view and edit access (from different user groups) --> Permission Set

Which two options can help mitigate the risks of import failures associated with large-volume bulk data loads?Choose 2 answers. A. Minimize user group hierarchy. B. Defer​ ​Sharing​ ​Calculation. C. Increase batch size. D. Group records by ParentID within a batch.

B. Defer​ ​Sharing​ ​Calculation. D. Group records by ParentID within a batch. Defer sharing calculation helps ensure calculation happens after the load; so there is less risk of errors or locking issue happening in the middle of the load. Grouping records by ParentID within a batch helps minimize locking conflict. Refer to: https://developer.salesforce.com/docs/atlas.en-us.salesforce_large_data_volumes_bp.meta/salesforce_large_data_volumes_bp/ldv_deployments_best_practices_api_loading_data.htm

A sales representative at Universal Containers needs assistance from specific product managers when selling certain deals. Product managers do not have access to opportunities they don't own, as the sharing model is Private, but need to gain access when they are assisting with a specific deal. How can an Architect accomplish the requirement? A. Create a sharing rule to allow the product manager to access the opportunity. B. Enable​ ​opportunity​ ​teams​ ​and​ ​allow​ ​users​ ​to​ ​add​ ​the​ ​product​ ​manager. C. Enable account team and allow users to add the product manager. D. Use similar opportunities to share opportunities related to the product manager.

B. Enable​ ​opportunity​ ​teams​ ​and​ ​allow​ ​users​ ​to​ ​add​ ​the​ ​product​ ​manager. Opportunity Team allows sales rep to easily add a user and their role/access level to access the opportunity. This is also enabled via declarative config which is preferred than code/apex sharing.

Universal Containers wants to create a way to store sensitive Invoice Data in Salesforce. A User who owns an Account should not see every Invoice, but only invoices that they or their subordinates own. Which two features should be considered during this solution implementation?Choose 2 answers. A. Deploy​ ​the​ ​Relationship​ ​between​ ​Accounts​ ​ ​and​ ​the​ ​Invoices​ ​Object​ ​as​ ​Master-Detail. B. Ensure​ ​that​ ​the​ ​Organization-Wide​ ​Default​ ​sharing​ ​for​ ​Invoices​ ​is​ ​set​ ​to​ ​Private. C. Create a Workflow that populates the Invoice sharing object upon Insert. D. Deploy the Relationship between Accounts and the Invoices Object as Lookup.

B. Ensure​ ​that​ ​the​ ​Organization-Wide​ ​Default​ ​sharing​ ​for​ ​Invoices​ ​is​ ​set​ ​to​ ​Private. D. Deploy the Relationship between Accounts and the Invoices Object as Lookup. To hide visibility to organization in general - Private OWD Invoice that they or their subordinates 'own'. Lookup relationship allows for ownership, but master/detail (detail record) does not have an associated owner.

Universal Containers, a global corporation of 50,000 users, has a 24x7 call center operated by 20,000 users that includes employees and contractors. Their sales organization is 10,000 strong and they started processing about 100,000 updates to opportunity custom fields called Priority and NextStep. They also started processing 20,000 updates to a highly nested territory hierarchy. There was a third mass update on a Next Step field on the Action Plan custom object that has Case as a lookup field. Users started seeing a Group membership lock error in the system. What is a probable cause for this error? A. Lock contention on Account records because of Opportunity object updates. B. Lock​ ​contention​ ​due​ ​to​ ​system-initiated​ ​sharing​ ​rule​ ​recalculation C. Lock contention on Case records because of Action Plan custom object updates. D. Lock contention on Territory object because of Territory object updates.

B. Lock​ ​contention​ ​due​ ​to​ ​system-initiated​ ​sharing​ ​rule​ ​recalculation

Universal​ ​Containers​ ​is​ ​updating​ ​its​ ​Organization-Wide​ ​Sharing​ ​Settings​ ​for​ ​the​ ​Account​ ​Object​ ​from​ ​a​ ​"Public Read/Write"​ ​model​ ​to​ ​a​ ​"Private"​ ​model,​ ​so​ ​that​ ​they​ ​can​ ​hide​ ​certain​ ​national​ ​accounts​ ​from​ ​sales​ ​reps​ ​and sales​ ​managers.​ ​ ​These​ ​national​ ​accounts​ ​should​ ​only​ ​be​ ​accessible​ ​by​ ​sales​ ​directors​ ​and​ ​above.​ ​ ​Universal Container's​ ​Role​ ​Hierarchy​ ​matches​ ​its​ ​organizational​ ​hierarchy.Which​ ​two​ ​options​ ​should​ ​the​ ​Architect​ ​consider​ ​when​ ​designing​ ​the​ ​solution? Choose​ ​2​ ​answers A. Sales​ ​directors​ ​will​ ​need​ ​a​ ​sharing​ ​rule​ ​created​ ​so​ ​that​ ​they​ ​can​ ​see​ ​accounts​ ​owned​ ​by​ ​Sales​ ​Users. B. National​ ​accounts​ ​must​ ​be​ ​owned​ ​by​ ​a​ ​user​ ​who​ ​is​ ​above​ ​the​ ​sales​ ​managers​ ​in​ ​the​ ​Role​ ​Hierarchy. C. Apex managed sharing will have to be disabled for the account object to protect the national accounts. D. If a sales rep is added to the Opportunity Team for a national account, they will gain access to account data.

B. National​ ​accounts​ ​must​ ​be​ ​owned​ ​by​ ​a​ ​user​ ​who​ ​is​ ​above​ ​the​ ​sales​ ​managers​ ​in​ ​the​ ​Role​ ​Hierarchy. D. If a sales rep is added to the Opportunity Team for a national account, they will gain access to account data.

What should the Architect do to ensure Field-Level Security is enforced on a custom Visualforce page using the Standard Lead Controller? A. Use the "With Sharing" keyword on the Standard Lead Controller. B. Nothing; Field-Level Security will automatically be enforced. C. Use the {!Schema.sObjectType.Lead.fields.isAccessible()} expression D. Use the Schema.SObject.Lead.isAccessible() method.

B. Nothing; Field-Level Security will automatically be enforced. When rendering Visualforce pages, the platform will automatically enforce CRUD and FLS when the developer references SObjects and SObject fields directly in the Visualforce page. Refer to: https://developer.salesforce.com/wiki/enforcing_crud_and_fls

Ursa Major Solar has the goal of increasing performance of the following: • Record Access • Sharing Calculations Which three areas should an Architect review to help Ursa Major Solar achieve this goal? A. Custom Object data, to ensure that no Account has more than 10,000 Custom Objects that look up to it B. Opportunity data, to ensure that no Account has more than 10,000 Opportunity records that are related to it. C. Record ownership, to ensure that no user owns more than 10,000 Object records in the system. D. Apex Managed Sharing triggers, to ensure that no trigger is querying more than 10,000 Object records. E. Case Data, to ensure that no Account has more than 10,000 Case records that are related to it

B. Opportunity data, to ensure that no Account has more than 10,000 Opportunity records that are related to it. E. Case Data, to ensure that no Account has more than 10,000 Case records that are related to it C. Record ownership, to ensure that no user owns more than 10,000 Object records in the system. Data Skew: where an account is related to >10k child records. This is a risk to sharing and record visibility performance issues. Ownership Skew: When a single user owns more than 10,000 records of an object, we call that condition ownership data skew. One of the common patterns involves customers concentrating ownership of data so that a single user or queue, or all the members of a single role or public group, owns most or all of the records for a particular object. Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_group_membership_data_skew.htm

Which​ ​two​ ​options​ ​provide​ ​implicit​ ​record​ ​access​ ​to​ ​users?Choose​ ​2​ ​answers A. Read-only access to parent account for a user, based on a criteria-based sharing rule. B. Read-only​ ​access​ ​to​ ​the​ ​parent​ ​account​ ​for​ ​a​ ​user​ ​with​ ​access​ ​to​ ​a​ ​child​ ​case C. Access​ ​to​ ​child​ ​opportunities​ ​for​ ​the​ ​owner​ ​of​ ​the​ ​parent​ ​account. D. Access to related leads for the owner of the parent campaign.

B. Read-only​ ​access​ ​to​ ​the​ ​parent​ ​account​ ​for​ ​a​ ​user​ ​with​ ​access​ ​to​ ​a​ ​child​ ​case C. Access​ ​to​ ​child​ ​opportunities​ ​for​ ​the​ ​owner​ ​of​ ​the​ ​parent​ ​account. Implicit sharing is available for account, opportunity, case. Criteria-based sharing rule is not implicit sharing. Lead and Campaign do not have implicit sharing. Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_object_relationships_implicit_sharing.htm

Universal​ ​Containers​ ​is​ ​designing​ ​a​ ​new​ ​community​ ​using​ ​the​ ​Customer​ ​Community​ ​license​ ​type.​ ​ ​They​ ​would like​ ​to​ ​have​ ​the​ ​users​ ​complete​ ​survey​ ​questions​ ​through​ ​the​ ​community​ ​interface​ ​and​ ​store​ ​the​ ​responses​ ​in​ ​a Custom​ ​Object​ ​that​ ​has​ ​a​ ​lookup​ ​to​ ​the​ ​account​ ​object.​ ​ ​Any​ ​internal​ ​user​ ​who​ ​has​ ​access​ ​to​ ​the​ ​account should​ ​be​ ​able​ ​to​ ​see​ ​all​ ​survey​ ​responses.​ ​ ​All​ ​Customer​ ​Community​ ​users​ ​should​ ​be​ ​able​ ​to​ ​see​ ​surveys​ ​filled in​ ​by​ ​other​ ​users​ ​for​ ​their​ ​company,​ ​but​ ​not​ ​surveys​ ​for​ ​other​ ​companies. What​ ​are​ ​the​ ​correct​ ​security​ ​settings to​ ​achieve​ ​this? A. Set all Organization-Wide Default settings to be "Public Read/Write" for both internal and external users. B. Set​ ​all​ ​Organization-Wide​ ​Default​ ​security​ ​to​ ​be​ ​"Private"​ ​for​ ​both​ ​internal​ ​and​ ​external​ ​users​ ​and use​ ​Sharing​ ​Rules​ ​to​ ​grant​ ​the​ ​desired​ ​access. C. Set all Organization-Wide Default security to be "Public Read/Write" for internal users and "Private" for external users. D. Set the custom object to be master-detail to the Account and leave the Organization-Wide Default settings as their default values.

B. Set​ ​all​ ​Organization-Wide​ ​Default​ ​security​ ​to​ ​be​ ​"Private"​ ​for​ ​both​ ​internal​ ​and​ ​external​ ​users​ ​and use​ ​Sharing​ ​Rules​ ​to​ ​grant​ ​the​ ​desired​ ​access. Internal User who has access to account can see survey responses. Aka not all user can view all surveys --> Private.

Universal​ ​Containers​ ​has​ ​developed​ ​an​ ​AppExchange​ ​managed​ ​package​ ​for​ ​their​ ​distribution​ ​partners,​ ​which required​ ​a​ ​private​ ​key​ ​to​ ​be​ ​generated​ ​for​ ​each​ ​partner​ ​and​ ​used​ ​by​ ​the​ ​code.​ ​ ​Universal​ ​Containers​ ​support representatives​ ​must​ ​be​ ​able​ ​to​ ​access​ ​the​ ​private​ ​key​ ​value​ ​to​ ​debug​ ​connection​ ​issues,​ ​but​ ​it​ ​must​ ​not​ ​be possible​ ​for​ ​the​ ​partner​ ​to​ ​access​ ​the​ ​value.How​ ​can​ ​the​ ​Architect​ ​best​ ​support​ ​this​ ​requirement? A. Store the value in a text field on a protected custom setting in the package. B. Store the value in a static variable in a class included in the managed package. C. Store​ ​the​ ​value​ ​in​ ​the​ ​text​ ​field​ ​on​ ​a​ ​list​ ​custom​ ​setting​ ​in​ ​the​ ​managed​ ​package. D. Store the value in an encrypted field on a custom object in the package.

B. Store the value in a static variable in a class included in the managed package.

ACME Corporation is a global Telco that has recently implemented Enterprise Territory Management to better align their sales teams and sales processes. They are in Q4 of their fiscal year and they have completely revamped their Territory structure and created a plan for a new structure that would support the new fiscal year. Their current territory model has 8000 territories. Their new model would be a new set of 8500 territories, and their org limit is 10,000 territories. Which Enterprise Territory Management feature can ACME take advantage of in order to help them keep within their org limits? A. Territory Type B. Territory Model State C. Territory Hierarchy D. Territory Type Priority

B. Territory Model State

Universal​ ​Containers​ ​has​ ​recently​ ​implemented​ ​Enterprise​ ​Territory​ ​Management​ ​to better​ ​align​ ​their​ ​sales​ ​teams​ ​and​ ​sales​ ​processes.​ ​ ​They​ ​are​ ​in​ ​Q4​ ​of​ ​their​ ​fiscal​ ​year​ ​and​ ​they​ ​have​ ​completely revamped​ ​their​ ​Territory​ ​structure​ ​and​ ​created​ ​a​ ​plan​ ​for​ ​a​ ​new​ ​structure​ ​that​ ​would​ ​support​ ​the​ ​new​ ​fiscal year.​ ​ ​Their​ ​current​ ​territory​ ​model​ ​has​ ​8,000​ ​territories.​ ​ ​Their​ ​new​ ​model​ ​would​ ​be​ ​a​ ​new​ ​set​ ​of​ ​8,500 territories,​ ​and​ ​their​ ​org​ ​limit​ ​is​ ​10,000​ ​territories.Which​ ​Enterprise​ ​Territory​ ​Management​ ​feature​ ​can​ ​Universal​ ​Containers​ ​take​ ​advantage​ ​of​ ​in​ ​order​ ​to help​ ​them​ ​stay​ ​within​ ​their​ ​org​ ​limits? A. Territory Hierarchy B. Territory​ ​Model​ ​State C. Territory Type D. Territory Type Priority

B. Territory​ ​Model​ ​State In this case we can move 8,000 territories (current) to archive (active --> archived), and move the new set 8,500 to active state (planning --> active) Refer to: https://help.salesforce.com/articleView?id=tm2_territory_model_state.htm&type=5

Universal​ ​Containers​ ​is​ ​implementing​ ​a​ ​community​ ​of​ ​High-Volume​ ​Community​ ​users.​ ​ ​Community​ ​users should​ ​be​ ​able​ ​to​ ​see​ ​records​ ​associated​ ​to​ ​their​ ​Account​ ​or​ ​Contact​ ​record.​ ​ ​The​ ​Architect​ ​is​ ​planning​ ​to​ ​use​ ​a Sharing​ ​Set​ ​to​ ​provide​ ​access​ ​to​ ​the​ ​records.​ ​ ​When​ ​setting​ ​up​ ​the​ ​Sharing​ ​Set,​ ​certain​ ​objects​ ​are​ ​not​ ​available in​ ​the​ ​list​ ​of​ ​Available​ ​Objects.​ ​Which​ ​two​ ​reasons​ ​explain​ ​why​ ​an​ ​object​ ​is​ ​excluded​ ​from​ ​the​ ​list​ ​of​ ​Available Objects​ ​in​ ​a​ ​Sharing​ ​Set? A. The object is a custom object, and therefore not available for a sharing set. B. The object's Organization-Wide sharing setting is set to Public Read/Write. C. The object's Organization-Wide sharing setting is set to Private. D. The​ ​custom​ ​object​ ​does​ ​not​ ​have​ ​a​ ​lookup​ ​to​ ​Accounts​ ​or​ ​Contacts.

B. The object's Organization-Wide sharing setting is set to Public Read/Write. D. The​ ​custom​ ​object​ ​does​ ​not​ ​have​ ​a​ ​lookup​ ​to​ ​Accounts​ ​or​ ​Contacts. Refer to: https://help.salesforce.com/articleView?id=networks_setting_light_users.htm&type=5

Universal​ ​Containers​ ​has​ ​set​ ​Opportunity​ ​Sharing​ ​to​ ​Private​ ​with​ ​Opportunity​ ​Teams​ ​enabled.Which​ ​three​ ​options​ ​can​ ​change​ ​the​ ​Owner​ ​of​ ​the​ ​Opportunity?Choose​ ​3​ ​answers. A. Any Opportunity Team Member on the current Opportunity. B. The​ ​current​ ​Opportunity​ ​Owner​ ​can​ ​transfer​ ​the​ ​Ownership. C. The​ ​System​ ​Administrator​ ​or​ ​a​ ​user​ ​with​ ​the​ ​"Transfer​ ​Records"​ ​permission. D. The user specified as the Manager on the Owner's User Profile. E. Someone​ ​above​ ​the​ ​Opportunity​ ​Owner​ ​in​ ​the​ ​Role​ ​Hierarchy.

B. The​ ​current​ ​Opportunity​ ​Owner​ ​can​ ​transfer​ ​the​ ​Ownership. C. The​ ​System​ ​Administrator​ ​or​ ​a​ ​user​ ​with​ ​the​ ​"Transfer​ ​Records"​ ​permission E. Someone​ ​above​ ​the​ ​Opportunity​ ​Owner​ ​in​ ​the​ ​Role​ ​Hierarchy.

Universal Containers has requirement to integrate Salesforce with an external system to control record access.What option should the Architect consider when designing a solution? A. Use the Security API to modify the role hierarchy in Salesforce. B. Use the SOAP API to maintain the related SObject_share records. C. Use the Metadata API to maintain the related SObject records. D. Use the SOAP API to create new Criteria-Based Sharing Rules in Salesforce.

B. Use the SOAP API to maintain the related SObject_share records.

Universal Containers has a custom Visualforce Application that uses a custom Apex Controller. Within this Visualforce Application, what should the Architect do to ensure that object-level security is enforced? A. Utilize the "With Sharing" keyword when defining the Visualforce Page. B. Use the Schema.DescribeSObjectResult isAccesible() method in the Apex Controller C. Utilize the "With Sharing" keyword when defining the Apex Controller Class D. Use the "Without Sharing" keyword when defining the Apex Controller Class

B. Use the Schema.DescribeSObjectResult isAccesible() method in the Apex Controller With Sharing --> Record access Schema.DescribeSObjectResult --> Object access (CRED) Schema.DescribeFieldResult --> Field Level Access Refer to: https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-programmatic-sharing/

Universal Containers has implemented a community for its customers using the Customer Community license type. They have implemented a custom object to store service requests that has a lookup to the account record.The Organization-Wide Default External Access for the service request object is set to Private. Universal Containers wants their customers to be able to see service requests for their account through the community. Customers should not see service requests for other accounts. What Salesforce feature can the Architect use to implement this? A. Use manual sharing to share the service requests manually when a new community user is added. B. Use​ ​a​ ​Sharing​ ​Set​ ​to​ ​share​ ​service​ ​requests​ ​related​ ​to​ ​the​ ​account​ ​based​ ​on​ ​the​ ​community​ ​user's​ ​profile. C. Use a Sharing Rule to share service requests to the community user based on their role. D. Use Apex Managed Sharing to share service requests related to the account to the appropriate community users.

B. Use​ ​a​ ​Sharing​ ​Set​ ​to​ ​share​ ​service​ ​requests​ ​related​ ​to​ ​the​ ​account​ ​based​ ​on​ ​the​ ​community​ ​user's​ ​profile. Sharing Set is built to allow record share to user using contact/account lookup on the record.

Universal​ ​Containers​ ​wants​ ​to​ ​store​ ​Payment​ ​Term​ ​Details​ ​on​ ​the​ ​Account​ ​object,​ ​but​ ​the​ ​fields​ ​should​ ​only​ ​be visible​ ​on​ ​certain​ ​record​ ​types​ ​and​ ​for​ ​certain​ ​user​ ​profiles.How​ ​can​ ​a​ ​System​ ​Administrator​ ​quickly​ ​determine​ ​which​ ​user​ ​profiles,​ ​page​ ​layouts,​ ​and​ ​record​ ​types include​ ​certain​ ​fields? A. Log in as each user profile and view the Account Page Layouts. B. Use​ ​the​ ​Field​ ​Accessibility​ ​Viewer​ ​for​ ​the​ ​fields​ ​in​ ​question C. Universally require the field at the field level. D. Click the Field-Level Security for the field on each Profile.

B. Use​ ​the​ ​Field​ ​Accessibility​ ​Viewer​ ​for​ ​the​ ​fields​ ​in​ ​question

A manager at Ursa Major Solar wants to validate sharing and visibility changes. What is the recommended approach? A. Use Administrative and User reports to view the Active Users. B. Use​ ​the​ ​Login​ ​As​ ​feature​ ​for​ ​a​ ​sample​ ​user​ ​in​ ​each​ ​role​ ​and​ ​profile. C. Use Field Audit Trail to audit the field meta-data and visibility. D. Use the Sharing button to test Profile and Permission set changes.

B. Use​ ​the​ ​Login​ ​As​ ​feature​ ​for​ ​a​ ​sample​ ​user​ ​in​ ​each​ ​role​ ​and​ ​profile.

Universal Containers has a custom object, Employee Review, with an Organization-Wide Default security setting of Private. A user lookup on the Employee Review object is populated when a reviewer is assigned to perform a review. How can this user be granted edit access to the record if they are not the owner? A. The user will be granted access to the record automatically when the user lookup is populated. B. Create a workflow rule to share the Employee Review record with the user in the lookup field. C. Create an Apex trigger to insert an Employee Review Share record with an access level of Edit. D. Create​ ​a​ ​criteria-based​ ​sharing​ ​rule​ ​to​ ​share​ ​the​ ​record​ ​with​ ​the​ ​user​ ​in​ ​the​ ​lookup​ ​field.

C. Create an Apex trigger to insert an Employee Review Share record with an access level of Edit. Anytime you see 'user lookup' that is not an owner, its a candidate for apex trigger that do an insertion of share record for that user.

Universal Containers has implemented a strict software architecture for their custom Apex code. One of the requirements is that all SOQL queries are contained within reusable classes. Depending on the context of the Apex transaction, the queries should be able to run either "With Sharing" or "Without Sharing". Which two ways allow the Architect to meet these requirements? Choose 2 answers. A. Create a reusable SOQLQueries class; do not specify "With" or "Without Sharing" on the SOQLQueries class. B. Create a reusable SOQLQueries class; do not specify "With" or "Without Sharing" on the SOQLQueries class and use the runAs() method to dynamically set the context. C. Create​ ​a​ ​reusable​ ​SOQLQueries​ ​class;​ ​specify​ ​ ​"With​ ​Sharing"​ ​on​ ​the​ ​methods​ ​that​ ​require​ ​user​ ​context and​ ​"Without​ ​Sharing"​ ​on​ ​the​ ​methods​ ​requiring​ ​system​ ​context. D. Create​ ​a​ ​SystemSOQLQueries​ ​class​ ​and​ ​a​ ​UserSOQLQueries​ ​class;​ ​set​ ​the​ ​ ​"With​ ​Sharing"​ ​keyword​ ​on​ ​the User​ ​SOQLQueries​ ​class​ ​and​ ​"Without​ ​Sharing"​ ​on​ ​the SystemSOQLQueries​ ​class​.

C. Create​ ​a​ ​reusable​ ​SOQLQueries​ ​class;​ ​specify​ ​ ​"With​ ​Sharing"​ ​on​ ​the​ ​methods​ ​that​ ​require​ ​user​ ​context and​ ​"Without​ ​Sharing"​ ​on​ ​the​ ​methods​ ​requiring​ ​system​ ​context. - 1 class, definition (with or without sharing) can be called on methods. D. Create​ ​a​ ​SystemSOQLQueries​ ​class​ ​and​ ​a​ ​UserSOQLQueries​ ​class;​ ​set​ ​the​ ​ ​"With​ ​Sharing"​ ​keyword​ ​on​ ​the User​ ​SOQLQueries​ ​class​ ​and​ ​"Without​ ​Sharing"​ ​on​ ​the SystemSOQLQueries​ ​class​. - 2 classes one with sharing and one without sharing. runAs() only runs on test and not on other code.

Universal Containers has a custom Job object with a private sharing model. Based on the size and location of the Job, different teams must have access to edit the specific Job record. To support this requirement, Apex Managed Sharing has been implemented to share records with the required users. Since the teams change frequently, managed sharing recalculations need to be manually run frequently. What can the Architect do to optimize this process? A. Change the sharing model on the Job object to Public Read/Write. B. Create a scheduled job to automatically run the sharing recalculations on a nightly basis. C. Create​ ​public​ ​groups​ ​for​ ​each​ ​team,​ ​and​ ​share​ ​the​ ​jobs​ ​with​ ​the​ ​groups​ ​instead​ ​of​ ​users. D. Create a custom Visualforce page to edit the jobs and specify Without Sharing on the controller.

C. Create​ ​public​ ​groups​ ​for​ ​each​ ​team,​ ​and​ ​share​ ​the​ ​jobs​ ​with​ ​the​ ​groups​ ​instead​ ​of​ ​users. Sharing the record to group instead of user eliminate the need to keep updating the share table when 'team' who works with the record changes. There will be 1 share record to Group A instead of 1 record for Ann, 1 record for Ben. Only the Public Group needs to be updated but share table will not be updated.

Assuming granular locking is enabled, what activity can happen in parallel to changing a community account owner without risking group membership lock errors? A. Deletion of a Role B. Creation of a Role C. Creation​ ​of​ ​a​ ​Territory D. Deletion of a Territory

C. Creation​ ​of​ ​a​ ​Territory Honestly this one is hard to understand, but refer to this table in the article: https://www.issacc.com/salesforce-sharing-and-visibility-designer-exam-preparation-performance-and-scalability/

What​ ​is​ ​required​ ​to​ ​implement​ ​Filter-Based​ ​Opportunity​ ​Territory​ ​Assignment? A. Define an account assignment with a filter criteria rule for Filter-Based Opportunity Territory Assignment. B. Define a Territory assignment rule with filter criteria for Filter-Based Opportunity Territory Assignment. C. Define​ ​a​ ​custom​ ​Apex​ ​class​ ​for​ ​Filter-Based​ ​Opportunity​ ​Territory​ ​Assignment​ ​in​ ​the​ ​system. D. Define an Opportunity assignment rule with filter criteria for Filter-Based Opportunity TerritoryAssignment.

C. Define​ ​a​ ​custom​ ​Apex​ ​class​ ​for​ ​Filter-Based​ ​Opportunity​ ​Territory​ ​Assignment​ ​in​ ​the​ ​system. Refer to: https://help.salesforce.com/articleView?id=tm2_enable_ota.htm&type=5

Universal​ ​Containers​ ​has​ ​recently​ ​activated​ ​an​ ​integration​ ​that​ ​synchronizes​ ​customer​ ​information​ ​and​ ​orders into​ ​their​ ​CRM​ ​of​ ​choice:​ ​Salesforce.com.​ ​ ​One​ ​of​ ​their​ ​largest​ ​customers,​ ​United​ ​Air,​ ​has​ ​over​ ​12,000​ ​unique contacts.​ ​ ​Since​ ​the​ ​integration​ ​was​ ​activated,​ ​sales​ ​reps​ ​are​ ​having​ ​trouble​ ​adding​ ​contacts​ ​to​ ​the​ ​United​ ​Air account.​ ​ ​When​ ​a​ ​sales​ ​rep​ ​adds​ ​a​ ​contact,​ ​they​ ​get​ ​the​ ​following​ ​error​ ​message:UNABLE_TO_LOCK_ROWThis​ ​issue​ ​seems​ ​to​ ​affect​ ​the​ ​United​ ​Air​ ​account​ ​and​ ​several​ ​other​ ​large​ ​customers.​ ​ ​The​ ​sales​ ​rep​ ​can​ ​usually save​ ​the​ ​contact​ ​by​ ​trying​ ​again​ ​later​ ​in​ ​the​ ​evening.What​ ​should​ ​the​ ​Architect​ ​recommend​ ​as​ ​a​ ​possible​ ​solution? A. Add a role-based sharing rule so all sales team members have Read/Write access to contacts. B. Remove sharing rules and replace them with Apex sharing for Unite Air and the other large accounts. C. Implement​ ​an​ ​account​ ​hierarchy​ ​and​ ​redistribute​ ​the​ ​contacts​ ​evenly​ ​under​ ​the​ ​child​ ​accounts. D. Create a permission set for the sales team to grant them Read/Write access to all account fields.

C. Implement​ ​an​ ​account​ ​hierarchy​ ​and​ ​redistribute​ ​the​ ​contacts​ ​evenly​ ​under​ ​the​ ​child​ ​accounts. Locking is caused by Data Skew. To solve this we should create account branch/hierarchy and redistribute contact across these child accounts.

In​ ​order​ ​to​ ​comply​ ​with​ ​Regulatory​ ​Requirements,​ ​Universal​ ​Containers​ ​must​ ​store​ ​sensitive​ ​customer information​ ​on​ ​-premise.​ ​ ​Universal​ ​Containers​ ​would​ ​like​ ​this​ ​on-premise​ ​information​ ​to​ ​be​ ​accessible​ ​from Salesforce.What​ ​technology​ ​can​ ​Universal​ ​Containers​ ​use​ ​to​ ​achieve​ ​this? A. Implement a third-party tokenization service. B. Implement an on-premise database. C. Implement​ ​a​ ​third-party​ ​proxy​ ​server. D. Implement the Salesforce Shield toolkit.

C. Implement​ ​a​ ​third-party​ ​proxy​ ​server.

A​ ​Sales​ ​Rep​ ​at​ ​Universal​ ​Containers​ ​wants​ ​to​ ​create​ ​a​ ​dashboard​ ​to​ ​see​ ​how​ ​his​ ​sales​ ​numbers​ ​compare​ ​with his​ ​peers. Assuming​ ​a​ ​Private​ ​model,​ ​which​ ​two​ ​permissions​ ​would​ ​the​ ​Sales​ ​Rep​ ​need​ ​to​ ​meet​ ​this​ ​requirement?Choose 2 answers A. Manage Custom Report Types B. Customize Application C. Manage​ ​Dashboards D. View​ ​All​ ​Data

C. Manage​ ​Dashboards D. View​ ​All​ ​Data Manage Dashboard is needed to create the dashboard. View All Data permission required for sales rep to see peers data.

The System Administrator at Universal Containers has created two list views called ListV1 and ListV2. One group of users should only see ListV1 and the second group of users should only see ListV2. Two public groups were created to restrict visibility to the respective list views. However, users in both groups are able to see both list views. What system permission in their profile enabled the users to see all list views? A. Manage Custom List Views B. Manage Private List Views C. Manage​ ​Public​ ​List​ ​Views D. Manage Custom Permissions

C. Manage​ ​Public​ ​List​ ​Views Manage Public List Views allow user to view all list views in the system.

Universal Containers has a Private Sharing Model for the Opportunity object. Sales Rep A at Universal containers created the Opportunity record and then transferred ownership of the Opportunity record to Sales Rep B. both Sales Rep A and B have the same role in the Role Hierarchy. What access will Sales Rep A have to the Opportunity after the transfer? A. Read/Write B. Full Access C. No​ ​Access D. Read Only

C. No​ ​Access

Universal Containers is a fast-growing company that sells containers globally. It has thousands of dealerships throughout the world where local dealers service Containers sold locally. They recently opened two dealerships in California: NorthCal and SoCal. Universal Containers implemented a new partner community to enable their dealers. Each dealership has a dealer Manager who has all service agents report into them. Assuming a private sharing model, what is the best option to enable dealer managers to have visibility to customer cases within their dealership and not across all dealerships? A. Create sharing groups that share all cases to all agents under the Dealer manager. B. Create a batch job that creates sharing rules as needed, based on the cases created. C. No​ ​changes​ ​are​ ​needed​ ​to​ ​the​ ​sharing​ ​and​ ​visibility​ ​model​ ​to​ ​implement​ ​their​ ​requirement. D. Build a trigger that creates manual sharing of cases as needed whenever a new case is created.

C. No​ ​changes​ ​are​ ​needed​ ​to​ ​the​ ​sharing​ ​and​ ​visibility​ ​model​ ​to​ ​implement​ ​their​ ​requirement. By default cases (standard object) has grant access via hierarchy enabled. When partner account is created, a role hierarchy (3-levels) automatically created. Records owned by service agents will also be accessible by roles above the service agent, which is the dealer manager.

Which two settings are available in profiles, but not permission sets?Choose 2 answers. A. Tab Settings B. Record Types C. Page​ ​Layout​ ​Assignments D. Login​ ​Hours

C. Page​ ​Layout​ ​Assignments D. Login​ ​Hours Page Layout and Login Hours are currently only configurable via Profile. Tab settings and availability of Record Type for the user can be added to permission set as well.

Which two options are available to share a Report or Dashboard folder with other users in the Organization? Choose 2 answers. A. Teams B. Profiles C. Public​ ​Groups D. Roles.

C. Public​ ​Groups D. Roles.

Which two are potential security vulnerabilities in the following code snippet? <apex:page> <apex:form> <apex:outputText value="Enter Name" /> <apex:inputText value=" { !name}" /> <apex:commandButton value="Query" action=" {!query}" /><apex:form> <apex:page> Public class SOQLController {Public String name{Get {return name;}Set {name=value;}} Public PageReference query() {String qryString= 'SELECT Id FROM Contact WHERE' +'(IsDeleted = false and Name like \'#' + name + '#\')';queryResult = Database.query{qryString};return null;}} Choose 2 answers. A. Cross-Site Scripting B. Arbitrary Redirects C. SOQL​ ​Injection D. Bypassing​ ​Field​ ​and​ ​Object​ ​Security

C. SOQL​ ​Injection D. Bypassing​ ​Field​ ​and​ ​Object​ ​Security No checking of user's access to record, object, or field SOQL Injection on Dynamic Query - Use static query and bind variables.

Universal Containers has a junction object called "Job Production Facility". With 2 master-detail relationships to the Job and Production Facility custom objects. Both master records have a private sharing model. What statement is true if a user's profile allows access (Create/Read) to the Job, but no access to the Production Facility Object? A. The user will see the junction object but not the link to the Production Facility. B. The​ ​user​ ​will​ ​see​ ​the​ ​junction​ ​object​ ​and​ ​the​ ​link​ ​to​ ​the​ ​Production​ ​Facility. C. The user will not be able to see the junction object records or the field values. D. The user will be granted read access to the Production Facility record.

C. The user will not be able to see the junction object records or the field values. In order to get access to the junction object, user need to have access to both parents. Refer to: https://help.salesforce.com/articleView?id=relationships_considerations.htm&type=5

A user at Universal Containers would like to give access to a Report folder to someone else in the organization. Which two access permissions should the user have to support this requirement?Choose 2 answers. A. The "Viewer" Report folder permission B. The "Editor" Report folder permission. C. The​ ​"Manage​ ​Reports​ ​in​ ​Public​ ​Folders"​ ​Profile​ ​permission. D. The​ ​"Manager"​ ​Report​ ​folder​ ​permission.

C. The​ ​"Manage​ ​Reports​ ​in​ ​Public​ ​Folders"​ ​Profile​ ​permission. D. The​ ​"Manager"​ ​Report​ ​folder​ ​permission.

A remote user is complaining that they can't see a certain account when they run a particular Private Account List View that they created for themselves. How might a System Administrator assist in troubleshooting this issue? Choose one answer A. VPN to the User's location and establish a remote desktop session. B. Have the User send the List View link URL via email and investigate. C. Use the Login As feature to see what the User is seeing in her login. D. Temporarily make the user a System Administrator so she can fix the issue.

C. Use the Login As feature to see what the User is seeing in her login.

Universal Containers has a requirement to integrate Salesforce with an external system to control record access. What option should the Architect consider when designing a solution? A. Use the Metadata API to maintain the related SObject records B. Use the Security API to modify the role hierarchy in Salesforce C. Use the SOAP API to maintain the related SObject_share records D. Use the SOAP API to create new Criteria-Based Sharing Rules in Sales

C. Use the SOAP API to maintain the related SObject_share records

Universal Containers has just deployed a change to its role hierarchy. A manager is reporting that their staff can now see Accounts that they do not own and should not have access to. How should the Architect troubleshoot? A. While logged in as the System Administrator, use the Field Accessibility Viewer to view a matrix of who has access to Accounts. B. While​ ​logged​ ​in​ ​as​ ​the​ ​one​ ​of​ ​the​ ​Staff​ ​members,​ ​navigate​ ​to​ ​a​ ​sample​ ​account​ ​and​ ​use​ ​the​ ​Sharing​ ​button to​ ​determine​ ​who​ ​has​ ​access. C. While logged in as the one of the Staff members, navigate to their user record and inspect their profile and role membership. D. While logged in as the System Administrator, use the Field Accessibility Viewer to view a matrix of who has access to Accounts.

C. While logged in as the one of the Staff members, navigate to their user record and inspect their profile and role membership. Record is not 'owned' by the user, so it is likely any manual or sharing rule to user or role. Since this change is related to role hierarchy change it is probably related to role changes.

The following list contains possible ways of viewing the contents of encrypted custom fields. Which options would show the contents in clear text? Please choose 3 answers: A. Stack trace viewer in the developer console B. Debug log output from system.debug(object.encryptedField__c) C. Workflow field update copying encrypted field to unencrypted field D. Trigger field update copying encrypted field to unencrypted field E. Webservice that returns secret as a string

C. Workflow field update copying encrypted field to unencrypted field D. Trigger field update copying encrypted field to unencrypted field E. Webservice that returns secret as a string

Universal Containers has a private sharing model on Accounts. Apex Managed Sharing is required to share certain account records with all users who are assigned to a specific Role in the Role Hierarchy. What should be the recommended way for the Architect to implement this? A. Create​ ​an​ ​AccountShare​ ​record​ ​associated​ ​to​ ​a​ ​public​ ​group​ ​containing​ ​the​ ​Users​ ​in​ ​the​ ​Role. B. Create an AccountShare record associated to each user who is assigned to the Role. C. Create an AccountShare record associated to the required Role. D. Create an AccountShare record associated to a public group containing the Role.

D. Create an AccountShare record associated to a public group containing the Role. User can create public group containing a role and uncheck grant access using hierarchy.

Get Cloudy Consulting has the following environment: • Global 24x7 Salesforce implementation that supports Marketing, Order Management, Sales, and other miscellaneous business divisions. • A nested territory hierarchy, 12000 sales users and 22000 support agents. • A high demand for new applications and changes to the platform • New releases delivered every two weeks on the platform, based on an agile development model An architect needs to help get cloudy consulting with system recovery from a maintenance restart on Salesforce servers.Which Salesforce feature should the architect use to achieve this goal? A. Enable Filter-Based Opportunity Territory Assignment B. Enable Granular Locking on the system C. Enable Deferred Sharing Rule recalculation D. Enable Parallel Sharing Rule recalculation

D. Enable Parallel Sharing Rule recalculation Parallel Sharing Rule recalculation is used for system recovery from maintenance restart Refer to: https://developer.salesforce.com/docs/atlas.en-us.draes.meta/draes/draes_tools_parallel_sharing_rule_recalculation.htm

Universal​ ​Containers​ ​has​ ​recently​ ​implemented​ ​an​ ​integration​ ​that​ ​is​ ​populating​ ​50​ ​custom​ ​fields​ ​on​ ​the account​ ​object.​ ​ ​They​ ​would​ ​like​ ​these​ ​fields​ ​to​ ​be​ ​available​ ​to​ ​Managers​ ​for​ ​reporting​ ​but​ ​do​ ​not​ ​want​ ​them​ ​to clutter​ ​the​ ​page​ ​layouts.​ ​What​ ​should​ ​the​ ​Architect​ ​recommend​ ​as​ ​a​ ​solution? A. Add the fields to the Managers' Account Page Layout; mark the page layout section as Collapsed. B. Grant the Managers access to the fields using a Role-Based Sharing Rule; leave them hidden on the page layout. C. Add the fields to a Custom Report; grant the Managers' Role access to the report folder. D. Grant​ ​Managers​ ​access​ ​to​ ​the​ ​fields​ ​using​ ​Field-Level​ ​Security;​ ​do​ ​not​ ​add​ ​them​ ​to​ ​a​ ​page​ ​layout.

D. Grant​ ​Managers​ ​access​ ​to​ ​the​ ​fields​ ​using​ ​Field-Level​ ​Security;​ ​do​ ​not​ ​add​ ​them​ ​to​ ​a​ ​page​ ​layout. Manager does not need to see the fields on page layout; so do not add them to page layout. To grant manager access to the field, enable it on field level security for their profile.

Universal​ ​Containers​ ​has​ ​the​ ​following​ ​requirements: - The​ ​Commercial​ ​Account​ ​and​ ​Consumer​ ​Account​ ​support​ ​departments​ ​should​ ​not​ ​collaborate. - The​ ​Commercial​ ​and​ ​Consumer​ ​sales​ ​users​ ​roll​ ​up​ ​to​ ​the​ ​same​ ​VP​ ​of​ ​Sales,​ ​but​ ​there​ ​should​ ​be​ ​no collaboration​ ​between​ ​sales​ ​departments. - The​ ​Commercial​ ​sales​ ​department​ ​should​ ​share​ ​its​ ​customers​ ​with​ ​the​ ​Commercial​ ​support department. - The​ ​Consumer​ ​sales​ ​department​ ​shares​ ​its​ ​customers​ ​with​ ​the​ ​Consumer​ ​support​ ​department. - The​ ​Commercial​ ​and​ ​Consumer​ ​support​ ​departments​ ​roll​ ​up​ ​to​ ​the​ ​same​ ​Support​ ​Director. - The​ ​sales​ ​departments​ ​will​ ​remain​ ​the​ ​Account​ ​Owner​ ​for​ ​the​ ​Accounts​ ​that​ ​they​ ​sell​ ​to. What​ ​is​ ​the​ ​recommended​ ​Org-Wide​ ​Sharing​ ​Default​ ​for​ ​Accounts,​ ​and​ ​how​ ​would​ ​the​ ​Architect​ ​enable​ ​proper Commercial​ ​and​ ​Consumer​ ​Sales​ ​to​ ​Support​ ​Account​ ​Sharing​ ​for​ ​this​ ​scenario? A. Private Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Role(s) and Consumer Sales Role(s) to Commercial Support Role(s). B. Private​ ​Account​ ​Sharing​ ​with​ ​Sharing​ ​Rules​ ​from​ ​Commercial​ ​support​ ​Role(s)​ ​to​ ​Commercial Support​ ​Role(s)​ ​and​ ​Consumer​ ​Sales​ ​Role(s)​ ​to​ ​Consumer​ ​Support​ ​Role(s). C. Read-Only Account Sharing with Sharing Rules from Commercial Sales Role(s) to Consumer Support Group(s) and Consumer Sales Role(s) to Commercial Support Groups(s). D. Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Groups(s) and Consumer Sales Group(s) to Consumer Support Group(s).

D. Private Account Sharing with Sharing Rules from Commercial Sales Group(s) to Commercial Support Groups(s) and Consumer Sales Group(s) to Consumer Support Group(s). Requirement: The​ ​Commercial​ ​Account​ ​and​ ​Consumer​ ​Account​ ​support​ ​departments​ ​should​ ​not​ ​collaborate --> Account should be hidden to some user, so OWD should start with Private. Commercial Sales share customers to Commercial Support Consumer Sales share customers to consumer support.

For the Universal Containers Commercial and Consumer support departments, having access to Activities for Contacts with which they interact is important. Commercial support users should not see Consumer Accounts/Contacts and Consumer support users should not see Commercial Accounts/Contacts. Assuming the Organization-Wide Default for Activities is set to "Controlled by Parent" what is the minimum level of Sharing access a support user would need to Accounts/Contacts to view associated Activities? A. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Public Read/Write access to Accounts/Contacts. B. Private Account/Contact Sharing Default with a Sharing Rule for each department set to Private access to Accounts/Contacts. C. The users need no access to Accounts/Contacts with the proper Activity Sharing Rules and Profile Permissions for the Accounts Tab. D. Private​ ​Account/Contact​ ​Sharing​ ​Default​ ​with​ ​a​ ​Sharing​ ​Rule​ ​for​ ​each​ ​department​ ​set​ ​to​ ​Public​ ​Read​ ​only access​ ​to​ ​Accounts/Contacts.

D. Private​ ​Account/Contact​ ​Sharing​ ​Default​ ​with​ ​a​ ​Sharing​ ​Rule​ ​for​ ​each​ ​department​ ​set​ ​to​ ​Public​ ​Read​ ​only access​ ​to​ ​Accounts/Contacts. Because Activity is set to "Controlled by Parent", if a department user need to 'access' or view an activity related to contacts they interact, they will at the very least need 'Public Read Only' Access. This can be accomplished by Sharing Rule to each department and grant Public Read Only access to the record. Knowing that some Account/Contact needs to be hidden from some users, it is a given that Account/Contact needs to have 'Private' OWD.

What​ ​feature​ ​in​ ​Salesforce​ ​is​ ​needed​ ​to​ ​restrict​ ​access​ ​to​ ​a​ ​custom​ ​object​ ​that​ ​has​ ​Public​ ​Read/Write​ ​access? A. Role​ ​Hierarchy B. Record Type C. Page Layout D. Profile

D. Profile While OWD is PRW, if the profile does not have read or edit access on the object, user cannot read or edit the object.

Universal Containers has enabled External Default Sharing and wants to allow for external users to have the External Sharing Default set to Public Read-Only for a custom object. Which two options are valid Internal Default sharing settings for the custom object? Choose 2 answers. A. Controlled​ ​by​ ​Parent B. Public Read/Write C. Private D. Public​ ​read​ ​Only.

D. Public​ ​read​ ​Only. B. Public Read/Write Internal Default Sharing should always be more open than External Default Sharing. Since External Default Sharing is Public Read-Only, Internal can only be Public Read-Only & Public Read/Write

Universal Containers has Public Read Only sharing settings on the Opportunity object. What Opportunity access options can the user see while adding account team members to the Account? A. Read Only B. Private and Read Only C. Private D. Read​ ​Only​ ​and​ ​Read/Write

D. Read​ ​Only​ ​and​ ​Read/Write Since the base is Public Read Only, user can only open up more or stay the same; so Read Only or Read/Write.

Universal​ ​Containers​ ​would​ ​like​ ​to​ ​restrict​ ​users'​ ​access​ ​to​ ​export​ ​reports. What​ ​option​ ​supports​ ​this​ ​requirement? A. Remove the "Report Manager" user permission. B. Remove the Export button from the report page layout. C. Remove "Allow Export" on the report folder settings. D. Remove​ ​the​ ​"Export​ ​Reports"​ ​profile​ ​permission.

D. Remove​ ​the​ ​"Export​ ​Reports"​ ​profile​ ​permission.

Universal​ ​Containers​ ​does​ ​not​ ​want​ ​the​ ​Users​ ​in​ ​the​ ​Custom​ ​Sales​ ​Department​ ​Profile​ ​to​ ​be​ ​able​ ​to​ ​delete Opportunities. How​ ​would​ ​the​ ​Architect​ ​prevent​ ​a​ ​certain​ ​set​ ​of​ ​users​ ​from​ ​deleting​ ​Opportunities? A. Remove the Delete button from the Opportunity Page Layout and Record Type settings. B. Create a Validation Rule that checks the User's Profile before allowing the IsDeleted flag to be set to True. C. Override the Standard button with a Visualforce Page that warns them that they do not have permission to delete. D. Remove​ ​the​ ​"Opportunity​ ​Delete"​ ​Permission​ ​from​ ​the​ ​Sales​ ​Team's​ ​User​ ​Profile​ ​in​ ​the​ ​Object Permissions.

D. Remove​ ​the​ ​"Opportunity​ ​Delete"​ ​Permission​ ​from​ ​the​ ​Sales​ ​Team's​ ​User​ ​Profile​ ​in​ ​the​ ​Object Permissions.

Universal Containers is creating a custom Visualforce page to allow users to edit contact records. The developer has used an apex:outputField for the Phone field on the contact object. What is the expected behavior if a user without field-level security accesses the Visualforce page? A. The user encounters an error while saving the record. B. The output field is visible to the user. C. The user is able to enter a value into the Phone field. D. The​ ​field​ ​is​ ​automatically​ ​removed​ ​from​ ​the​ ​page.

D. The field is automatically removed from the page. "An <apex:outputField> component respects the attributes of the associated field, including how it should be displayed to the user." Refer to: https://developer.salesforce.com/docs/atlas.en-us.pages.meta/pages/pages_compref_outputField.htm

Universal​ ​Containers​ ​has​ ​junction​ ​object​ ​called​ ​"Job​ ​Production​ ​Facility",​ ​with​ ​2​ ​master-detail​ ​relationships​ ​to the​ ​Job​ ​and​ ​Production​ Facility​ ​custom​ ​objects.​ ​ ​Both​ ​master​ ​records​ ​have​ ​a​ ​private​ ​sharing​ ​model.What​ ​statement​ ​is​ ​true​ ​if​ ​a​ ​user's​ ​profile​ ​allows​ ​access​ ​(Create/Read)​ ​to​ ​the​ ​Job,​ ​but​ ​no​ ​access​ ​to​ ​the Production​ ​Facility​ ​Object? A. The​ ​user​ ​will​ ​be​ ​granted​ ​read​ ​access​ ​to​ ​the​ ​Production​ ​Facility​ ​record B. The user will see the junction object and the link to the Production Facility. C. The user will see the junction object but not the link to the Production Facility. D. The user will not be able to see the junction object records or the field values.

D. The user will not be able to see the junction object records or the field values.

The Collections department at Universal Containers uses Salesforce to track its efforts. All Invoices and invoice line items are store in salesforce. Invoice line item object details, such as quantity and extended amount, should be summarized at the invoice object level, and all users who can see a given invoice should always see all invoice line items. Without leveraging Apex code, how should an Architect create the relationship between the Invoice object and the Invoice Line Item object? A. The invoice Line Item object should have a Lookup to the Invoice object. B. The Invoice object should have a Master-Detail to the Invoice Line Item object. C. The Invoice object should have an inner join to the Invoice Line Item object. D. The​ ​Invoice​ ​Line​ ​Item​ ​object​ ​should​ ​have​ ​a​ ​Master-Detail​ ​to​ ​the​ ​Invoice​ ​Object.

D. The​ ​Invoice​ ​Line​ ​Item​ ​object​ ​should​ ​have​ ​a​ ​Master-Detail​ ​to​ ​the​ ​Invoice​ ​Object. With Master-Detail relationship, user who has access to the parent object (Invoice) will automatically have access to the child object (Invoice Line Item). Master-Detail relationship field is configured on the Invoice Line Item object.

Universal Containers has a requirement to share Accounts automatically to the users at a field office. They currently have the following setup in their environment: - Accounts are set to Private in the Org-Wide Default. - The field office is specified by a lookup in the account object. - There are 400 field offices. - The users in each field office are managed using public groups. Based upon a lookup relationship field on the Account, how should the Architect meet their requirement? A. Use Account Teams to share the Account with the appropriate field office. B. Use Manual Sharing to share the Account with the appropriate field office. C. Use​ ​Criteria-Based​ ​Sharing​ ​to​ ​share​ ​the​ ​Account​ ​with​ ​the​ ​appropriate​ ​field​ ​office. D. Use Programmatic Sharing to share the Account with the appropriate field office.

D. Use Programmatic Sharing to share the Account with the appropriate field office. manual sharing and account team does not use lookup on account record. there is a limit (300) sharing rule in an object. If there is 400 field offices, assuming a sharing rule for each office, we would have already exceeded the limit.

Universal​ ​Health​ ​is​ ​planning​ ​to​ ​store​ ​patient​ ​notes​ ​in​ ​Salesforce.​ ​ ​Patient​ ​notes​ ​consist​ ​of​ ​long​ ​text​ ​notes​ ​taken by​ ​a​ ​use​ ​to​ ​document​ ​phone​ ​calls​ ​with​ ​a​ ​patient.A​ ​date​ ​audit​ ​has​ ​identified​ ​that​ ​these​ ​notes​ ​can​ ​contain​ ​Personally​ ​Identifiable​ ​Information​ ​(PII)​ ​and​ ​PersonalHealth​ ​Information​ ​(PHI).​ ​ ​The​ ​regulatory​ ​requirements​ ​state​ ​that​ ​this​ ​data​ ​must​ ​be​ ​encrypted​ ​at​ ​rest​ ​as​ ​well​ ​as in​ ​transit.What​ ​should​ ​the​ ​Architect​ ​do​ ​in​ ​order​ ​to​ ​make​ ​sure​ ​Universal​ ​Health​ ​stays​ ​compliant? A. No action is required; all Salesforce data is encrypted at rest as part of Salesforce's standard trust measures. B. Enable Salesforce Shield Platform Data Encryption and mark the patient notes field as encrypted. C. Create​ ​a​ ​new​ ​Custom​ ​Field​ ​of​ ​type​ ​"Text​ ​(Encrypted)"​ ​and​ ​move​ ​the​ ​patient​ ​notes​ ​data​ ​into​ ​the​ ​new field. D. Use an Apex trigger and the Apex Crypto class to encrypt patient notes as soon as they are saved to Salesforce.

D. Use an Apex trigger and the Apex Crypto class to encrypt patient notes as soon as they are saved to Salesforce. Apex Crypto Class - Used for requirement where encrypted information at rest and in transit

At Universal Containers, the Sales VP likes to re-assign Opportunity Teams every six months. Each Opportunity Team has the following resources: - AE (owner) - Sales Engineers Vertical Overlay Sales Ops What should the Architect use to re-assign Opportunity Team members so they have access to the appropriate Opportunity records? Choose one answer A. From the User Setup menu, click "Update Team members on open Opportunities." B. Build a Visualforce page that will query the default team and update open Opportunities. C. From the Opportunity record detail page, use the "Update Team Members" function. D. Use the Mass Reassign Opportunity Team wizard on the Opportunity Tab Home Page.

D. Use the Mass Reassign Opportunity Team wizard on the Opportunity Tab Home Page.

Universal Containers requires that some employees are able to view and edit records of a custom object called Positions, but no users can delete them. How can Universal Containers accomplish this goal? a. Remove the Delete Access for positions from all user roles b. Remove the Delete Permission for positions from all profiles c. Set the Organization wide default for positions to Read-Only d. Assign the Read-Only profile to all users

b. Remove the Delete Permission for positions from all profiles


Related study sets

Precalculus Chapters 2, 4, 5, 6, 7, and Final Exam

View Set

Series 7: Retirement Plans (Education And Health Savings Plans)

View Set

EXAM 6 Practice questions and rationales

View Set

Sherpath: Activity and Movement: Implement and Take Action; Evaluate

View Set

MKT 3411 Ch.9 Group and Situational Effects on Consumer Behavior

View Set