CTA Q&A Flashcards

Question 1

Q

What Governance?

Answer

A

Setup Steering Committee who owns Vision, Strategy, Provides prioritisation, oversee project budgets and act as a final escalation point. It includes IT Leaders/ CIOs/ Directors across BUs and IT and Program/Project, Managers

Set up COE governance consisting of the executive sponsor, Prog team, Arch, Business and they define standards, Manages demand intake, Release Manage.

Setup ARB which includes SF Architects, EA other Arch. They define Project architectural and design stds and provide advice to Project Team

Question 2

Q

bullk api v2 - hows it different?

Answer

A

Bulk API 2.0 allows for:

*Easy-to-monitor job status.
*Automatic retry of failed records.
*Support for parallel processing.
*Auto batch management.
*All OAuth flows supported vs not supported (Need to use SOAP Login or get session id from OAuth flow then use it)
*CSV file format vs CSV, XML, JSON etc supported
*150 MB file size vs 10 MB file size

Question 3

Q

What is a Signed Request?

Answer

A

The Signed Request is a JSON object signed with HMAC SHA-256 and a shared secret. The request contains the consumer key, access token, the file ID/URL, timestamp and any other required contextual information. Example Request:
POST https://efnolfiles.farmers.com/download-file
Header->signed_request: 9Rpl6rE7R2bSNjoSfYdERk8nffmgtKQNhr5U/5eSJPI=.eyJjb250ZXh0Ijp7InVzZXIiOnsibGFuZ3V….

Question 4

Q

How to import Articles

Answer

A

before you can import Knowledge Base, you must first create a .csv file, a .properties file, and then a zip file.
It can have translation article too.

Question 5

Q

How to set up JWT token from Mule to SF?

Answer

A

from SF generate certificate
download the public key certificate and set up Connect app with it with Oauth setting
pre-approval integration user profile/PS for this connected app
Export the Key Store from SF and save it in Mule’s API app
In Mule’s app SF connection setting, point to the keystore file and its password and save the client ID from the connected app, principle is Integration User account, as well as set SF Token endpoint

Question 6

Q

What is Apex Continuations?

Answer

A

Apex Continuations are a mechanism provided by the Salesforce platform that allow you to make asynchronous long-running requests to an external Web Service. This is not counted as maximum 10 concurrent synchronous callout which lasts more than 5 seconds

Question 7

Q

How to set up JWT token from Salesforce to Other web service?

Answer

A

from SF generate certificate
download the public key certificate
Set up a client app in API gateway and load the public key certificate into trust store
4 Create a named credential, JWT token exchange for named principal
Issuer = client ID from the client App, subject = user, endpoint URL to the webservice address
call out using named credential

Question 8

Q

Salesforce Concurrency

Answer

A

For inbound calls through SOAP/REST APIs, it is 25 concurrent calls with a duration of 20 seconds or longer.
For outbound Apex callouts with more than 5 seconds, you can only have 10 concurrent callouts at max.
Note. callout time is not counted

Question 9

Q

Quip Integration with Salesforce?

Answer

A

Creates Quip auth. provider
Creates Quip external data source
Creates Quip permission set
Creates Quip Integration Object Access permission set
Assigns Quip external data source to new permission sets
Configures Files Connect

Question 10

Q

Salesforce Security in Session Management?

Answer

A

1 Session Setting
2 Caching
3 Identity Verification
4 Clickjack Protection
5 Cross-Site Request Forgery (CSRF) protection
6 Content Security Policy (CSP) protection
7 Lightning Locker and Lightning Web Security (Beta)
8 XSS Protection
9 Content Sniffing Protection
10 Referrer URL Protection
11 Redirections
12 Session Security Levels

Question 11

Q

Transaction Security Actions and Notifications

Answer

A

1 Block
2 MFA challenge
3 Email Notification
4 In-app Notification

Question 12

Q

AWS Signature Version 4 Named Credential

Answer

A

Require AWS Access Key ID, AWS Secret Access Ke, AWS Region and AWS Service

Question 13

Q

Translation Workbench?

Answer

A

Use Translation Workbench to maintain translated values for metadata and data labels in your Salesforce org. Specify languages for translation and assign translators for each language.
Manage translated values for any Salesforce supported language.
Translators can maintain translations directly through the workbench, or you can export translation files for bulk translation imports.

Question 14

Q

Person Account?

Answer

A

SF Data model to implement B2C relationship.
It can’t be linked in a direct relationship to other accounts or they can’t be part of account hierarchy or they need to be manually enabled and once enabled they can’t be disabled
Contact OWD has to be Private or CBP,
some AppX packages may not support PA
storage - stored as Contact and Account
can be merged with only other PAs
Lead conversion - if Lead has Company field, then it will be converted to Biz Account

Question 15

Q

What to know about Asset?

Answer

A

1 Need turn on Asset Sharing from Asset Setting to use Sharing rule
2 Asset doesn’t take up data storage
3 Asset can build up Hierarchy
4 Asset Relationship object

Question 16

Q

Multi-Language on Community Steps?

Answer

A

1, Set default language
2, Add languages and set its options
3, Export and prepare the content for translation or translate directly on the page
4, import translated content
5 Add language selector on pages for unauthenticated users.

Question 17

Q

Ratio of Community Login Based License

Answer

A

1-20; 1k monthly logins will provision 20k login license in the org

Question 18

Q

Platform Event Replay ID?

Answer

A

1, populated when event is delivered to subscribers
2, Replay ID values not guaranteed in sequence
3, setReply(), by default -1, receive new events; -2 receive all events

Question 19

Q

How to replay Platform Event for failed connection?

Answer

A

ESB stores replay ID. To catch up missed events, ESB re-subscribe with a specific replay ID saved

Question 20

Q

Outbound Message?

Answer

A

1, SOAP based server endpoint
2, Custom Service listener at endpoint to accept OM from SF and send back acknowlegement
3, only 1 object
4, 1 Single SOAP message can contain up to 100 notifications
5, Only the most up-to-date information is sent to provide idempotency
6, Support Mutual Authentication
7, Messages are retried independent of their order in the queue. This might result in messages being delivered out of order.
8 can’t build an audit trail using outbound messages.While each message should be delivered at least once, it might be delivered more than once. Also, it might not be delivered at all if delivery cannot be done within 24 hours. Finally, as noted above, the source object might change after a notification is sent but before it is delivered, so the endpoint will only receive the latest data, not any intermediate changes.

Question 21

Q

Critical Limit

Answer

A

Number of synchronous concurrent transactions for long-running transactions that last longer than 5 seconds — 10
Bulk 2.0 Maximum data load per day —- 150 Mil, 10k jobs
Internal Role —10k, External Role-500k
W2L - 500 p/d, W2C 5k p/d
Concurrent API request calls to SF over 20 seconds - 25
Platform Event Publish -250k, Event Delivery 50k, by default.
Platform Event Add on - 100k additional for Delivery p/d, 3 mil additional p/m
Platform Event Message size - 1MB

Question 22

Q

What license is required for omni-channel?

Answer

A

License options that enable Omni:
Service Cloud
Digital Engagement
Service Cloud Voice
Workforce Engagement Management
Licenses 2/3/4 above are add-ons which can be sold on top of Sales or Service cloud licenses

Question 23

Q

High level DocuSign flow - what objects are created and maintained by DocuSign.
how to detect user signed the document?

Answer

A

Envelope and Receipient; Receipient to track user sign process. Use Trigger on it for further automation. Writeback is to update SF record based on custom tag set from docusign in the document, not for tracking

Question 24

Q

What consists of Sharing Table Record?

Answer

A

ParentID, ObjectAccessLevel, RowCause, User or Group ID

Question 25

Q

What is in the Sharing Table?

Answer

A

Role Hierarchy is not; Only the record owner and users above the owner in the role hierarchy are granted Full Access to the record. It is not possible to grant other users Full Access; Best use Without Sharing Apex for Apex Sharing

Question 26

Q

MFA for FB only and not for LinkedIn

Answer

A

At profile level set up ‘Session security level at login’ for profile at ‘High Assurance’
At setup level ‘Session Settings’ –> FB Session security level to ‘Standard’ but Linked in as High Assurance
So when user logs in with FB (example) user will have Standard security on login and based on profile it will need high assurance so it will ask for MFA.

Question 27

Q

Class vs Platform encryption

Answer

A

128 AES vs 256 AES algorithm
Fields can be masked vs cannot be masked
Cannot encrypt standard fields vs can encrypt some standard fields
Cannot encrypt files vs can encrypt files, attachments and contents
Cannot search vs can search
Cannot be used in workflow/approval process vs can be used

Question 28

Q

API Whitelisting (via connected app)

Answer

A

On the connected App, add the trusted IP ranges to filter out access to connected app based on IP.

Question 29

Q

Describe UA flow embedded SSO.

Answer

A

“UA Flow with embedded SAML -
SP initiated F-SSO – SF generates SSO request along with RelayState
user is redirected to IdP
IdP authenticates user, generates SAML , redirects to SP (ACS URL)
SP validates assertions, creates SF session and redirects to RelayState (/authorize)
OAUTH flow resume”

Question 30

Q

How to select a currency for record?

Answer

A

Each record has the currencyISO option to select.

Question 31

Q

Difference between federation authentication and delegated authentication

Answer

A

federation authentication cannot choose a subset of users but delegate one can.

Major risk for Delegated Authentication is: the password or token will be transferred from the web. server needs to protect the password.

Question 32

Q

The objects that can have ‘Controlled by Parent’ OWD settings are

Answer

A

Order, Contact (Contact only has CBP and Private), Asset, Activity (only CBP and Private), a few channel program and Contact Point objects.

Question 33

Q

To allow community users see each other in discussions

Answer

A

Community User Visibility from Sharing Setting,
and Allow Community user see others in Community Administration both need to be selected.

Question 34

Q

Why use a custom Close Date (Locked Date) instead of the standard Close Date?

Answer

A

While the opportunity is open, the user can set the opportunity Close Date to any date. When setting the opportunity Stage to Closed Won, the Close Date gets set to the current date. When setting the Stage to Closed Lost, it is not changed to the current date, which will affect the 7-day requirement.

Question 35

Q

Lead Conversion

Answer

A

Lead conversion needs convert lead permission, and also need access to account, contact and opportunity

Question 36

Q

related items on the Opportunity detail page sometimes take a long time to load and the page freezes until the records are loaded.

Answer

A

Enable Separate loading of related lists

Reduce the number of related list

Reduce the number of records in troubled related list

Reduce the fields displayed in troubled related list

Use Single Related list component to display those in separate tabs

Question 37

Q

The Sales Manager wants the ability to put any created opportunities that are in the pipeline under freeze, if the customer has any credit health issues and is deemed to be red account.

Answer

A

Flow Before Trigger on Oppty to check its account status to set a Oppty Freeze custom field to True, Update Record Type to Locked RT

Create VR on both Oppty and Oppty Product to prevent record save by checking this field

Create Locked RT and Locked Layout, removing all related list buttons

Note: users can still edit standard fields and only hit error after save

Question 38

Q

When a complaint is open for more than 7 days, a chatter feed should be posted to the Regional Manager.

Answer

A

Flow After Trigger on Case (Type =‘Complaint’) with Schedule Action to check case status after 7 Days, post Chatter if Case is not Closed

Can’t use Case escalation rule as it only notifies via email

PB can achieve this but poor performance

Schedule Flow can also be considered but it has limited schedule options

Question 39

Q

Resetting of passwords for internal staff should be prevented in Salesforce.

Answer

A

Enable delegated authentication then

Enable ‘Is Single Sign-On Enabled’ permission for the internal users

This will automatically prevent password reset to users

Question 40

Q

Recommend a solution to secure access to Salesforce in the event the user loses his/her mobile device. (MFA)

Answer

A

revoke their mobile oauth session

remove mobile phone from user record

Reset Okta MFA for the user

Ask SF admin to generate Temp Verification Code setting exp. time 1h-24h

Question 41

Q

what feature to use to integration an native app with Salesforce?

Answer

A

Mobile SDK? Preferred

connected app in SF

user agent oauth flow (SAML, SSO)

API directly

Question 42

Q

what advantage of mobile SDK over custom integration solution

Answer

A

SDK provides authentication authorisation natively

Offline mobile sync 

smart store encrypted db

all other mobile services 

community support(need understand more)

push notification (need understand more)

Question 43

Q

Use a website to capture lead

Answer

A

web to lead function - 500 a day

pardot form – like event registration

marketing landing form? 

custom API build if the volume is large

app exchange product for advance features

Question 44

Q

In data migration, how to keep the original created date, modified date history?

Answer

A

contact salesforce to enable some auditing feature to allow updating those fields based on the source data.

Set Audit Fields upon Record Creation

Question 45

Q

In data migration, how to accomplish loading the historical auditing information

Answer

A

cannot insert history tracking object

can use big object to store it

or use EA to load those information for analytics purpose

Question 46

Q

what is skinny table, and pros and cons?

Answer

A

Skinny table is a feature to ask SF to create which consolidate the regular used fields (standard and custom) for same object to a dedicated table in the backend so performance can be improved for LDV object.

Pros:

performance of query, reporting , list view should be improved

can contain 100 fields, support encrypted fields

Full data sandbox can automatically have it after refresh

Cons:

developer type of sandboxes won’t have it - can contact SF

Any field type change requires contact to SF to recreate it

can’t get field from other objects

maintenance overhead

Read is better but DML is worse as SF needs to DML on two tables

Only support a few Standard objects Account, Contact, Opportunity, Lead, and Case objects

Question 47

Q

SF file limit

Answer

A

2GB on desktop, 100 MB from mobile

Question 48

Q

Does In-app guidance support translation and what rich media supported?

Answer

A

Yes, via translation workbench. Pic and Video (Embed)

Question 49

Q

how to allow CC user to create account, contact and person account?

Answer

A

The only issue is the ownership. CC user can be the owner of contact but not the other two. So use a before RTFlow to assign the ownership to an internal user would be the solution.

For household model, a household account can be created behind the scene and associate two PAs with it. Using Sharingset user.account.householdaccount = xxx.account.householdaccount to share records

Question 50

Q

Can you create records via Rest API which has duplication rule enabled and trigger it?

Answer

A

No. DuplicateRuleHeader is only available in SOAP API which allows you to handle duplicate records properly.

Question 51

Q

How to allow Email send to be draft and approved before sending out?

Answer

A

1 enable ‘Email Draft Service’ from support setting
2 Create Send Action on Email Message object
3. Create Approval Process on EM object and use Send Action as final approval action.

Question 52

Q

How to make VF email for multi language?

Answer

A

Create custom labels for each sentence you want to send, and provide a translation for every language you would like to send the emails in.
Include the required custom labels into your Visualforce email template.
Select the desired language for the language attribute of messaging:emailTemplate.

Question 53

Q

Lightning Locker Vs Lightning Web Security?

Answer

A

1 Cross-namespace component use
2 No need to use wrapper to interact with global objects to secure component
3 Improve Performance as it doesn’t use secure wrapper
4 Better support of 3party javascript
5 Compatible with standard javascript as it evolves
https://developer.salesforce.com/docs/component-library/documentation/en/lwc/security_lwsec_locker_comparison

Question 54

Q

Owner Based Sharing Rule if Criteria is based on a queue?

Answer

A

Then it excludes the records owned by individuals in the queue, thus only share records owned by the queue. Therefore, need create a public group and use queue to contain it, and then use OBSR on this public group to share with same public group.

Or role as first option

Question 55

Q

How to get Question from Community to have faster response?

Answer

A

Enable ‘Question-to-Case’ in Support Setting
Moderators can use this ‘Escalate to Case’ action

Question 56

Q

Motivation mechanism on Community?

Answer

A

Enable gamification by setting up Recognition Badges and Reputation as well as leaderboard

Question 57

Q

SF JIT Controller Types?

Answer

A

Standard Controller (not apex). Can’t handle duplication.
Customised Controller (Apex) Auth.SAMLJitHandler

Question 58

Q

SF Connect Limit

Answer

A

20k call out per hour and 100k records returned per hour

Question 59

Q

SF Notification Limit

Answer

A

10k per hour

Question 60

Q

The Tax ID for the dealership should only be visible to Channel Managers and their management chain and every effort must be made to prevent inadvertent access to the Tax ID

Answer

A

Use an encrypted field. Not enough information to recommend Platform Encryption though you can make that case if you feel that CB needs/desires key management. Make sure the candidate understands that you can can’t include tax ID as part of a SOQL where clause. Field Level Security isn’t good enough since value could be accidentally shown as a result of bad apex code

Question 61

Q

how to create custom Auth. provider

Answer

A

1 set up an app with third party
2 create custom metadata type to store third party attributes
3 builder Apex class (AuthProviderPluginClass) to implement a custom auth provider
4 configure the Auth. Provider as Custom authentication provider with reg handler class from the step 3
5 update the app to use the callback URL generated by SF

Question 62

Q

What Device Mobile publisher doesn’t support?

Answer

A

Android tablet is not supported currently

Question 63

Q

Big object catches

Answer

A

1 Big objects support only object and field permissions.
2 Once you’ve deployed a big object, you can’t edit or delete the index. To change the index, start over with a new big object.
3 SOQL relationship queries are based on a lookup field from a big object to a standard or custom object in the select field list (not in filters or subqueries).
4 Big objects support custom Salesforce Lightning and Visualforce components rather than standard UI elements (home pages, detail pages, list views, and so on).
5 You can create up to 100 big objects per org. The limits for big object fields are similar to the limits on custom objects, and depend on your org’s license type.
6 Big objects don’t support transactions that include big objects, standard objects, and custom objects.
To support the scale of data in a big object, you can’t use triggers, flows, processes, and the Salesforce app.

Question 64

Q

Einstein Recommendation Builder

Answer

A

You can recommend anything (Recommended Items) to anyone (Recipients) by connecting two Salesforce objects. You can connect any two standard or custom Salesforce objects (including managed package objects).

Answer 65

A

use a Correlation ID

Answer 66

A

Create LWC component and put it on any EC page that guest user can access. Ensure guest user profile has permission to create lead.

Answer 67

A

Apex BT; Location based SOQL to calculate then assign case lookup field

Answer 68

A

1 can’t write to High Volume EO as it doesn’t have record ID generated by Salesforce
Access via Lightning Experience
Access via the Salesforce mobile app
Appearance in Recent Items lists
Record feeds
Reports and dashboards
Writable external objects

Answer 69

A

1 Request a Salesforce managing package for the app
2 Install the Salesforce managed Package
3 Request a Beta version of your app
4 Submit app for review or make changes

Answer 70

A

Classic Encryption only lets you protect a special type of custom text field, which you create for that purpose (example: SS#,PCI-DSS). Shield Platform Encryption allows you to encrypt a variety of widely-used standard fields, along with some custom fields and files/attachments. Classic Encrypted custom fields use AES-128 bit keys while Platform Encryption uses HSM-protected AES-256 bit keys to encrypt/decrypt customer’s data.

Answer 71

A

1 RH simplified, 2 LDV reduced 3, Governance, local COEs with central COP if the process are quite difference per org 4 security and visibility

Answer 72

A

From Spring 22, CBSR can include records owned by CC users.

Answer 73

A

Yes, and it at least needs to be Partner license

Answer 74

A

1 Maximum number of trended datasets per user 5
2 Maximum number of rows per snapshot 100k
3 Maximum number of rows in the report to be trended 500,000 for admins, 100,000 for non-admins
4. Maximum total number of rows in a trended dataset 5 MM
5. Maximum monthly number of rows for all snapshots per org 40MM
5mil dataset, 40mil in a org. Doing trending within TCRM without using a report as source can overcome this. No row limit for TCRM

Answer 75

A

MC now can be upgraded to a Multi-Org account.
1. 1 BU connects to 1 SF Org, up to 5, otherwise performance degradation
2. Multi-BU can connect to same SF org, suitable for regions maintaining their own BUs in Single Org scenario

Answer 76

A

SF signs the sign request with client secrete and canvas app uses canvas sdk to verify.

Answer 77

A

OWD, now also with restriction rule

Answer 78

A

If profile object access is read only, users can only read even if sharing rule or sharing group give them Write access.
If profile object access is Edit, users can only edit a record if sharing rule also has Read/Write access. However it can always edit the record owned by a community users even if sharing set via sharing group gives it Read access only.

Answer 79

A

1, for draft, unpublished records, use restriction rule with Public read only OWD for the external users who can only see published records.
2. It can even hide detail object record in a M-D relationship.
3. For standard object, only contract, task, event are supported
4. Five rules per object

Answer 80

A

The end-to-end solution comprises the source system’s databases, a staging database, and Salesforce. The staging database consists of two layers: the Transformation Layer and Target Layer.
• The Transformation layer is a set of intermediate database structures used for performing transformation and data quality rules. Only transformed and cleansed data will be loaded into the Target Layer.
• The Target Layer has tables structured identical to the Salesforce Objects—data types may differ depending on the database platform used.
• Data from the Target Layer will be loaded into Salesforce via Informatica cloud or any other ETL Cloud capable tool of choice.

Raw Schema -> Canonical Schema->Target Schema

Answer 81

A

Testing: Unit and Integration
1. Identify the appropriate load sequence. Consider relationships across all objects.
2. Run sample migration of a small subset of records from each legacy application; extract, transform, and load into SFDC.
3. Debug issues and update scripts as needed.
4. Run sample migration tests until they run clean with no errors.
Testing: Full Load and Performance Testing
1. Run full migration into sandbox. Full migration = extract, transform, and load all records.
2. Prepare reports on records in the source system or extracts, and the records loaded into Salesforce.com. Identify any missing data.
3. Fix issues and repeat until there are no errors.
4. Run full migration in a full sandbox environment.
5. Validate data from a technical and business perspective.

Answer 82

A

a. A connected app needs to be configured in the Salesforce org.
b. A connected app is only for an inbound scenario from an external application into Salesforce.

Answer 83

A

Configure the Refresh Token Policy setting under the OAuth Policy for the Connected App.

Answer 84

A

No. SAML is a browser-based protocol and requires a browser to facilitate the exchange of SAML tokens in order for the authentication to take place.

Answer 85

A

Access token is returned after a hash fragment and it’s only sent to the callback URL defined in the connected app

Answer 86

A

By configuring a My Domain, admins enable the Force.com platform to recognize the org for which unauthenticated requests are intended, and perform customized behavior, such as redirecting to their Identity Provider through the retrieval of the Single Sign-On settings configuration of the Service Provider org. This would not have been possible if the login was done through a URL at login.salesforce.com as the application will only know which org you are trying to log in to only after the authentication happens. This is because login.salesforce.com is a generic login URL for all Salesforce orgs.

Answer 87

A

The browser is used to facilitate the exchange of SAML tokens between the SP and the IdP.

Answer 88

A

This is achieved through the use of the RelayState parameter, which is passed via the browser as part of the SAML token exchange.

Answer 89

A

If a solution without customers having to authenticate is required, then it’s possible to develop a Force.com Sites page (mobile Responsive) and allow customers to capture their support cases via that page. If the customer provides their email, then notification to the cases can be provided via email.
Location Sharing: This can be enabled using the HTML geolocation feature where required.
• Uploading a Picture: The HTML media capture feature can be used in a hybrid or web app to enable the user to choose a picture on their phone to upload or to take a new picture.

Answer 90

A

The Campaign ROI Analysis Report is located on the Reports tab in the Campaign Reports folder. It calculates your campaigns’ performance by return on investment (ROI) and average cost. For each campaign in the report:

ROI, which is expressed as a percentage, is calculated as the net gain (Value Won Opportunities in Campaign - Actual Cost) divided by the Actual Cost.

Value Won Opportunities in Campaign is the calculated amount of all closed or won opportunities where the campaign is the Primary Campaign Source on the opportunity.

Answer 91

A

When you create an opportunity, you can fill in the Primary Campaign Source field to indicate that the opportunity resulted from a specific campaign.

In addition, when you convert a lead that is linked to a campaign, that campaign is automatically inserted into the opportunity Primary Campaign Source field.

If a lead or contact is linked to multiple campaigns, the campaign with which he or she is most recently associated is inserted into the opportunity Primary Campaign Source field.

The Opportunities related list on a campaign shows every opportunity that is linked to that campaign. You can also run the Campaign Revenue Report to track which opportunities are linked to your campaigns.

Answer 92

A

Campaign influence tracks pipeline and revenue for multiple campaigns, and ties all campaigns of a contact role to that opportunity for pipeline and ROI reporting. This is especially helpful for longer deal cycles when more than one campaign contributes to a closed deal or a converted lead.

Answer 93

A

Cases

Chats

Contact requests

SOS video calls

Social posts

Orders

Leads

Custom objects that don’t have a master object

Answer 94

A

Salesforce sends events using Salesforce Streaming APIs for the PendingServiceRouting object.

Partner application creates a session to authenticate.

Partner application queries Salesforce for work details, agent availability, and more.

Partner application determines the routing decision.

AgentWork is created and pushed to the specified agent in Salesforce.
Step 1: Create a Routing Configuration and Queue for External Routing

Step 2: Create a PushTopic for PendingServiceRouting

Step 3: Listen to the PushTopic

Step 4: Create AgentWork

Answer 95

A

Enable Skill Routing from Omni-Channel

Create Skills (Classic view)

Create Service Resource for agents with skills

Define Skills-Based Routing Rules Enable Skills-Based Routing Rules from the Routing Configuration

Answer 96

A

social customer service can set up two social accounts between FB and Twitter directly from Salesforce.
Social Studio is a full studio to also support Instgram and Youtube. End of life though (only internally)

Answer 97

A

data category or standard sharing rule (not friendly to CC user)

Answer 98

A

In Salesforce Setup, search for and open External Data Sources.

Click New External Data Source

Enter a name for the connectionThis is the name that appears on the search results tab in Salesforce for customers.

Select Federated Search: OpenSearch for the Type.

Answer 99

A

For security reasons, Salesforce restricts the outbound ports you can specify to one of the following:

80: This port only accepts HTTP connections.
443: This port only accepts HTTPS connections.
1024–66535 (inclusive): These ports accept HTTP or HTTPS connections.
8443: MA

Answer 100

A

1) Update your DNS Server With Your Custom Domain by using a Cname
2) Create a Certificate Signing Request & Obtain an SSL Certificate for your domain
3) Update your signed SSL certificate in Salesforce
4) Create a Custom Domain in Salesforce

Answer 101

A

Can submit but not as an approver

Answer 102

A

to enable it, we have to contact support first. after that pre-authz has to be defined by admin
about key words - ‘App Whitelisting’
https://help.salesforce.com/s/articleView?id=sf.security_api_access_control_all_users.htm&type=5

NOTE Salesforce creates connected apps for common Salesforce apps and automatically installs them in your org. It’s your responsibility to approve these connected apps and grant access to users.

no, they r not exclusive. API whitelisting blocks everyone from using unknown apps - users can’t install any apps they wish. Admin must authorize the apps and grant it to sepcific users through profile or perm sets

if u don’t enable API whitelisting, and just pre-authorize existing apps, then those users don’t have to give consent when they use it. but, nothing stops those users or others from installing other apps.

Answer 103

A

UI Layer
Login - Native, SSO, MFA
Session - IP range, Login Hours, PWD policy
Clickjack, CSP, Locker, XSS, XSRF
Business Layer
Apex WITH SHARING
SOQL with enforced security
SOQL Injection
Data Layer
Profile / Perm CRUD and FLS
OWD
Role-based Access -> RH, OBS, CBS, Teams, Apex/Manual Sharing
Platform Encryption

Answer 104

A

1 register from vendor, apple or google
2, store the registered credential in connected app which also enable mobile push
3, users who register the app will have a push token from apple/google which is uploaded into Salesforce associated with user record
4, it’s called Mobile Push notification from user record

Answer 105

A

API Gateway is used for managing the APIs (like securing, publishing, subscribing etc for end-to-end management of APIs)
ESB is Enterprise Service Bus - helpful in integrating multiple applications in different format through message transformation, routing etc.

Answer 106

A

Data replication — Heroku Connect
Data proxies - Salesforce Connect (not Odata 4, only Read)
Custom user interfaces -Canvas, SF rest api
External processes - Function, call-out

Answer 107

A

Standard Polling - 2 min - 60 mins, 1 min internal for adjustment
Accelerated Polling - polling on demand (Push Topic)

Answer 108

A

When bi-directional (“read-write”) sync is configured, Heroku Connect writes changes to Salesforce using SOAP or Bulk API. These API calls don’t count towards your Salesforce API limit.

The Bulk API is optimized for operations that apply to larger datasets. It’s faster than using SOAP API in these scenarios. Connect automatically attempts to use the Bulk API when all the following conditions are met:

The connection is configured to use the Ordered Writes algorithm.
A unique identifier is specified for the mapping.
Between 2,000 and 10,000 contiguous changes of the same type (INSERT, UPDATE or DELETE) are made to a given object. For example, 5000 INSERTS into ‘Lead’ object.
The Salesforce API version for the connection is set to v39 or higher.
When writing changes for more than 10,000 records using the Bulk API, the records are processed in batches of 10,000.

Heroku Connect uses SOAP API for writing changes to your Salesforce organization when:

There are fewer than 2,000 records to be processed.
The conditions to use the Bulk API aren’t met.
Heroku Connect attempts to pack as many records as possible into a SOAP message, up to 200 records.

Answer 109

A

A PushTopic is an sObject that contains the criteria of events you want to listen to, such as data changes for a particular object. You define the criteria as a SOQL query in the PushTopic and specify the record operations to notify on (create, update, delete, and undelete). In addition to event criteria, a PushTopic represents the channel that client apps subscribe to.
* support filtering (very unique feature)
* respect object, field, record sharing
* doesn’t support shield encryption field

Answer 110

A

All, reference (default), select, where

Answer 111

A

gap events instead of change events to inform subscribers about errors, or if it’s not possible to generate change events. A gap event contains information about the change in the header, such as the change type and record ID. It doesn’t include details about the change, such as record fields.

The conditions that cause gap events include:

The change event size exceeds the maximum 1 MB message size.
Some field type conversions of custom fields. For more information, see Conversions That Generate a Gap Event.
When an internal error occurs in Salesforce preventing the change event from being generated.
Changes that occur outside the application server transaction and are applied directly in the database. For example, archiving of activities or a data cleanup job in the database. To not miss these operations, gap events are generated to notify you about those changes.

The first 100,000 changes generate change events. The set of changes beyond that amount generates one overflow event for each entity type included in that set. An overflow event is generated when a single transaction contains more than 100,000 changes. An overflow event contains only header fields. The changeType field header value is GAP_OVERFLOW instead of the specific type of change. The object type corresponding to the change is in the entityName field. An overflow event doesn’t include details about the change, such as the record fields or record ID.

A record creation, deletion, or undeletion counts as one change toward the threshold. However, in a record update, each field change counts toward the overflow threshold. For example, if three field values are modified in one record update, they count as three operations against the overflow threshold.

Answer 112

A

Composite, Composite Graph, Composite Batch, Sojbect Tree(Post, only for creation of nested object tree type records), Sobject Collection (GET, DELETE, PATCH, POST)

Answer 113

A

chatter feed has option to select only post to internal users or all users with access.

Answer 114

A

Case -> application->broker account so sharing set

Answer 115

A

1, create apex class implement Messaging.InboundEmailHandler interface
2. create email service
3. All emails stored in InboundEmail Object
4 Add email addresses into this email service which receives emails from customer

Answer 116

A

OBM but PE is ok. Ensure to mention the guarantee from ESB to target sys (like having a message queue to manage)

Answer 117

A

migrated to DWH, then SF Connect
if viewing email sent via MC, MC connect does sync to SF but it’s storage count. Can use LWC +API too.
If migrated email has attachement, need consider external storage solution as well. so DWH needs to have a field linked to it.

Answer 118

A

1 email 2 sf is for internal user to use to forward their emails sent from Outlook or Gmail to customers also to Salesforce so the email is associated as an activity. It’s not for external users to send email back to SF org.
2 Apex email service is to process external inbound emails programmatically and you can set up a few email addresses exposed to customers so whatever emails sent to those mailboxes will trigger Apex email service.

Answer 119

A

only a single record is created so that writes can be idempotent.

Answer 120

A

The limit for Async SOQL queries is one concurrent query at a time.
Async SOQL is implemented via the Chatter REST API.

Answer 121

A

1 Individual Object is part of OWD, and has ownership
2 Product has no owner
3 CPQ quote and quote line also uses Product and Pricebook as normal, with a lookup to oppty
4 AccountTeam and OpportunityTeam are objects
5 ACR doesn’t have owner field but AccountRelation does and it has OWD too
6 Consent related object don’t have ownership but it has OWD

External license can only read PB and Product
Product can be used to model Individual Item such as rental car, scooter, apartment with lookup to Asset if owned by Landlord
Profile Edit permission can override Sharing Set Read Only access
Asset, Oppty, Case don’t need have an Account association but Order does

Answer 122

A

use List view/Related List or a Custom LWC to display a dashboard

Answer 123

A

Use Registration style, create a global ID, stamp it back to the source

Answer 124

A

Then use Big object if processing needs be done on platform
Or SF function if off platform but it requires cost

Answer 125

A

It can be applied to any object incl. detail object. It has two steps.
1 Define the user group by either User record attribute or a Custom Permission
2 Define the allowed records with criteria set up. (Be ware that formula field can’t be used as criteria).

Restriction Rule can be used for External Object too.

Answer 126

A

Account Relationship Data Sharing rule seems a good fit as it can have conditions when set-up whilst sharingset can’t.

Answer 127

A

Use Custom Connected App Handler to dynamically allow access to the system based on whether the staff owns any open “Classified” Cases.

Answer 128

A

1 CC user can’t be assigned a case owner so it implies CCP license; Try not give CC license to vendor, supplier scenario which has management hierarchy or mention some visibility in reporting section.
2 CRM analytics should be mentioned, maybe even mobile publisher

Answer 129

A

Penetration testing to identify security flaws. Use tools like
CheckMarx or Sonarcube, Salesforce security scanner to review custom code. Security
assessment by an external vendor should be considered.

Answer 130

A

all members have access to this record

Answer 131

A

CBSR on Drug on Development phase, share with Clinical Trial Manager SVP role and subordinates, Read ; Restriction rule on Drug check assigned to = user.ID

Answer 132

A

Better address the branching/repo/packages for multi-org in Presentation.

Answer 133

A

then detail records can be accessed as long as profile allows

Answer 134

A

supported in Community. doees return lag, longi geo info from google. But it won’t be as professional as QAS.

Answer 135

A

RR pattern with integration, customised ordering UI

Answer 136

A

Guest profile can also set up IP range

Answer 137

A

My own thoughts- use Okta as IDP to Partner Community, and then set up Enterprise IDPs in Okta with Routing rules to direct partner domains to each IDP. So establish a Chained SSO

Answer 138

A

A managed pkg to install.
create a data detect policy
scan

Answer 139

A

DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization’s network is firewalled
1 external firewall filters traffic coming in from external networks
2 internal firewar filters traffic between LAN and DMZ

Answer 140

A

to add additional layer of filter. Cant use cross-org adapter or custom adapter. have additional system callout impact on search and changing the rule

Answer 141

A

selenium scripts that will be initially created by testers during QA testing and those scripts will be hooked up to CICD pipelines to complete ongoing regression testing

Answer 142

A

refactoring need to be driven by business values and technical considerations
identify the org object model, OWD, automation approaches - Config Vs Customisation

identify what config automation needs to change to code and vice versa.

use a new org to start replicating the data models and develop sth small. ….

Answer 143

A

hub org set as IDP

all spoke orgs set as SP orgs in SSO setting

in hub org set up Connected apps to define the connections to all those SP orgs

my domains need to enable accross all orgs

Answer 144

A

Entitlement template associated with product, asset associated with product so auto creates the entitlement by the template

Jakub states that it could just use case escalation rule if it’s standard across the business to save data on entitlement record.

Answer 145

A

Heroku has postgres DB

Heroku enables Heroku Connect Add-on

In heroku connect set up, connect to the salesforce instance and postgres DB

in heroku connect select the object that needs to be sync. HC can auto create the related table with the schema or manually created and map

 select fields 

set up sync timing in two ways

Don’t count as API call. Full sync can’t filter

Answer 146

A

SDK provides authentication authorisation natively

Offline mobile sync (didn’t remember this term)

smart store encrypted db

all other mobile services

community support(need understand more)

push notification (need understand more)

Answer 147

A

The key difference between EAC and Outlook Integration when it comes to emails is that EAC will auto-sync emails, events, etc. Outlook Integration does NOT auto-sync.. the user would need to select the record that they want the email or event to be attached to in salesforce

EAC emails do not have full reporting functionality, but emails logged with Outlook Integration DO have full reporting functionality
EAC stores data on AWS with 24 months limit.

Answer 148

A

1 understand data growth 2 Establish Data Retention Policy, 3 Build Archiving Solution (Schedule in batch, keep parent/child structure, bypass automation not trigger sharing recalculation, hard delete option)
4 Testing it, 5 Ensure restoration

Answer 149

A

Uncheck the box in Community Settings “Allow community users to see contacts that have not been enabled for communities”

Answer 150

A

XSS - Cross Site Scripting which means user input is mixed with code to take control user information.

Can be prevented by:
- Use of standard components where possible
- Using HTMLENCODE, JSENCODE or URLENCODE to escape special chars
- Careful use of third party JS Libs

Answer 151

A

SOQL Injection is injecting user input to dynamic SOQL queries.

Mitigation:
- Avoid Dynamic Query where possible
- Use of bind variables
- Use of escapeSingelQuotes method if dynamic query needs to be used

Answer 152

A

Less of programming issue. This is related to to spoofing user with attackers JS,webpage where attackers can take control of user information.

Mitigation:
- Standard Controlers & methods implement Anti-CSRF
- From platform developments perspective, aovid DMLs in on load methods. User only query.
- Educate users to take extra care

Answer 153

A

Use Salesforce Platform Encryption to encrypt the PII
Use Crypto.Encrypt, Crypto.Decrypt based on AES256 Algo and Secret key in Custom Metadata

Answer 154

A

The AT is passed as a hash fragment and not query parameter, so the AT is not sent to the server as part of URL redirect

Clear the browser history on device by calling JS replace function.

Callback URL in UA flow cannot be an HTTPS, it needs to be a custom protocol

Answer 155

A

Session INDEX (NOT ID) is stored at IdP and sent to SPs and RPs duing SSO.
If an SP initiates SLO, then it can post Session INDEX to the IdP SLO URL.
IdP will then inititate SLO with all other SPs or RPs connected to that user session.
After receiving responses from all SPs, IdP notfies the SP that initiated the SLO.

Answer 156

A

A reverse proxy controls and monitors traffic from the internet that requires access to a server inside the customer’s firewall (we encounter this a lot with Salesforce)

Reverse proxy is used for load balancing, security policies, caching etc
Common Use Cases – customer exposes delegated authentication endpoint, web services, outbound messaging endpoint, email relay etc. These are often actually reverse proxy endpoints, then routed internally to real destination
Technologies – Apache Http Server (mod_proxy), IBM Data Power etc

Answer 157

A

Reverse proxy is usually hosted in DMZImagine a Museum that has 2 walls in front of it (external firewall and internal firewall) and a checkpoint post in between the wall. The area between the wall is DMZ. The checkpoint post is the Reverse proxyAnyone coming into the Museum needs to come thru the walls (DMZ) and thru the checkpoint. The checkpoint checks for identity (valid access token, MASSL etc) and then allows to enter the Museum.The checkpoint also ensures traffic control, so too many people dont enter the Museum

Answer 158

A

Prevent your pages to be hosted in IFRAMES on unknown sites. Setup -> Security -> Session Settings
Enabled by default for SF Setup Pages.
Enable it for Community. Different levels - Allow, External Domains whitelisted, Same origin, Don’t Allow

Answer 159

A

Content Security Policy - provides protection against Cross Site Scripting (XSS). Its a W3C standard that controls content loaded on pages. Content can be images, CSS, JavaScript.

Answer 160

A

DKIM (Domain Keys Identified Mail) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature

Answer 161

A

Cross-Origin Resource Sharing (CORS) is a web standard for accessing web resources on different domains

For example, using CORS, JavaScript code at https://www.example.com could request a resource from https://www.salesforce.com.

To access supported Salesforce APIs, Apex REST resources, and Lightning Out from JavaScript code in a web browser, add the origin serving the code to a Salesforce CORS whitelist.

Extras:
Browser will make an automatic preflight request using the OPTIONS HTTP method. This call is used to determine the exact CORS capabilities of the server, which is in turn used to determine whether or not the intended CORS protocol is understood.

Answer 162

A

SAML Bearer
- Requires Connected App where the cert if uploaded
- No IDP required, client can generate a SAML token, sign it and present to token endpoint for AT
- Use case - if client wants to use SAML in exchange for AT and SF does not have SAML SSO enabled

SAML Assertion
- No Connected App required
- SF uses SSO settings cert to validate the SAML token
- The SAML token is issued by IDP
- Use case - when client wants to reuse SAML token to get AT from SF for API access

Answer 163

A

Selectiveness means the filters used in the query are selective.

Standard Index is selective:
- <30% of first million records
- <15% of remaining records after first 1 million
- no more than 1 million of total records

Custom Index is selective:
- <10% of first million records
- <5% of remaining records after first 1 million
- no more than 333,333 of total records

Answer 164

A

Security issues like injection (SOQL, XSS),
Application and code inefficiencies like code not bulkified, queries/dml in loops, multiple triggers etc
OLD API version (Apex classes using very old versions)
Unused code - Classes, VF pages not used for long time
Fields not used
Test - coverage, failures, no asserts
Hardcoding
Duplication of code

Answer 165

A

4 levels of security
- IP login restrictions to Salesforce servers so you know request is coming from SF data centers
- Org ID check to know request is coming from specific SF org
- 2 way ssl to encrypt the message so that on one can tamper with the message
- Session ID check to know the user is allowed to send OBM

Answer 166

A

Export Reports disabled on profile

Answer 167

A

Yes, we can add custom fields, validation rules and triggers on OpptyTeam and Account team. no customisation on Case teams

Answer 168

A

No. Search and SOSL is done on different server and adding skinny table, indexes on data/table will not improve Search performance.

Answer 169

A

API gateway has security and throttling, mainly external facing where you restrict traffic coming from external systems
ESB allows controlled and highly structured integrations between systems, can orchestrate long running api callouts and with multiple systems, mainly internal systems

Answer 170

A

No. Regardless of whether the “API Enabled” profile permission is granted, portal users (Customer Portal, Self-Service portal, and Partner Portal) can’t access Bulk API.

Answer 171

A

AJAX Proxy - https://developer.salesforce.com/docs/atlas.en-us.ajax.meta/ajax/sforce_api_ajax_proxy.htm

Answer 172

A

Contact support to enable Delegated Authentication
Once its enabled, then on profile/using permission uncheck “Is Single Sign-On Enabled” for admins and check it for all other users profiles

Answer 173

A

Use CDN which will faster delivery of static resources based on the geographic location of the user.
Enable Progressive Rendering and set the Display Priority of each component (images) to load at “High”/”Highest”/”Nuetral” pace
Make sure Browser Caching is enabled in Session Settings (default is enabled)

Answer 174

A

Bulk API 2.0, Parallel loading, PK Chunking, Granular locking, Defer sharing calculation,

Answer 175

A

Another suggestion would be to create a Validation Rule once a pattern is identified to stop the records from coming to the Org. A permanent solution would be to enforce a web-side validation or captcha to make sure that the web form is secure and protected from spam. Also, it’d be a best practice to try to avoid easily-accessible source code directly in your website. It’s best practice to use other HTML/API methods instead in order to fully protect web submissions.

Answer 176

A

Approval process can be automated via PB or Flow, prefer flow. However, if an Order or Oppty needs to enter AP based on total amount calculated from Order Product or Oppty Product, this flow needs to be triggered on the child object level by having a parent.amount formula field as a condition.
Approval process cannot submit to user themselves

Approval page layout cannot be customised such as override values etc. It can only be done via Visualforce customisation

Approval process for multi currency - need create AP for each currency because the entry criteria is fixed. May consider using Or condition if the currency type is small

Answer 177

A

Consider Login methods - use VF + expID to control the display of login method

Welcome email needs to be turned off and instead use Flow to send email via customised VF email template

Answer 178

A

SOAP get updates if volume is low
Data replication API
ETL

Answer 179

A

intents in mobile
a calendar intent then u have an option to add to calendar directly or ask to add
similar to calling
if u click a link with phone no intent it makes call to that number

Answer 180

A

3 ways either bluetooth/ wifi/ mobile
1 if bluetooth the data will be first transferred to mobile and from mobile to cloud
2 if wifi/mobile capable watches/bands can directly call the apis from watch/band to sync to cloud

Answer 181

A

1 SOAP API avoid record locking on parent objects of MD R/S
2 Bulk API may cause it
3 Bulk API allows multi attachments loaded from a single zip file

Answer 182

A

Create a Quick Log a Call custom action. Default the date and the type of visit, and provide a Description field. Using their phone’s speech-to-text feature, users can dictate their notes into the Description field, which takes less than a minute. No typing required!

Answer 183

A

Create a dedicated Chatter group where the marketing team can post datasheets. Mobile users can easily view the most recent file from their phone.

Answer 184

A

Create a custom action called Place an Order. The user completes a few required fields, and the update kicks off a workflow that sends an email to customer service. The email contains just enough information to get the order started. Now reps can place orders while they’re sitting in front of the customer.

Answer 185

A

SOAP API to maintain Sobject_share records

Answer 186

A

pub/sub api provides aknowlegement

Answer 187

A

MC can send it via a MC FTP for pdf and then use ampscript to attach

Answer 188

A

Named credential storing JWT token format with link to private key, ESB will have a Token exchange to verify or use Java app to verify to grant access.

Answer 189

A

U don’t need to. It’s the other way around from ETL to SF

Answer 190

A

it’s load testing

Answer 191

A

SF is a processer, SF customer is data controller.
1, Consent Mgm objects, and Consent Capture pkgs which have flows to respect customer choices such as Right to Forget, build additional flows, Apex trigger on Individual object
1.1 Consent Event stream receive notifications about changes to consent fields or contact information on core objects.
2, Platform Encryption for data security, Event Monitorting for data breach, Field Audit history for data retention
3, identify lead, contact fields and categorise it as GDPR compliance in field configuration
4, Data residency - links to Org strategy
5, Marketing Cloud – delete contacts if they require (MC connect), cloud page to capture.
6. SF Email, unsubscribe Footer

Answer 192

A

Data monetization is the act of measuring the economic benefit of corporate data

Answer 193

A

Process of converting original data with a modified content, such as protected PII data,

Two techniques: Pseudonymization and Anonymization. the latter means data is not identifiable, whilst the former can still identify the source data indirectly.

Answer 194

A

Slow record CRUD operation
Slow down search
Slow down SOQL and SOSL queries
Slow Down list views, reports and dashboards
Impacts the data integration interfaces, performance of SF APIs
Longer to calculate sharing records
Higher chance of hitting governor limits
Slow down full data sandbox refresh

Answer 195

A

Data consumption analysis - SF calculates nightly the database stats
Query Optimiser
Bulk API
Batch Apex
Deferred Sharing

Brainscape's Knowledge GenomeTM

CTA Q&A Flashcards

Brainscape's Knowledge Genome^TM