Translate needs to Integration Requirements (22%)

Question 1

What is SSL or TLS?

Answer 1

Mutual authentication certificate

Question 2

Better SSL or TLS?

Answer 2

TLS (Transport Layer Security) is more secure and is improved version from SSL.

Question 3

What are API client certificate types?

Answer 3

Self-signed, CA-signed, mutual authentication (SSL or TLS)

Question 4

What is the difference between one-way and two-way authentication?

Answer 4

Two-way is more secure because both the server and client perform validation by verifying each other’s identities. In one-way authentication, only client does that.

Question 5

What are 3 protocols for authorization & authentication?

Answer 5

SAML, OAuth 2.0, OpenID Connect

Question 6

SAML:
- what is
- what language based
- where used?

Answer 6

Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data used in single-sign on.

Question 7

OAuth 2.0

Answer 7

The Open Authorization (OAuth) 2.0 protocol is the industry standard for authorization to allow secure sharing of data between systems.

Question 8

OpenID Connect

Answer 8

Used in social sign-on that adds an authentication layer on top of OAuth 2.0 for the secure exchange of user information.

Question 9

To implement SSO, what standards are supported by Salesforce? (3)

Answer 9

SAML, Delegated Authentication, OpenID Connect

Question 10

To create a Connected App, what protocols should the external application support? (3)

Answer 10

SAML, OAuth, OpenID Connect

Question 11

Can a Connected App be created to integration service providers when SF acts as the identity provider?

Answer 11

Yes

Question 12

Can Salesforce run as an OAuth authorization server?

Answer 12

Yes, SF can authorize and authenticate connected apps, which can be dynamically created from an external system

Question 13

How can we manage Connected App’s access? (3)

Answer 13

• By setting security policies
• Defining which users have access by assigning profiles
• A refresh token policy can be scheduled to automatically revoke a connected app’s access
• etc

Question 14

What are 3 roles in SSO flows?

Answer 14

• User
• Identity provider
• Service provider

Question 15

What is SAML Assertion?

Answer 15

A proof of the user’s identity provided by the identity provider. It is an XML document.

Question 16

What is Access Token?

Answer 16

It represents the user’s permission to access resources
(and so authenticates requests sent to designated API endpoints)

Question 17

Can OAuth 2.0 acquire access token for a client application?

Answer 17

Yes

Question 18

Can external applications see user’s password or credentials when using OAuth 2.0?

Answer 18

No, they are not revealed nor exposed.

Question 19

In an OAUth 2.0 flow, what are 4 key roles involved?

Answer 19

• Resource Server (hosts the protected resources)
• Resource Owner (entity or end user who grants access to the protected resource)
• Authorization Server (issues access tokens)
• Client (application requesting resource access on behalf of the resource owner)

Question 20

What are 4 types of tokens in OAuth 2.0?

Answer 20

• Authorization Code
• Access Token
• Refresh Token
• ID Token

Question 21

What is authorization code?

Answer 21

Temporary code that will be exchanged for an access token

Question 22

What is refresh token?

Answer 22

Token that is long-lived and used to acquire a new access token

Question 23

What is ID Token?

Answer 23

Security token that contains information related to the end user

Question 24

Access Token?

Answer 24

Token used by client to access protected resources in the resource server

Question 25

Bearer Token?

Answer 25

An access token is used as a bearer token, meaning the entity who bears the token can access protected resources without further identification requirements

Question 26

Consumer Key?

Answer 26

The key used by consumer (client) such as an external application to authorize the Salesforce user and itself on the user’s behalf. Also referred as Client Id.

Question 27

Consumer Secret?

Answer 27

A secret, or confidential data, that is used to establish that the consumer holding the consumer secret owns the consumer key. Also referred as Client Secret.

Question 28

OAuth Endpoints

Answer 28

OAuth endpoints are the URLs that you use to make OAuth authorization requests to Salesforce

Question 29

What are the different OAuth flows? (9)

Answer 29

1. Web Server
2. User-Agent
3. JWT Bearer
4. Device
5. SAML Bearer Assertion
6. SAML Assertion
7. Username-Password
8. Client-Credentials
9. Refresh Token

Question 30

Which OAuth flow to use to integrate external web applications?

Answer 30

Web Server

Question 31

Which OAuth flow to use to integration desktop/mobile applications?

Answer 31

User-agent

Question 32

Which OAuth flow to use for server-to-server integration?

Answer 32

JWT Bearer

Question 33

Which OAuth flow to use for IoT integration?

Answer 33

Device

Question 34

Which OAuth flow to use to request an access token via SAML?

Answer 34

SAML Bearer Assertion

Question 35

Which OAuth flow to use as an alternative for services using SAML?

Answer 35

SAML Assertion

Question 36

Which OAuth flow to use when the external app stores the user’s credentials?

Answer 36

username-password

Question 37

Which OAuth flow uses a consumer key and consumer secret?

Answer 37

Client-Credentials

Question 38

Which OAuth flow is used to request a new access token?

Answer 38

Refresh Token

Question 39

Does SAML Assertion Flow requires Connected App?

Answer 39

No. It’s SAML Bearer Assertion flow that requires it.

Question 40

Which is recommended: client credentials OAuth 2.0 flow or username-password?

Answer 40

Client credentials - it is more secure.

Question 41

What OpenID Connect is used for?

Answer 41

To Identify details of the user associated with an access token. It’s an authentication layer on top of OAuth 2.0

Question 42

What is authentication?

Answer 42

The process that is used to verify that the user is actually who they say they are.

Question 43

What is authorization?

Answer 43

The process of providing or determining the permissions or actions that an authenticated user can do.

Question 44

Delegated Authentication?

Answer 44

Allows users to log in to SF using credentials that are verified by an external authentication provider

Question 45

Does Delegated Authentication requires users to log in to each app separately?

Answer 45

Yes, even though they use the same ID for multiple apps.

Question 46

Which integration pattern is the best for small volume, real-time activities?

Answer 46

Remote Process Invocation - Request & Reply

Question 47

What is a continuation?

Answer 47

An asynchronous callout, used to avoid hitting the synchronous Apex transaction governor limits. Although asynchronous, its implementation still falls under the request & reply pattern since a reply is expected through a callback.

Question 48

What’s the max time-out for Request & Reply?

Answer 48

120 seconds

Question 49

What’s the max platform event message size in fire & forget?

Answer 49

1 MB

Question 50

Can you receive a positive acknowledgement of a successful hand-off to the remote system in Fire & Forget pattern?

Answer 50

Yes

Question 51

How many records should be processed to consider Bulk API 2.0?

Answer 51

More than 2000

Question 52

Which API does Change Data Capture use?

Answer 52

Streaming API
now pub/sub

Question 53

How to avoid data contention?

Answer 53

With data segmentation techniqeus (e.g. filter criteria)

Question 54

What’s the max file size for upload via Remote Call-In?

Answer 54

2 GB for the ContentVersion and 500MB for all other objects

Question 55

Which APIs can be used in remote call-in?

Answer 55

REST, SOAP or BULK API 2.0

Question 56

Can a remote call-in time-out?

Answer 56

Yes. Each SOQL query has a limit of 120sec

Question 57

How is System’s processing capacity called?

Answer 57

Throughput

Question 58

How is system’s responsiveness to requests and demands is called?

Answer 58

Latency

Question 59

What’s throughput optimization?

Answer 59

Number of concurrent requests, which translates to workload, that an application can complete in a given time.

Question 60

What contributes to the workload in the system? (3)

Answer 60

1. Number of transactions
2. Number of concurrent users
3. Complexity of the requests

Question 61

What are some techniques to optimize throughput? (4)

Answer 61

• Async process
• Bulk process
• Proper queries (SOSL and SOQL)
• Platform cache

Question 62

What are some techniques to optimize latency? (4)

Answer 62

• Optimize reports
• Optimize filters
• Simplify sharing
• Optimize interface

Question 63

Which factors determines integration tool’s performance? (3)

Answer 63

• Timing (sync vs async)
• Volume
• Ability to process multiple objects