Salesforce Certified Agentforce Specialist (AI-201) Exam Questions

Answer : A

The Model Context Protocol (MCP) in AgentForce and Salesforce AI architecture enables agents to dynamically discover and connect to external tools or APIs during runtime. The documentation defines it as: ''MCP allows LLMs to query registered tool endpoints and retrieve their schemas, enabling dynamic tool discovery and invocation in enterprise AI environments.''

This makes Option A correct --- a legal assistant agent using MCP to find a document classification API illustrates the dynamic, protocol-driven discovery and use of enterprise tools.

Option B, agent-to-agent conversation, involves Agent Network Communication, not MCP. Option C, agent capability discovery through Agent Cards, refers to the Agent Directory feature.

Therefore, Option A best reflects Salesforce's documented description of MCP's role in enterprise AI integrations.

Reference (AgentForce Documents / Study Guide):

AgentForce Architecture Guide: ''Model Context Protocol Overview''

AgentForce Developer Study Notes: ''Dynamic Tool and API Discovery with MCP''

AgentForce Technical Overview: ''Enterprise AI Integration via MCP''

Answer : A

UC wants insights into product and competitor mentions during sales calls, leveraging Einstein Conversation Insights. Let's evaluate the options.

Option A: Enable Einstein Conversation Insights, connect a recording provider, assign permission sets, and customize insights with up to 25 products.

Einstein Conversation Insights analyzes call recordings to identify keywords like product and competitor names. Setup requires enabling the feature, connecting an external recording provider (e.g., Zoom, Gong), assigning permission sets (e.g., Einstein Conversation Insights User), and customizing insights by defining up to 25 products or competitors to track. Salesforce documentation confirms the 25-item limit for custom keywords, making this the correct, precise answer aligning with UC's needs.

Option B: Enable Einstein Conversation Insights, assign permission sets, define recording managers, and customize insights with up to 50 competitor names.

There's no 'recording managers' role in Einstein Conversation Insights setup---integration is with a provider, not a manager designation. The limit is 25 keywords (not 50), and the option omits the critical step of connecting a provider, making it incorrect.

Option C: Enable Einstein Conversation Insights, enable sales recording, assign permission sets, and customize insights with up to 50 products.

'Enable sales recording' is vague---Conversation Insights relies on external providers, not a native Salesforce recording feature. The keyword limit is 25, not 50, making this incorrect despite being closer than B.

Why Option A is Correct:

Option A accurately reflects the setup process and limits for Einstein Conversation Insights, meeting UC's requirement per Salesforce documentation.

Salesforce Help: Set Up Einstein Conversation Insights -- Details provider connection and 25-keyword limit.

Trailhead: Einstein Conversation Insights Basics -- Covers permissions and customization.

Salesforce Agentforce Documentation: Sales Features -- Confirms integration steps.

Answer : A

Answer : C

According to the AgentForce Security and Data Access Configuration Guide, the best practice for ensuring an agent (such as an SDR Agent) can access specific records while maintaining security is to use criteria-based sharing rules. The documentation states: ''When an AI Agent needs access to a subset of records (for example, regional leads), create a sharing rule granting access to that agent's user context based on defined criteria such as region or ownership.''

Option A (assigning the highest-level role) provides excessive access beyond the intended scope, violating the principle of least privilege. Option B (View All permission) gives global object access, which is not secure. Therefore, Option C ensures that the SDR Agent has controlled, region-specific access to lead records.

Reference (AgentForce Documents / Study Guide):

AgentForce Security and Access Guide: ''Using Sharing Rules for AI Agent Access Control''

AgentForce Implementation Handbook: ''Regional Access Configuration for SDR Agents''

Salesforce Data Security Study Guide

Answer : C

Why is 'Sales rep users are missing the Use SDR Agent permission set' the correct answer?

If sales reps are unable to find the Agentforce Sales Development Representative (SDR) Agent, the most likely cause is missing permissions. The 'Use SDR Agent' permission set is required for users to access and interact with the SDR Agent in Agentforce.

Key Considerations for This Issue:

Permission Set Restriction

Users must have the 'Use SDR Agent' permission set to access Agentforce SDR in their Salesforce environment.

If they lack this permission, the SDR Agent will not appear in their interface.

Agentforce Role-Based Access Control

Agentforce assigns specific permissions based on user roles.

Sales reps require explicit permission to access the SDR Agent.

Fixing the Issue

The Salesforce Admin should assign the 'Use SDR Agent' permission set to all relevant sales reps.

This is done in Setup Permission Sets Assign to Users.

Why Not the Other Options?

A. Sales rep users' profiles are missing the Allow SDR Agent permission.

Incorrect because 'Allow SDR Agent' is not a standard permission setting in Agentforce.

Permission is granted via permission sets, not profile-level settings.

B. Sales rep users do not have access to the SDR Agent object.

Incorrect because there is no separate 'SDR Agent object' in Salesforce.

SDR Agents are AI-driven features, not standard CRM objects that require object-level access.

Agentforce Specialist Reference

Salesforce AI Specialist Material confirms that users require specific permission sets to access Agentforce SDR Agents.

Salesforce Instructions for Certification highlight the role of permission sets in controlling Agentforce access.

Answer : C

In the Einstein Trust Layer, the Salesforce Agentforce Specialist can configure privacy data entities to be masked (Option C). This ensures sensitive or personally identifiable information (PII) is obfuscated when processed by AI models.

Data Masking Configuration:

The Agentforce Specialist defines which fields or data types (e.g., email, phone number, Social Security Number) should be masked. For example, masking the Email field in a prompt response to protect user privacy.

This is done through declarative settings in Salesforce, where entities (standard or custom fields) are flagged for masking.

Why Other Options Are Incorrect:

A . Profiles exempt from masking: Exemptions are typically managed via permissions (e.g., field-level security), not directly within Einstein Trust Layer's Data Masking settings.

B . Encryption keys for masking: Encryption is separate from masking. Masking involves obfuscation (e.g., replacing 'john@example.com' with '@'), not encryption, which uses keys to secure data.

Einstein Trust Layer Documentation: States that Data Masking allows admins to 'define which fields should be masked to protect sensitive data.'

Trailhead Module: 'Einstein Trust Layer Basics' explains configuring privacy entities for masking.

Salesforce Help Article: 'Secure AI with Einstein Trust Layer' details masking configurations for privacy compliance.

Answer : A

In the Salesforce Agentforce Platform, assigning actions to Agents requires mapping them through Topics in Agent Builder. Topics act as the container that links an Agent's conversational intent with the specific actions it can perform. By first assigning an action to a Topic in Agent Builder, the Agentforce Specialist ensures that the Agent knows when and how to trigger the action during the business process flow.