Salesforce Plat-Arch-204 Exam Questions Instant Access

Question 1

A company has an external system that processes and tracks orders. Sales reps manage their leads and opportunity pipeline in Salesforce. The company decided to integrate Salesforce and the Order Management System (OMS) with minimal customization and code. Sales reps need to see order history in real-time. The legacy system is on-premise and connected to an ESB. There are 1,000 reps creating 15 orders each per shift, mostly with 20-30 line items. How should an integration architect integrate the two systems based on these requirements?

AUse Salesforce standard object, REST API, and extract, transform, load (ETL).

BUse Salesforce custom object, custom REST API, and extract, transform, load (ETL).

CUse Salesforce external object and OData connector.

Answer : C

To meet the requirements of minimal customization, low developer resources, and real-time visibility without data replication, the architect should utilize Salesforce Connect with External Objects and an OData connector.

Salesforce External Objects allow the OMS data to be viewed within Salesforce as if it were stored natively, but the data remains in the on-premise system. This fulfills the requirement for sales reps to see 'up-to-date information' because every time they view the record, Salesforce Connect fetches the latest data via the ESB's OData endpoint. This Data Virtualization pattern is the most efficient choice for real-time history where users only need to view the data occasionally.

Options A and B involve Data Replication via ETL, which would store the order data inside Salesforce. Given the volume (15,000 orders/shift with 25 line items each = 375,000 records daily), this would rapidly consume Salesforce data storage limits and require significant custom development for the ETL logic and REST APIs. Furthermore, ETL is typically batch-oriented and would not provide the true 'real-time' view requested. By using an OData connector, the architect leverages a declarative, 'no-code' solution that satisfies the timeline constraints and provides immediate access to order details and line items without the cost of data storage.

Question 2

NTO is merging two orgs but needs the retiring org available for lead management (connected to web forms). New leads must be in the new instance within 30 minutes. Which approach requires the least amount of development effort?

AUse the Tooling API with Process Builder to insert leads in real time.

BUse the Composite REST API to aggregate multiple leads in a single call.

CConfigure named credentials in the source org.

Answer : B

Question 3

Northern Trail Outfitters (NTO) has recently changed its Corporate Security Guidelines requiring all cloud applications to pass through a secure firewall before accessing on-premise resources. NTO is evaluating middleware solutions. Which consideration should an integration architect evaluate before choosing a middleware solution?

AThe middleware solution enforces the OAuth security protocol.

BThe middleware solution is able to interface directly with databases via an Open Database Connectivity (ODBC) connection string.

CThe middleware solution is capable of establishing a secure API Gateway between cloud applications and on-premise resources.

Answer : C

When corporate guidelines mandate a firewall-protected entry point for cloud traffic, the middleware architecture must include a component capable of residing in a Demilitarized Zone (DMZ) or perimeter network. The architect must evaluate the solution's API Gateway capabilities.

A secure API Gateway acts as the intermediary that terminates external (cloud) TLS connections and inspects incoming traffic before proxying it to internal systems. It allows the security team to implement:

IP Whitelisting: Ensuring only Salesforce's IP ranges can access the gateway.

Mutual Authentication: Using certificates to verify that the request is genuinely coming from the Salesforce org.

Rate Limiting: Protecting on-premise resources from being overwhelmed by cloud requests.

Option A (OAuth) is an authorization framework and does not satisfy the network-level firewall requirement on its own. Option B (ODBC) is an internal database protocol that should generally never be exposed to a cloud-facing firewall due to security risks. By prioritizing a solution with a hardened API Gateway, the architect ensures that NTO meets its new security mandates while providing a scalable and secure bridge for Salesforce to access back-office services.

Question 4

A global financial company with a core banking system processing 1 million transactions per day wants to build a community portal. Customers need to review their bank account details and transactions. What should an integration architect recommend to enable community users to view their financial transactions?

AUse Salesforce Connect to display the financial transactions as an external object.

BUse Iframe to display core banking financial transactions data in the customer community.

Answer : A

When dealing with high-volume data (1 million transactions per day) that does not need to be stored natively in Salesforce, the architect should recommend Data Virtualization via Salesforce Connect.

Salesforce Connect allows the company to display external data as External Objects. This approach provides several architectural advantages for a banking community:

No Data Storage: Transactions remain in the core banking system, avoiding the massive storage costs and complex synchronization logic required to house millions of records natively in Salesforce.

Real-Time Visibility: Because External Objects are queried on-demand via the OData protocol or a custom Apex adapter, customers see the most up-to-date transaction history every time they refresh the page.

While an Iframe (Option B) is technically possible, it is often discouraged due to security concerns (such as clickjacking) and a poor user experience, as the Iframe does not natively integrate with Salesforce UI components or reporting. Salesforce Connect provides a 'seamless' look and feel, allowing External Objects to be used in related lists and Lightning components just like standard Salesforce records, while keeping the heavy data burden on the performant core banking system.

Question 5

A business requires automating the check and updating of the phone number type classification (mobile vs. landline) for all incoming calls delivered to its phone sales agents. The following conditions exist:

At peak, the call center can receive up to 100,000 calls per day.

The phone number type classification is a service provided by an external service API.

Business is flexible with timing and frequency to check and update the records (throughout the night or every 6-12 hours is sufficient).

A Remote-Call-In pattern and/or Batch Synchronization (Replication via ETL: System -> Salesforce) are determined to work with a middleware hosted on customer premise. In order to implement these patterns and mechanisms, which component should an integration architect recommend?

AConnectedApp configured in Salesforce to authenticate the middleware

BAn API Gateway that authenticates requests from Salesforce into the middleware (ETL/ESB)

CRemote Site Settings configured in Salesforce to authenticate the middleware

Answer : A

In this scenario, the architecture involves a Remote-Call-In pattern or Batch Synchronization, where an external system (the middleware or ETL tool) initiates communication with Salesforce to update records. For any external system to securely access Salesforce APIs and perform these updates, it must be authenticated and authorized.

The Connected App is the foundational framework that allows an external application to integrate with Salesforce using APIs and standard protocols, such as OAuth 2.0 and SAML. By configuring a Connected App, the architect can define which permissions (Scopes) the middleware has, such as the ability to access data via the REST or Bulk API. This is the correct choice because the middleware needs to 'log in' to Salesforce to push the phone classification data back into the Account or Contact records.

Option B, an API Gateway, is typically used to manage and secure requests going out of an organization to external services, or to provide a facade for on-premise APIs; it does not handle the inbound authentication into Salesforce itself. Option C, Remote Site Settings, is a configuration used solely to permit Salesforce to make outbound calls to a specific external URL (for example, if Salesforce were calling the phone classification service directly via Apex).

Given that the business is flexible with timing (allowing for nightly or 12-hour syncs) and handles 100,000 calls, a Batch Synchronization pattern via an ETL tool is highly efficient. The ETL tool will authenticate against the Connected App using a secure OAuth flow (such as the JWT Bearer Flow for server-to-server integration), retrieve the new phone numbers, call the external classification API, and then bulk-update the Salesforce records. This setup ensures a secure, scalable, and manageable integration that respects Salesforce's security architecture while meeting the high-volume data requirements of the call center.

Question 6

An enterprise architect has requested the Salesforce integration architect to review the following (see diagram and description) and provide recommendations after carefully considering all constraints of the enterprise systems and Salesforce Platform limits.

About 3,000 phone sales agents use a Salesforce Lightning user interface (UI) concurrently to check eligibility of a customer for a qualifying offer.

There are multiple eligibility systems that provide this service and are hosted externally.

However, their current response times could take up to 90 seconds to process and return (there are discussions to reduce the response times in the future, but no commitments are made).

These eligibility systems can be accessed through APIs orchestrated via ESB (MuleSoft).

All requests from Salesforce will have to traverse through the customer's API Gateway layer, and the API Gateway imposes a constraint of timing out requests after 9 seconds.

Which recommendation should the integration architect make?

ARecommend synchronous Apex callouts from Lightning UI to External Systems via Mule and implement polling on an API Gateway timeout.

BUse Continuation callouts to make the eligibility check request from Salesforce Lightning UI at page load.

CCreate a platform event in Salesforce via Remote Call-In and use the empAPI in the Lightning UI to serve 3,000 concurrent users when responses are received by Mule.

Answer : C

The primary architectural challenge in this scenario is the massive discrepancy between the backend response time (up to 90 seconds) and the API Gateway timeout constraint (9 seconds). In any synchronous integration pattern, the connection must remain open across the entire path; if the API Gateway closes the connection at 9 seconds, a standard Salesforce 'Request-Reply' callout will fail long before the 90-second eligibility check is complete.

Option A is non-viable because synchronous polling at a high scale (3,000 concurrent users) would likely hit Salesforce concurrent request limits and place an immense, unnecessary load on the API Gateway. Option B, using Continuation, is designed to handle long-running callouts (up to 120 seconds) without blocking Salesforce threads, but it still requires the external connection path to remain open. It does not bypass the 9-second timeout imposed by the customer's API Gateway.

The optimal recommendation is Option C, which implements an Asynchronous Request-Reply pattern using Platform Events and the empAPI.12

Request Phase: The Salesforce UI initiates the request. To bypass the 9-second gateway timeout, the ESB (MuleSoft) should be configured to receive the request3 and immediately return an acknowledgment (e.g.,4 HTTP 202 Accepted). This allows the initial Salesforce callout to complete successfully within the 9-second window.56

Processing Phase: MuleSoft then proceeds with the long-running (up to 90 seconds) call to the external eligibility systems.78

Callback Phase (Remote Call-In)9: Once the eligibility result is received, MuleSoft calls back into Salesforce via the REST API to publish a Platform Event containing the result.10

UI Update (empA11PI): The 3,000 sales agents' browsers, having subscribed to the event channel using the empAPI (Lightning's built-in library for streaming events), receive the notification in real-time. The UI then updates to display the 'Display Response' step.

This event-driven architecture effectively 'insulates' Salesforce and the API Gateway from the backend's high latency, ensures scalability for 3,000 concurrent users, and provides a seamless, real-time user experience without hitting governor limits or timeout constraints.

==========

Question 7

What is the first thing an integration architect should validate if a callout from a Lightning web component (LWC) to an external endpoint is failing?

AThe endpoint domain has been added to Cross-Origin Resource Sharing (CORS).

BThe endpoint URL has been added to Remote Site Settings.

CThe endpoint URL has been added to Content Security Policies (CSP).

Answer : C

When an integration initiated from the client-side (the browser) fails, the architect must first look at the browser's security policies. In Salesforce, Lightning Web Components are subject to the Lightning Component framework's Content Security Policy (CSP).

CSP is a security layer that prevents cross-site scripting (XSS) and other code injection attacks by restricting which domains the browser is allowed to communicate with. If an LWC attempts to make a fetch() call to an external REST endpoint, the browser will block the request unless that specific domain is whitelisted in CSP Trusted Sites.

Option B (Remote Site Settings) is a common distractor; these settings are strictly for server-side Apex callouts and have no effect on client-side JavaScript requests. Option A (CORS) is also a browser security mechanism, but it must be configured on the external server to allow Salesforce to access its resources. While CORS is necessary, the first thing to validate within the Salesforce environment for a failing LWC callout is the CSP Trusted Site entry. Without this whitelisting, the request will be terminated by the browser before it even leaves the client, regardless of how the external server is configured.

Salesforce Certified Platform Integration Architect Plat-Arch-204 Exam Questions