Northern Trail Outfitters needs to use Shield Platform Encryption to encrypt social security numbers in order to meet a business requirement. Which action should an integration architect take prior to the implementation of Shield Platform Encryption?
Answer : C
Implementing Shield Platform Encryption is a significant architectural change that requires careful planning before activation. The architect's first priority must be to Review Shield Platform Encryption configurations and understand the platform's functional limitations.
Encryption at rest affects how data interacts with other platform features. For example, encrypting a field can impact the ability to use that field in SOQL WHERE clauses, report filters, list views, or as a unique/external ID. Before encrypting Social Security Numbers, the architect must audit all existing integrations, Apex code, and reports that reference that field to ensure they will still function correctly.
Option A is incorrect because unnecessarily encrypting all data can negatively impact system performance and break standard functionality. Encryption should be applied selectively to sensitive fields based on a clear data classification policy. Option B is factually wrong; Shield is a data protection tool, not an authentication or authorization mechanism like OAuth or SSO. By reviewing the configurations first, the architect can identify potential 'blockers'---such as a field being used in a formula or a criteria-based sharing rule---and address them before the encryption keys are generated and applied.
Northern Trail Outfitters is creating a distributable Salesforce package. The package needs to call into a Custom Apex REST endpoint in the central org. The security team wants to ensure a specific integration account is used in the central org that they will authorize after installation. Which item should an architect recommend?
Answer : B
For a distributable package to securely access a central 'Hub' org, the architecture must support the OAuth 2.0 Web Server Flow. This flow is designed for applications (like the package installed in a 'Spoke' org) that can securely store a Client Secret and need to act on behalf of a specific user.
The Connected App in the central org acts as the 'Identity and Access' gatekeeper. A critical component of the Connected App configuration is the Callback URL (Redirect URI). When a user in the 'Subscriber' org clicks 'Authorize,' Salesforce redirects them to the central org to log in. After successful authentication, the central org needs to know where to send the 'Authorization Code' back to.
In a multi-org packaging scenario, each subscriber org will have a unique instance URL (e.g., na15.salesforce.com). The architect must ensure that the Connected App's callback URLs are correctly configured to handle these redirects.
Option C (Encrypted Passwords) is a major security risk and is considered an 'anti-pattern' in modern integration. Option A is unnecessary, as API access is a standard feature. By using the Connected App with correct Callback URLs, the architect allows the security team in the central org to oversee exactly which 'Spoke' orgs have authorized access. They can use the 'Connected Apps OAuth Usage' page to monitor, rotate secrets, or revoke access for individual orgs, providing the granular security control required for an enterprise-grade distributed Salesforce architecture.
Northern Trail Outfitters uses Salesforce to track leads and opportunities, and to capture order details. However, Salesforce isn't the system that holds or processes orders. After the order details are captured in Salesforce, an order must be created in the Remote system, which manages the order's lifecycle. The integration architect for the project is recommending a remote system that will subscribe to the platform event defined in Salesforce. Which integration pattern should be used for this business use case?
Answer : B
In this scenario, Salesforce acts as the trigger for a business process that completes in an external system. The architect's recommendation for the remote system to subscribe to a platform event is the classic implementation of the Remote Process Invocation---Fire and Forget pattern.1
In a Fire and Forget pattern, Salesforce initiates a process by publishing a message (the event) to the event bus and then immediately continues its own2 processing without waiting for a functional response from the target system. The 'Fire' part occurs when the order details are captured and the event is published; the 'Forget' part refers to Salesforce handing off the responsibility of order creation to the remote system. This pattern is ideal for improving user experience and system performance, as it avoids blocking the user interface while waiting for potentially slow back-office systems to respond.
Option A (Request and Reply) is incorrect because that would require Salesforce to make a synchronous call and wait for the remote system to confirm the order was created before allowing the user to proceed. Option C (Remote Call-In) is the inverse of what is described; it would involve the remote system actively reaching into Salesforce to 'pull' the data, whereas here Salesforce is 'pushing' the notification via an event stream. By using Platform Events to facilitate this hand-off, Northern Trail Outfitters ensures a decoupled, scalable architecture where the remote system can process orders at its own pace while Salesforce remains responsive to sales users.
What should an integration architect recommend to ensure all integrations to the Northern Trail Outfitters' company portal use SSL mutual authentication?
Answer : C
To ensure that all integrations calling into a Salesforce portal are secured with Mutual Authentication, the architect must enable and configure specific platform-level security settings. The primary recommendation is to Enforce SSL/TLS Mutual Authentication for the relevant integration users.
Mutual Authentication (Two-way SSL) adds a layer of trust beyond the standard session-based authentication. When enforced, the Salesforce server requires the calling client to present a valid CA-signed certificate that matches a certificate stored in the org. This ensures that only authorized systems with the correct private key can establish a connection.
To implement this, the architect must first work with Salesforce support to enable the feature. Once enabled, a Mutual Authentication Certificate must be uploaded to the org, and a specific user profile---cloned for integration purposes---must have the 'Enforce SSL/TLS Mutual Authentication' permission enabled. This configuration forces the client to use port 8443 (the dedicated port for mutual TLS) for API calls, providing a highly secure, server-to-server connection that protects against impersonation and unauthorized data access.
Northern Trail Outfitters is creating a distributable Salesforce package. The package needs to call into a Custom Apex REST endpoint in the central org. The security team wants to ensure a specific integration account is used in the central org that they will authorize after installation. Which item should an architect recommend?
Answer : C
When building a distributable package (likely a Managed Package) that must securely communicate back to a central 'Hub' org, the architect must use a framework that supports OAuth 2.0 flows. Storing plain-text or even encrypted passwords (Option B) is a security violation and is brittle across different environments.
The architecturally sound solution is to leverage the Authentication Provider and Named Credentials framework. In the central org, a Connected App is created to act as the OAuth endpoint. In the package, an Authentication Provider is configured using the Consumer Key and Consumer Secret from that Connected App. This setup allows the administrator in the 'Subscriber' org (the org where the package is installed) to initiate an OAuth flow.
When the security team 'authorizes' the integration after installation, they are essentially completing the OAuth handshake. This grants the subscriber org an Access Token and a Refresh Token associated with the specific integration user in the central org. This mechanism ensures:
Credential Security: No passwords are ever stored in the code or metadata.
Centralized Control: The security team in the central org can revoke the Refresh Token at any time to kill the integration.
Scalability: The same package can be distributed to hundreds of orgs, each with its own unique, secure connection to the central Hub.
By using an Authentication Provider combined with a Named Credential, the Apex code in the package can simply call the endpoint by its developer name, and Salesforce handles the entire authentication header injection automatically, ensuring a robust and secure cross-org integration.
Northern Trail Outfitters uses a custom Java application to display code coverage and test results for all of its enterprise applications and plans to include Salesforce as well. Which Salesforce API should an integration architect use to meet the requirement?
Answer : C
For developer-centric tools that need to access fine-grained technical data like code coverage and test results, the Tooling API is the correct architectural choice.
While the Metadata API (Option B) is used to deploy or retrieve code, it does not provide real-time query access to the underlying metrics of a test run. The Tooling API, however, exposes specialized objects such as ApexCodeCoverage, ApexCodeCoverageAggregate, and ApexTestResult. These objects allow the Java application to query exactly which lines of code were executed during a test and the overall percentage of coverage for the organization.
The Analytics REST API (Option A) is designed for querying and interacting with Einstein Analytics (CRM Analytics) datasets and dashboards, which is irrelevant to software development lifecycle (SDLC) metrics. By using the Tooling API, the Java application can perform RESTful queries to gather comprehensive data on test successes, failures, and coverage gaps. This allows NTO to integrate Salesforce into its existing enterprise-wide quality dashboard, ensuring a unified view of code health across all platforms.
Northern Trail Outfitters is planning to perform nightly batch loads into Salesforce from an external system with a custom Java application using the Bulk API. The CIO is curious about monitoring recommendations for the jobs from the technical architect. Which recommendation should help meet the requirements?
Answer : A
For high-volume data loads using the Bulk API, monitoring should be performed programmatically by the orchestrating client---in this case, the custom Java application. The Bulk API is asynchronous, meaning that when you submit a job, Salesforce acknowledges the request and processes it in the background.
The Java application must actively track the state of its own jobs. Using the `getBatchInfo` (or `getJobInfo` in Bulk API 2.0) method allows the application to retrieve the real-time status of each batch. The application can check for statuses such as `Queued`, `InProgress`, `Completed`, or `Failed`. Once a batch is marked as `Completed`, the application can then call `getBatchResult` to retrieve a list of successes and failures for individual records.
Option B is architecturally unsound because Bulk API operations are designed to bypass most synchronous Apex logic to ensure performance; furthermore, creating custom records for every error in a 'nightly batch load' would likely hit other platform limits (like storage or CPU) and defeat the purpose of using the Bulk API. Option C is ineffective for Bulk API monitoring, as debug logs do not capture the background processing of bulk batches and would quickly hit the log size limits.
By recommending Option A, the architect ensures that the Java application maintains full control over the integration lifecycle. The application can log errors locally, implement automated retries for transient failures, and provide the CIO with accurate, high-level reporting on the success rate of the nightly loads without placing unnecessary overhead on the Salesforce platform.
---