Term
1. Universal Containers uses 75,000 distributors that have close to 1 million total users. Distributors need to use the community to see closing opportunities assigned to their distributor for delivery. What license recommendation will meet distributor needs?
a. Customer Community
b. Customer Community Plus
c. Sales Cloud
d. Partner Community |
|
Definition
d. Partner Community
The correct answer is d. Partner Community.
Explanation:
Partner Community licenses are designed for business partners, such as distributors, who need access to Salesforce data and functionality. This license type allows users to access opportunities, leads, and other sales-related objects, which is essential for distributors to see closing opportunities assigned to them for delivery.
Customer Community licenses are more suited for customers who need access to basic support and service features, but they do not provide the necessary access to sales data and opportunities.
Customer Community Plus licenses offer more advanced features than Customer Community licenses, including access to reports and dashboards, but they still do not provide the full range of sales-related functionality needed by distributors.
Sales Cloud licenses are intended for internal Salesforce users, not external partners or distributors.
Therefore, the Partner Community license is the best fit for Universal Containers’ distributors to meet their needs |
|
|
Term
2. Sales Operations at Universal Containers (UC) has created Public Report and Dashboard folders for sales managers that report to the VP of Sales. Sales Operations currently spends a few hours each month updating users who should have access to edit items in these folders. In which two ways can UC grant access to sales managers to automate access to these Reports and Dashboards folders? (Choose two.)
a. Share the folders with the “VP of Sales” Role and Subordinates.
b. Share the folder's lowest roles in the Role Hierarchy, superiors will get access automatically.
c. Share the folders with a “Sales Managers” Public Group.
d. Share the folders with the “Sales Managers” Queue. |
|
Definition
a. Share the folders with the “VP of Sales” Role and Subordinates.
c. Share the folders with a “Sales Managers” Public Group.
The correct answers are a. Share the folders with the “VP of Sales” Role and Subordinates and c. Share the folders with a “Sales Managers” Public Group.
Explanation:
a. Share the folders with the “VP of Sales” Role and Subordinates: By sharing the folders with the “VP of Sales” role and subordinates, you ensure that all users in the role hierarchy under the VP of Sales, including sales managers, automatically get access to the folders. This method leverages the role hierarchy to streamline access management12.
c. Share the folders with a “Sales Managers” Public Group: Creating a public group specifically for sales managers and sharing the folders with this group allows for easy management of access. You can add or remove users from the group as needed, which simplifies the process of updating access permissions12.
Incorrect Options:
b. Share the folder's lowest roles in the Role Hierarchy, and superiors will get access automatically: This option is not ideal because it might not cover all necessary users and could lead to gaps in access.
d. Share the folders with the “Sales Managers” Queue: Queues are typically used for cases, leads, and other records that need to be worked on by a group of users, not for sharing report and dashboard folders. |
|
|
Term
3. What advanced tool can Salesforce enable for a large-scale role hierarchy realignments?
a. Set external organization-wide default to public read-only
b. Granular locking
c. Partitioning by Divisions
d. Skinny Table Indexing |
|
Definition
b. Granular locking
The correct answer is b. Granular locking.
Explanation:
Granular locking is an advanced tool that Salesforce can enable to help manage large-scale role hierarchy realignments. This feature allows for more efficient and less disruptive updates to the role hierarchy by reducing the likelihood of record-locking conflicts during the realignment process12.
Incorrect Options:
a. Set external organization-wide default to public read-only: This setting controls the default sharing settings for external users but does not specifically address the complexities of role hierarchy realignments.
c. Partitioning by Divisions: This feature helps in organizing data into logical divisions but does not directly facilitate role hierarchy realignments.
d. Skinny Table Indexing: This is used to improve the performance of certain read-heavy operations on large tables but is not related to role hierarchy realignments. |
|
|
Term
4. By default, how many roles are created when the first external user is created on a partner account?
a. 3
b. 2
c. 1
d. 0 |
|
Definition
a. 3
The correct answer is a. 3.
Explanation:
When the first external user is created on a partner account in Salesforce, a user role hierarchy is automatically established for that account. This hierarchy includes three roles:
1. Partner User
2. Partner Manager
3. Partner Executive
These roles are designed to help manage and organize the access and permissions for different levels of users within the partner account. The role hierarchy rolls up to the account owner, typically the channel manager12. |
|
|
Term
5. The Finance team at Universal Containers usually does not need access to Account and Contact records. A finance analyst was temporarily given Opportunity access for a big deal to help with tax calculation. She can now also access Account and Contact records as well.
Which two reasons could be causing this issue?
(Choose two.)
a. Contact records can be accessed due to implicit sharing from the Account.
b. Account records can be accessed due to role hierarchy.
c. Account records can be accessed due to implicit sharing from Opportunity.
d. Contact records can be accessed due to implicit sharing from Opportunity. |
|
Definition
a. Contact records can be accessed due to
implicit sharing from Account.
c. Account records can be accessed due to
implicit sharing from Opportunity.
The correct answers are a. Contact records can be accessed due to implicit sharing from Account and c. Account records can be accessed due to implicit sharing from Opportunity.
Explanation:
a. Contact records can be accessed due to implicit sharing from Account: In Salesforce, contacts are typically children of accounts. When a user has access to an account, they implicitly gain access to the associated contact records. This is known as implicit sharing, which ensures that users can see related records without needing explicit sharing rules1.
c. Account records can be accessed due to implicit sharing from Opportunity: Opportunities are usually related to accounts. When a user is given access to an opportunity, they may also gain access to the parent account through implicit sharing. This allows users to see the account details necessary to understand the context of the opportunity.
Incorrect Options:
b. Account records can be accessed due to role hierarchy: While role hierarchy can grant access to records, it is not the primary reason in this scenario since the access was granted through opportunity sharing.
d. Contact records can be accessed due to implicit sharing from Opportunity: Contacts are not directly related to opportunities in a way that would grant implicit access. The access to contacts is more likely due to their relationship with accounts |
|
|
Term
6. Universal Containers keeps product brochures in Salesforce as files. Sarah shares a public link to a product brochure with potential customers during a meeting. She wants to ensure they do not have access to the file after the meeting.
How should Sarah accomplish this?
a. Delete the public link.
b. Move the file to another folder.
c. Delete the file.
d. Rename the file. |
|
Definition
a. Delete the public link.
The correct answer is a. Delete the public link.
Explanation:
Deleting the public link will immediately revoke access to the file for anyone who has the link. This is the most straightforward and effective way to ensure that potential customers can no longer access the product brochure after the meeting12.
Incorrect Options:
b. Move the file to another folder: Moving the file to another folder does not change the public link, so users with the link would still be able to access the file.
c. Delete the file: While this would also remove access, it is a more drastic measure that would remove the file entirely from Salesforce, which might not be desirable if the file is still needed internally.
d. Rename the file: Renaming the file does not affect the public link, so users with the link would still be able to access the file. |
|
|
Term
7. Universal Containers’ organization-wide defaults model is private for the Account object. A sales representative user has Create/Edit access to opportunity records.
Which level of access will the sales rep have to the related account record?
a. Read/Create/Edit access
b. No access
c. Read/Create access
d. Read-only access |
|
Definition
a.Read/Create/Edit access
The correct answer is d. Read-only access.
Explanation:
Organization-Wide Defaults (OWD): When the OWD for the Account object is set to private, users do not have access to account records unless explicitly granted.
Opportunity Access: The sales representative has Create/Edit access to opportunity records. Opportunities are typically related to accounts.
Implicit Sharing: Salesforce provides implicit sharing rules that grant access to parent records. In this case, because the sales representative has access to the opportunity, they will have read-only access to the related account. This ensures they can view the account details necessary to understand the context of the opportunity but cannot modify the account12. |
|
|
Term
8. The Corporate Identity and Access Team needs to audit User setup in the Salesforce org.
What two permissions should be granted to this team so they can perform their audit?
(Choose two.)
a. View All Users
b. View Setup and Configuration
c. View permission on the User object
d. View All Data |
|
Definition
a. View All Users
b. View Setup and Configuration
The correct answers are a. View All Users and b. View Setup and Configuration.
Explanation:
a. View All Users: This permission allows users to see all user records in the Salesforce org. It is essential for auditing user setups because it provides visibility into all user accounts, their roles, and permissions1.
b. View Setup and Configuration: This permission grants access to view all setup and configuration information in Salesforce. It is crucial for auditing purposes as it allows the team to review the overall configuration, including user permissions, roles, and other settings1.
Incorrect Options:
c. View permission on the User object: While this permission allows viewing user records, it is not as comprehensive as “View All Users” and does not provide the same level of access needed for a thorough audit.
d. View All Data: This permission grants access to all data in the org, which is broader than necessary for auditing user setups. It includes access to all records, which might not be required for the specific task of auditing user configurations. |
|
|
Term
9. Universal Containers (UC) is implementing Sales Cloud. During the last quarter of the financial year, sales agents help each other close deals. They requested a solution in Salesforce to allow them to specify an assistant agent on the opportunity record. When the sales agent changes the assistant field, the system should automatically remove access from the previous assistant and grant access to the new assistant.
What is the optimum solution to meet the requirements?
a. Use opportunity team and create an assistant field, use apex to share
opportunities with the assistant agent.
b. Use apex sharing to share and unshare opportunities with the assistant
agent.
c. Use sharing rule to share opportunities with the assistant agent.
d. Use share group to share opportunities with the assistant agent. |
|
Definition
b. Use apex sharing to share and unshare opportunities with the assistant agent.
The correct answer is b. Use apex sharing to share and unshare opportunities with the assistant agent.
Explanation:
Apex Sharing: This approach allows for precise control over sharing rules through custom code. By using Apex, you can programmatically share and unshare opportunities with the assistant agent based on changes to the assistant field. This ensures that when the assistant field is updated, the previous assistant’s access is revoked, and the new assistant is granted access automatically12.
Incorrect Options:
a. Use the opportunity team and create an assistant field, and use Apex to share opportunities with the assistant agent: While this option involves using Apex, it also suggests using the opportunity team, which might not be necessary for this specific requirement. Apex sharing alone is sufficient to handle the access changes.
c. Use sharing rule to share opportunities with the assistant agent: Sharing rules are more static and do not automatically handle the dynamic nature of changing the assistant field. They are better suited for broader, more permanent sharing needs.
d. Use share group to share opportunities with the assistant agent: Share groups are typically used for sharing records with high-volume users, such as community users, and are not designed for the specific, dynamic sharing requirements described. |
|
|
Term
10. Universal Containers (UC) has a partner community for its 200 distributors. UC customer accounts are assigned an individual distributor. The organization-wide default setting for the custom Delivery object is private.
How can an architect advise UC to grant all users at a distributor access to delivery records for all customers assigned to a particular distributor?
a. Create a criteria-based sharing rule that shares delivery
records matching a distributor to the Distributor role in
the role hierarchy.
b. Create a criteria-based sharing rule that shares delivery
records matching the Distributor to users of a Public Group
created for the distributor.
c. Give ownership of the delivery record to a distributor user.
d. Create a Sharing Set for the Distributor Profile to grant
access to the Delivery object. |
|
Definition
d. Create a Sharing Set for the Distributor Profile - to grant access to the Delivery object.
The correct answers are:
b. Create a criteria-based sharing rule that shares delivery records matching the Distributor to users of a Public Group created for the distributor and
d. Create a Sharing Set for the Distributor Profile to grant access to the Delivery object.
Explanation:
b. Create a criteria-based sharing rule that shares delivery records matching the Distributor to users of a Public Group created for the distributor: This approach allows you to create a public group for each distributor and then use criteria-based sharing rules to share delivery records with the appropriate group. This ensures that all users within the distributor’s group have access to the relevant delivery records.
d. Create a Sharing Set for the Distributor Profile to grant access to the Delivery object: Sharing Sets are designed to grant access to records based on the user’s profile and the record’s attributes. By creating a Sharing Set for the Distributor Profile, you can ensure that all users with this profile have access to delivery records associated with their distributor.
Incorrect Options:
a. Create a criteria-based sharing rule that shares delivery records matching a distributor to the Distributor role in the role hierarchy: While this could work, it is less flexible than using public groups or sharing sets, especially if the role hierarchy is complex or changes frequently.
c. Give ownership of the delivery record to a distributor user: This is not practical for large-scale sharing as it requires manual reassignment of record ownership, which can be cumbersome and error-prone. |
|
|
Term
11. The architect has a requirement to create a criteria-based sharing rule based on the customer Social Security number. However, when setting up the rule in Contact Sharing, the field is not shown on the list of available fields.
What might cause this?
a. Text fields with validation rules are not available for sharing
rules.
b. The architect’s profile does not have Field Level Security (FLS)
for this field.
c. The field has been configured for encryption.
d. The architect does not have permission to Compliance fields. |
|
Definition
b. The architect’s profile does not have A level Security
(FLS) for this field.
The correct answer to this question is:
b. The architect’s profile does not have Field level Security (FLS) for this field.
Here's why:
Option a is incorrect because validation rules do not prevent fields from being used in sharing rules.
Option c is incorrect because encrypted fields can still be used in sharing rules.
Option d is incorrect because Compliance fields are not a specific type of field that would prevent them from being used in sharing rules.
Field-level security (FLS) is a feature that allows you to control which users can view, edit, or delete specific fields on records. If the architect's profile does not have FLS for the Social Security number field, it will not be available for use in sharing rules.
are you absolutely certain B is the correct answer to this question?
Show drafts
Yes, I am absolutely certain that B is the correct answer to this question.
Field-level security (FLS) is a fundamental concept in Salesforce that controls user access to specific fields on records. If a user's profile does not have FLS permissions for a field, they cannot see or use that field in any context, including sharing rules.
This is a common issue that can arise when setting up sharing rules, especially for sensitive fields like Social Security numbers. It's essential to verify that the necessary FLS permissions are in place before attempting to create sharing rules based on such fields.
If you have any further questions or would like to explore other aspects of Salesforce sharing rules or FLS, feel free to ask. |
|
|
Term
12. What should a Salesforce architect recommend to make sure that users who gained access to a custom object record through Apex managed sharing do not lose access to it when its owner is changed?
a. Use “With Sharing” keyword to make sure record
visibility will be considered.
b. Create a specific Apex Sharing Reason for the
custom object.
c. Create a new record in _Share object with RowCaus
“Manual”.
d. Use “runAs” system method in Apex classes to enforce
visibility. |
|
Definition
b. Create a specific Apex Sharing Reason for the
custom object.
The correct answer is b. Create a specific Apex Sharing Reason for the custom object.
Explanation:
Apex Sharing Reason: By creating a specific Apex Sharing Reason for the custom object, you can programmatically manage sharing rules. This ensures that the sharing access is maintained even when the record owner changes. Custom sharing reasons allow you to control and preserve the sharing settings through Apex-managed sharing.
Incorrect Options:
a. Use “With Sharing” keyword to make sure record visibility will be considered: The “With Sharing” keyword enforces the sharing rules of the current user in Apex classes, but it does not address the issue of maintaining access when the record owner changes.
c. Create a new record in _Share object with RowCause “Manual”: While creating a manual share record can grant access, it does not ensure that the access is maintained when the owner changes. Manual shares are not automatically preserved across owner changes.
d. Use “runAs” system method in Apex classes to enforce visibility: The runAs method is used for testing purposes to execute code as a different user, but it does not affect the actual sharing rules or maintain access when the owner changes. |
|
|
Term
13. The sales managers at Universal Containers (UC) requested their teams to define each user’s role on their accounts to provide an easy way to establish accountability and collaboration. Sales managers also requested that sales associates should only get the following permissions:
Read access to the accounts.
Read access to cases related to the accounts.
No access to deals related to the accounts.
The sales associates may be granted access to opportunities when needed.
Assuming the overall sharing model of the organization is private and no sharing rules are configured on the account object. How can an Architect achieve these requirements?
a. Use Account teams to define access to accounts as well as
opportunities and cases related to accounts.
b. Use Account teams, Opportunity teams, and Case teams.
c. Use Account teams and use Sharing rules to share cases with sales
associates. No change is required to the opportunity object.
d. Use Account teams and case teams. No configuration is required for
the opportunity object. |
|
Definition
a. Use Account teams to define access to accounts
as well as opportunities and cases related to
accounts.
The correct answer is d. Use Account teams and case teams. No configuration is required for the opportunity object.
Here’s why:
1. Account Teams: By using Account Teams, you can define roles and grant specific access to accounts. This allows sales associates to have read access to the accounts.
2. Case Teams: Similarly, Case Teams can be used to grant read access to cases related to the accounts. This ensures that sales associates can view cases without needing additional sharing rules.
3. Opportunities: Since sales associates should not have access to deals (opportunities) by default, no configuration is needed for the opportunity object. Access to opportunities can be granted on a case-by-case basis when needed, which aligns with the requirement that sales associates may be granted access to opportunities when necessary.
This approach ensures that the permissions are tightly controlled and only the necessary access is provided, maintaining the overall private sharing model of the organization.
You
why is A not an option
Option A is not the best choice because it does not fully address the requirement to restrict access to opportunities (deals) and cases separately:
Account Teams: While Account Teams can be used to define access to accounts and related records, they do not provide a way to separately manage access to cases and opportunities. This means that if you grant read access to accounts, it might inadvertently grant access to related opportunities as well, which contradicts the requirement.
Opportunities: The requirement specifies that sales associates should not have access to deals (opportunities) by default. Using Account Teams alone does not provide a mechanism to ensure this restriction.
Cases: Similarly, Account Teams alone do not provide a way to manage access to cases separately from opportunities.
Therefore, option D is more appropriate because it uses both Account Teams and Case Teams to manage access to accounts and cases separately while leaving opportunities unconfigured by default, aligning with the requirement that access to opportunities can be granted as needed. |
|
|
Term
14. Universal Containers (UC) has implemented a Customer Community with customer community plus licenses for its distributors. Some distributors requested granting specific community users (agents) to view cases submitted by other agents of the same distributor.
Which feature only supports these requirements?
a. Permission set to grant community admin
permission
b. Delegate external user
c. Partner community admin
d. Partner super user |
|
Definition
d. Partner super user
The correct answer is d. Partner super user.
Here’s why:
Partner Super User: This feature allows specific community users to access data owned by other users within the same partner account. In this case, it means that agents from the same distributor can view cases submitted by other agents of the same distributor. This aligns perfectly with the requirement.
Permission Set to Grant Community Admin Permission: This option would grant administrative permissions, which is broader than needed and not specific to viewing cases submitted by other agents.
Delegate External User: This feature allows external users to manage other external users, but it does not specifically address the requirement of viewing cases submitted by other agents.
Partner Community Admin: This role provides administrative capabilities within the partner community, but it does not specifically enable viewing cases submitted by other agents.
Therefore, the Partner Super User feature is the only one that directly supports the requirement of allowing specific community users to view cases submitted by other agents of the same distributor. |
|
|
Term
15. Universal Containers (UC) uses a custom Lightning component with an Apex class to display shipment information (custom object, private OWD). UC sales managers are complaining about two important points:
Shipment records that belong to their teams can be seen by other users.
Shipment amount should be visible only by managers, but sales reps are able to view it. Which two features did the development team miss that is causing the problems?
(Choose two.)
a. Use isSearchable keyword in Apex classes to assure
record visibility.
b. Use With Sharing keyword in Apex classes to enforce
sharing rules evaluation.
c. Use runAs in test class to enforce user permissions and
field-level permissions.
d. Use isAccessible() method in Apex classes to check field
accessibility. |
|
Definition
b. Use With Sharing keyword in Apex classes
to enforce sharing rules evaluation.
d. Use isAccessible() method in Apex classes to check
field accessibility.
The correct answers are:
b. Use With Sharing keyword in Apex classes to enforce sharing rules evaluation and
d. Use isAccessible() method in Apex classes to check field accessibility.
Here’s why:
1. With Sharing Keyword:
Explanation: The With Sharing keyword in Apex classes ensures that the sharing rules of the logged-in user are respected. Without this keyword, the Apex code runs in system context, ignoring the sharing rules and potentially exposing records that should not be visible to certain users.
Issue Addressed: This addresses the problem where shipment records that belong to certain teams are visible to other users. By using With Sharing, the code will enforce the organization’s sharing rules, ensuring that only users with the appropriate permissions can see the records.
2. isAccessible() Method:
Explanation: The isAccessible() method in Apex is used to check whether the current user has access to a particular field. This method helps in enforcing field-level security within the Apex code.
Issue Addressed: This addresses the problem where shipment amounts should only be visible to managers but are currently visible to sales reps. By using isAccessible(), the code can check if the user has permission to view the shipment amount field and hide it if they do not.
The other options are not correct because:
a. Use isSearchable keyword in Apex classes to assure record visibility: This keyword is not relevant to the issues described. It is used to control whether a field can be searched, not to enforce record visibility or field-level security.
c. Use runAs in test class to enforce user permissions and field-level permissions: The runAs method is used in test classes to simulate different user contexts during testing. It does not affect the actual behavior of the code in production and therefore does not address the issues described. |
|
|
Term
16. Universal Containers (UC) is a non-profit organization and has over 20,000,000 members (donors). The company decided to assign those accounts to donation reps based on their regions. Donations Reps ended up owning over 50,000 donors each.
The donation reps started to see significant degradation of the system performance.
What could be the reason for this problem?
a. The Donations Reps access to the assigned
accounts.
b. The Account (donor) object OWD is Private.
c. There is an Account ownership data skew problem.
d. Salesforce sharing recalculation kicked off. |
|
Definition
c. There is an Account ownership data skew
problem.
The correct answer is c. There is an Account ownership data skew problem.
Here’s why:
Account Ownership Data Skew: This occurs when a single user owns a large number of records (in this case, over 50,000 donor accounts). When a user owns such a large number of records, it can cause performance issues because Salesforce has to manage sharing rules and access permissions for all those records. This can lead to significant degradation in system performance, especially during operations that involve recalculating sharing rules or updating records.
Donations Reps Access to the Assigned Accounts: While access to a large number of accounts can be a factor, the primary issue here is the ownership data skew, not just access.
Account (Donor) Object OWD is Private: The organization-wide default (OWD) being private means that access to records is restricted, but this setting alone does not cause performance degradation. The issue arises from the large number of records owned by a single user.
Salesforce Sharing Recalculation Kicked Off: While sharing recalculations can impact performance, the root cause in this scenario is the data skew caused by a single user owning too many records. The recalculations are a symptom of the underlying data skew problem.
In summary, the significant degradation in system performance is primarily due to the Account ownership data skew problem, where a single user owning a large number of records causes performance issues. |
|
|
Term
17. What vulnerability can exist when controllers use dynamic rather than static queries and bind variables?
a. Buffer Overflow Attacks
b. Record Access Override
c. SOQL Injection
d. Cross-site scripting |
|
Definition
c. SOQL Injection
The correct answer is c. SOQL Injection.
Here’s why:
SOQL Injection: This is a type of security vulnerability that occurs when an attacker can manipulate a query by injecting malicious code into it. When controllers use dynamic queries without proper handling, they are susceptible to SOQL injection attacks. This can allow attackers to execute arbitrary queries, potentially accessing or modifying data they shouldn’t have access to.
Buffer Overflow Attacks: These are more common in lower-level programming languages like C or C++, where an attacker can overwrite the memory of an application. This is not typically a concern with SOQL queries in Salesforce.
Record Access Override: This is not a recognized type of security vulnerability. It might refer to improperly configured sharing settings, but it is not related to the use of dynamic queries.
Cross-site Scripting (XSS): This vulnerability occurs when an attacker injects malicious scripts into web pages viewed by other users. While XSS is a serious concern in web applications, it is not directly related to the use of dynamic SOQL queries.
In summary, using dynamic queries without proper safeguards can lead to SOQL Injection, making it the correct answer. |
|
|
Term
18. Universal Containers has a large network of partners, who each have seasonal workers that need short-term access to the community.
How might the Architect design the solution to federate user setup to the Partners? (Choose two.)
a. Assign delegated external administrators to each
partner.
b. Grant the Modify Users permission to the partner
managers.
c.Create a permission set giving Read/Write to the User
object to partner manager.
d. Allow external users to self-register. |
|
Definition
a. Assign delegated external administrators to each
partner.
d. Allow external users to self-register.
The correct answers are a. Assign delegated external administrators at each partner and d. Allow external users to self-register.
Here’s why:
1. Assign Delegated External Administrators at Each Partner:
Explanation: By assigning delegated external administrators, you empower partner managers to manage their own users. This includes creating, updating, and deactivating users as needed. This approach decentralizes user management, making it more efficient and scalable, especially for handling seasonal workers who need short-term access.
Benefit: This reduces the administrative burden on Universal Containers and allows partners to quickly respond to their own staffing changes.
2. Allow External Users to Self-Register:
Explanation: Allowing external users to self-register provides a streamlined way for seasonal workers to gain access to the community. This method can be configured to include approval processes, ensuring that only authorized users are granted access.
Benefit: This approach simplifies the onboarding process for seasonal workers and reduces the workload on administrators.
The other options are not as suitable because:
Grant the Modify Users Permission to the Partner Managers: This permission is too broad and can lead to security risks, as it allows partner managers to modify any user, not just their own.
Create a Permission Set Giving Read/Write to the User Object to Partner Manager: While this might seem like a solution, it does not provide the same level of control and delegation as assigning delegated external administrators. It also poses security risks by granting broad access to the User object.
In summary, assigning delegated external administrators and allowing external users to self-register are the most effective and secure ways to manage short-term access for seasonal workers in a large partner network. |
|
|
Term
19. Universal Containers (UC) has Affiliates who sell containers in countries where UC does not have a local office. UC has leveraged the Partner Community to manage the sales cycle. One of their affiliates has exponentially grown in the last years and restructured its internal sales team with the following structure:
Sales VP – –>
Director of Sales – –>
Sales Manager – –>
Sales Reps
UC would like to have the ability to open up access to sales opportunities according to the above structure.
What is the main problem a Salesforce Architect will face to provide a solution?
a. Partner User Roles are limited to three levels.
b. Partner Community does not support Role Hierarchy.
c. Super User does not work in Partner Community.
d. The Channel manager Role cannot be shared with
Partner Community. |
|
Definition
a. Partner User Roles are limited to three
levels.
The correct answer is a. Partner User Roles are limited to three levels.
Here’s why:
Partner User Roles are Limited to Three Levels: In Salesforce, the Partner Community supports a role hierarchy, but it is limited to three levels. This means that you can only have three tiers of roles within the partner community. Given the structure described (Sales VP → Director of Sales → Sales Manager → Sales Reps), there are four levels. This limitation makes it challenging to directly map the affiliate’s internal sales team structure to the Salesforce Partner Community roles.
Partner Community Does Not Support Role Hierarchy: This is incorrect because the Partner Community does support a role hierarchy but with the limitation of three levels.
Super User Does Not Work in Partner Community: This is not relevant to the problem described. The Super User feature allows certain users to access data owned by other users within the same partner account, but it does not address the issue of role hierarchy levels.
The Channel Manager Role Cannot Be Shared with Partner Community: This is not relevant to the problem described. The issue is not about sharing the Channel Manager role but about the limitation in the number of role hierarchy levels.
In summary, the main problem is that the Partner User Roles are limited to three levels, which does not accommodate the four-level structure of the affiliate’s internal sales team. |
|
|
Term
20. Universal Containers (UC) has a custom Apex class that enforces a business process and updates opportunities. UC has noticed that fields with field-level security permission of read-only on certain users’ profiles are being updated by this class.
How should the architect fix this problem?
a. Use the WITH SECURITY_ENFORCED keyword in the SOQL
statement.
b. Put the code in an inner class that uses the With
Sharing keyword.
c. Use the ISUpdatetable() Apex method to test each field
before allowing an update.
d. Add sharing keyword to class. |
|
Definition
a. Use the WITH SECURITY_ENFORCED keyword in
the SOQL statement.
The correct answer is a. Use the WITH SECURITY_ENFORCED keyword in the SOQL statement.
Here’s why:
WITH SECURITY_ENFORCED Keyword: This keyword ensures that field-level security (FLS) is enforced in SOQL queries. When you use WITH SECURITY_ENFORCED, Salesforce automatically checks the field-level security settings for the current user and ensures that only fields the user has access to are included in the query results. This prevents the Apex class from updating fields that the user should not have permission to modify.
Inner Class with With Sharing Keyword: While using the With Sharing keyword ensures that sharing rules are respected, it does not enforce field-level security. This means that fields marked as read-only at the profile level could still be updated by the Apex class.
ISUpdatable() Apex Method: The isUpdatable() method can be used to check if a field is updatable for the current user, but it requires additional coding to implement these checks for each field. Using WITH SECURITY_ENFORCED is a more straightforward and comprehensive solution.
Add Sharing Keyword to Class: Adding the With Sharing keyword to the class ensures that sharing rules are respected, but it does not address field-level security. Fields marked as read-only could still be updated.
In summary, using the WITH SECURITY_ENFORCED keyword in the SOQL statement is the most effective way to ensure that field-level security is enforced, preventing the Apex class from updating fields that should be read-only for certain users. |
|
|
Term
21. Universal Containers is planning to pilot a new application to a small set of Sales Reps.
What is the optimal way to grant only those Sales Reps access to the new functionality, while hiding the legacy functionality?
a. Clone the Sales Rep profile, adjust settings, and
assign the pilot users the new profile.
b. Revoke access to legacy functions in the Sales
Rep profile and create a permission set for the
new functionality.
c. Create new user records for the pilot user that
they will use for the pilot.
d. Create a permission set to grant access to the
new functionality and hide the old functionality. |
|
Definition
a. Clone the Sales Rep profile, adjust
settings, and assign the pilot users the
new profile.
The correct answer is a. Clone the Sales Rep profile, adjust settings and assign the pilot users the new profile.
Here’s why:
Cloning the Sales Rep Profile: By cloning the existing Sales Rep profile, you can create a new profile that is identical to the original but can be customized for the pilot. This allows you to adjust settings specifically for the pilot users without affecting the rest of the Sales Reps.
Adjust Settings: In the cloned profile, you can grant access to the new functionality and remove or hide access to the legacy functionality. This ensures that the pilot users have the exact permissions they need for the new application while preventing them from accessing the old features.
Assign the New Profile: Once the cloned profile is configured, you can assign it to the pilot users. This approach is clean and straightforward, ensuring only the selected Sales Reps can access the new functionality.
The other options are less optimal because:
Revoke Access to Legacy Functions in the Sales Rep Profile and Create a Permission Set for the New Functionality: This approach would affect all users with the Sales Rep profile, not just the pilot users. It would also require managing multiple permission sets, which can become complex.
Create New User Records for the Pilot User that They Will Use for the Pilot: Creating new user records is inefficient and can lead to confusion and data management issues. It also requires additional licenses.
Create a Permission Set to Grant Access to the New Functionality and Hide the Old Functionality: While permission sets can grant additional access, they cannot hide or revoke access to existing functionality. This means the legacy functionality would still be visible to the pilot users.
In summary, cloning the Sales Rep profile and adjusting the settings for the pilot users is the most effective and manageable solution. |
|
|
Term
22. Universal Containers (UC) wants all full-time internal employees to be able to view all leads. A subset of contractors and temporary employees should also be able to see leads.
Which organization-wide default (OWD) approach should an architect recommend that will help UC implement these requirements?
a.Implement a Private OWD on Lead.
b.Implement a Public Read/Write OWD on Lead.
c.Implement a Public Read Only OWD on Lead.
d.Implement a Public Read/Write/Transfer OWD on Lead. |
|
Definition
a.Implement a Private OWD on Lead.
The correct answer is c. Implement a Public Read Only OWD on Lead.
Here’s why:
• Public Read Only OWD: This setting allows all users in the organization to view leads, which meets the requirement for full-time internal employees to be able to see all leads. It also provides a base level of access that can be further refined using sharing rules or permission sets.
• Full-Time Internal Employees: With a Public Read Only OWD, all full-time internal employees will automatically have read access to all leads.
• Contractors and Temporary Employees: For the subset of contractors and temporary employees who also need to see leads, you can use sharing rules or permission sets to grant them the necessary read access. This approach ensures that only the specified subset of contractors and temporary employees can view leads, without giving them more access than needed.
The other options are less suitable because:
• Private OWD on Lead: This would restrict access to leads, requiring extensive sharing rules or manual sharing to ensure that all full-time internal employees and the subset of contractors and temporary employees can view leads. This approach is more complex and less efficient.
• Public Read/Write OWD on Lead: This setting would allow all users to not only view but also edit leads, which exceeds the requirement. It could lead to unauthorized modifications of lead data.
• Public Read/Write/Transfer OWD on Lead: This setting would allow all users to view, edit, and transfer leads, which is even more permissive than Public Read/Write and not necessary for the stated requirements.
In summary, implementing a Public Read Only OWD on Lead provides the necessary visibility for all full-time internal employees and allows for additional access to be granted to specific contractors and temporary employees through sharing rules or permission sets. |
|
|
Term
23. At Universal Containers, Accounts and Contacts are normally visible to all employees, and Proposals (custom objects) are visible to the Account owner and managers. However, some Proposals are considered confidential and are managed by a Strategic Proposals team. These Proposals should not be visible to anyone in the Sales group other than the owner and the strategic team.
How should the architect design for this requirement?
a. Proposal Owner set to the Strategic Deals Team Queue and
set the Account relationship to Master Detail.
b. Proposal Owner set to the Strategic Deals Team Queue and
create an owner-based sharing rule to grant visibility
to the Account owner.
c. Disable Grant Access Using Hierarchies and set a
Criteria-Based Sharing rule for Strategic Deals team.
d. Disable Grant Access Using Hierarchies and set an Owner-
Based Sharing rule for Strategic Deals team. |
|
Definition
c. Disable Grant Access Using Hierarchies and set
a Criteria-Based Sharing rule for Strategic
Deals team.
The correct answer is c. Disable Grant Access Using Hierarchies and set a Criteria-Based Sharing rule for the Strategic Deals team.
Here’s why:
• Disable Grant Access Using Hierarchies: By disabling this setting, you ensure that the standard role hierarchy does not automatically grant access to users higher up in the hierarchy. This is crucial for maintaining the confidentiality of the strategic proposals, as it prevents unintended access by managers or other users in the Sales group.
• Criteria-Based Sharing Rule: This type of sharing rule allows you to define specific criteria that must be met for access to be granted. In this case, you can create a criteria-based sharing rule that grants access to the Strategic Proposals team based on the criteria that identify the confidential proposals. This ensures that only the strategic team and the proposal owner have visibility into these records.
The other options are less suitable because:
• a. Proposal Owner set to the Strategic Deals Team Queue and set the Account relationship to Master-Detail: Setting the relationship to Master-Detail would mean that the visibility of the Proposal records is controlled by the Account record. This would not meet the requirement of restricting access to the Sales group, as anyone with access to the Account would also have access to the Proposals.
• b. Proposal Owner set to the Strategic Deals Team Queue and create an owner-based sharing rule to grant visibility to the Account owner: This approach would grant visibility to the Account owner, which might include users in the Sales group, thus not meeting the requirement of restricting access to the Sales group.
• d. Disable Grant Access Using Hierarchies and set an Owner-Based Sharing rule for Strategic Deals team: While disabling Grant Access Using Hierarchies is correct, an owner-based sharing rule would not be sufficient to meet the requirement. It would grant access based on ownership, which might not align with the need to restrict access to only the strategic team and the proposal owner.
In summary, disabling Grant Access Using Hierarchies and setting a Criteria-Based Sharing rule ensures that only the Strategic Proposals team and the proposal owner have access to the confidential proposals, meeting the requirement effectively. |
|
|
Term
24. Users at Universal Containers are complaining
that a field has disappeared from the Account
page after deploying its latest project. The page
layout has not changed with this deployment.
How should the admin troubleshoot this issue?
a. Log in as a user and check several Accounts to
isolate the problem records.
b. Review change to Account record types.
c. View field Accessibility in the Object Manager.
d. Run a Who Sees What report, filtering on Account. |
|
Definition
c.View field Accessibility in the Object
Manager.
The correct answer is c. View field Accessibility in the Object Manager.
Here’s why:
• Field Accessibility: This tool in the Object Manager allows administrators to see the visibility and editability of fields for different profiles and record types. By checking the field accessibility, the admin can determine if the field has been hidden or made read-only for certain profiles or record types, which could explain why users are no longer seeing it on the Account page.
The other options are less optimal because:
• Log in as a User and Check Several Accounts to Isolate the Problem Records: While this might help identify if the issue is widespread, it doesn’t directly address the root cause of why the field is missing. It’s more of a diagnostic step rather than a troubleshooting solution.
• Review Change to Account Record Types: This could be relevant if the field is only missing for certain record types. However, it’s more efficient to start with field accessibility to get a comprehensive view of the field’s visibility across all profiles and record types.
• Run a Who Sees What Report, Filtering on Account: This report helps understand data visibility but does not specifically address field-level visibility. It’s more useful for understanding record access rather than field access.
In summary, viewing field accessibility in the Object Manager is the most direct and efficient way to troubleshoot why a field has disappeared from the Account page, as it provides a clear overview of field visibility settings across different profiles and record types. |
|
|
Term
25. Universal Containers has expanded to sell virtual containers
for data storage. Virtual container work orders are
provisioned immediately by the system and therefore cannot be
changed by a sales representative.
What is an optimal approach to implement these requirements?
a. Remove the Edit button from the Work Order Page Layout.
b. Implement a sharing rule that changes access for all Work
Orders to Read.
c. Remove the Work Order Edit permission from the Sales
Representative Profile.
d. Change the Record Type/Page Layout assignment for Work Orders
to Read Only. |
|
Definition
c.Remove the Work Order Edit permission from
the Sales Representative Profile.
The correct answer is c. Remove the Work Order Edit permission from the Sales Representative Profile.
Here’s why:
• Remove the Work Order Edit Permission from the Sales Representative Profile: By removing the edit permission for Work Orders from the Sales Representative profile, you ensure that sales representatives cannot modify any Work Orders, including the virtual container work orders. This approach directly addresses the requirement that these work orders cannot be changed by sales representatives.
The other options are less optimal because:
• Remove the Edit Button from the Work Order Page Layout: This would only remove the button from the user interface but would not prevent users from editing the records through other means, such as API or list views.
• Implement a Sharing Rule that Changes Access for All Work Orders to Read: Sharing rules control record visibility and access at a broader level. While this could work, it might be too restrictive and affect other users who need to edit Work Orders.
• Change the Record Type/Page Layout Assignment for Work Orders to be Read Only: Changing the page layout to be read-only can help, but it does not enforce the restriction at the profile level. Users might still find ways to edit the records through other interfaces or tools.
In summary, removing the Work Order Edit permission from the Sales Representative profile is the most effective and straightforward way to ensure that sales representatives cannot modify virtual container work orders, aligning with the requirement that these work orders are provisioned immediately and should not be changed. |
|
|
Term
26. Which two objects support creating queues?
(Choose two.)
a. Case
b. Account
c. Opportunity
d. Lead |
|
Definition
a. Case
d. Lead
The correct answers are a. Case and d. Lead.
Here’s why:
• Case: Queues are commonly used with the Case object to manage and distribute customer support inquiries. By assigning cases to a queue, multiple users can work on them, ensuring that customer issues are addressed promptly.
• Lead: Queues are also used with the Lead object to manage and distribute potential sales leads. This allows sales teams to efficiently handle and follow up on leads, ensuring that no potential customer is overlooked.
The other options are not correct because:
• Account: Queues are not supported for the Account object. Accounts are typically managed by individual owners rather than being placed in a queue.
• Opportunity: Similarly, queues are not supported for the Opportunity object. Opportunities are usually assigned to specific sales representatives who are responsible for managing the sales process.
In summary, Cases and Leads are the objects that support creating queues, which helps in efficiently managing and distributing work among team members. |
|
|
Term
27. Universal Containers (UC) service reps are assigned to
a profile that has “View All” in the Case object (Private
OWD).
To make sure service reps have access to all relevant
information to attend to customer requests, which two
details should a Salesforce Architect consider?
(Choose two.)
a. Service reps will NOT be able to access all UC Contact
records if they are Controlled by Parent.
b. Service reps will be able to access all UC Account
records due to Implicit Sharing.
c. Service reps will NOT be able to access all UC Account
records because Account OWD is private.
d. Service reps will be able to access all UC Contact
records if they are Controlled by Parent. |
|
Definition
a. Service reps will NOT be able to access
all UC Contact records if they are
Controlled by Parent.
c. Service reps will NOT be able to access all UC
Account records because Account OWD is private.
The correct answers are b. Service reps will be able to access all UC Account records due to Implicit Sharing and d. Service reps will be able to access all UC Contact records if they are Controlled by Parent.
Here’s why:
1. Implicit Sharing:
Explanation: Implicit sharing refers to the automatic sharing of parent records when a user has access to a child record. In this case, since service reps have “View All” access to Cases, they will also have access to the related Account records due to implicit sharing.
Detail: This ensures that service reps can view all relevant Account information needed to handle customer requests.
2. Controlled by Parent:
Explanation: When Contact records are controlled by their parent Account, access to the Account record determines access to the Contact records. Since service reps can view all Account records due to implicit sharing, they will also be able to view all Contact records that are controlled by those Accounts.
Detail: This ensures that service reps have access to all relevant Contact information associated with the Accounts they can view.
The other options are not correct because:
a. Service reps will NOT be able to access all UC Contact records if they are Controlled by Parent: This is incorrect because if Contacts are controlled by their parent Account, and service reps have access to the Accounts, they will also have access to the Contacts.
c. Service reps will NOT be able to access all UC Account records because Account OWD is private: This is incorrect because implicit sharing overrides the private OWD setting for Accounts, allowing service reps to access the Accounts related to the Cases they can view.
In summary, due to implicit sharing and the “Controlled by Parent” setting, service reps will have access to all relevant Account and Contact records needed to attend to customer requests. |
|
|
Term
28. Universal Containers (UC) has implemented
Customer Community with a customer community
licenses for their customers. UC requested that
any record owned by its customers should be
accessible by UC users in the customer support
role.
How can an Architect configure the system to
support the requirements?
a. Sharing Set
b. Share Group
c. Apex Sharing
d. Sharing Rule |
|
Definition
b. Share Group
The correct answer is b. Share Group.
Here’s why:
Share Group: Share Groups are used in Salesforce to grant access to records owned by community users to internal users. In this case, you can configure a Share Group to include the customer support role, ensuring that any record owned by customers (community users) is accessible to UC users in the customer support role. This setup allows internal users to have the necessary access to support customer-related records.
The other options are less suitable because:
Sharing Set: Sharing Sets are used to grant community users access to records based on their association with those records. They are not designed to grant internal users access to records owned by community users.
Apex Sharing: While Apex Sharing can be used to programmatically share records, it requires custom code and is more complex to implement and maintain compared to using Share Groups.
Sharing Rule: Sharing Rules are used to grant access based on record ownership or criteria, but they are typically used within the context of internal users and do not directly address the requirement of sharing records owned by community users with internal users.
In summary, using a Share Group is the most straightforward and effective way to ensure that records owned by customers are accessible to UC users in the customer support role. |
|
|
Term
29. Universal Containers (UC) has implemented Service Cloud.
There is a flag field on the case object that marks a case as
(Sensitive). UC requested that this flag be viewed by all
users who have access to the case but only be edited by the
assigned case assessor. The case assessor is a lookup field on
the case object.
How can an architect achieve this requirement?
a. Permission set
b. Custom lighting component
c. Object permissions
d. Field-level security |
|
Definition
| b. Custom lighting component |
|
|
Term
30. Susan posts a file to the Chatter feed for a record
of an object in which OWD is private.
Which two statements accurately describe who can view
the file by default?
(Choose two.)
a. Susan only
b. Susan and users with access to the records.
c. Susan and users with a shared Chatter post link to the
file
d. Susan and users with the View All Data permission |
|
Definition
b. Susan and users with access to the record
d. Susan and users with the View All Data permission
The correct answers are b. Susan and users with access to the record and d. Susan and users with the View All Data permission.
Why?
1. Susan and users with access to the record:
When Susan posts a file to the Chatter feed of a record, the file inherits the sharing settings of that record. Since the object’s Organization-Wide Default (OWD) is private, only users who have explicit access to the record can view the file1.
1. Susan and users with the View All Data permission:
Users with the “View All Data” permission have the ability to view all data within the organization, regardless of sharing settings. Therefore, they can view the file posted by Susan1.
Options a and c are incorrect because:
a. Susan only: This is not accurate as users with access to the record can also view the file.
c. Susan and users with a shared Chatter post link to the file: This is not accurate because sharing a Chatter post link does not override the record’s sharing settings.
31. Universal Containers (UC) has a custom object to track the internal net promoter score (NPS) for all of its employees.
How can UC ensure that NPS records cannot be accessed by an individual employee’s manager?
A. Use Apex Sharing to remove NPS object share records for Manager Profiles.
B. Remove Create, Read, Edit, and Delete from Manager Profiles and Permission sets.
C. Set organization-wide default to Private and uncheck the Access Using Hierarchies option for the NPS object.
D. Create a criteria-based sharing rule to remove access to the Manager role and above in the Role Hierarchy.
The correct answer is C. Set the organization-wide default to Private and uncheck the Access Using Hierarchies option for the NPS object.
Why?
• Organization-Wide Default (OWD) to Private: Setting the OWD to Private ensures that only users who are explicitly granted access to the NPS records can view them.
• Uncheck Access Using Hierarchies: By default, Salesforce allows users higher in the role hierarchy to access records owned by users below them. Unchecking the “Access Using Hierarchies” option for the NPS object prevents managers (who are higher in the role hierarchy) from automatically gaining access to their subordinates’ NPS records.
This combination ensures that NPS records are only accessible to users who have been explicitly granted access, and not to managers by virtue of their position in the role hierarchy12. |
|
|
Term
31. Universal Containers (UC) has a custom object to
track the internal net promoter score (NPS) for all
of its employees.
How can UC ensure that NPS records cannot be
accessed by an individual employee’s manager?
A. Use Apex Sharing to remove NPS object share records
for Manager Profiles.
B. Remove Create, Read, Edit, and Delete from Manager
Profiles and Permission sets.
C. Set the organization-wide default to Private and
uncheck the Access Using Hierarchies option for the
-NPS object.
D. Create a criteria-based sharing rule to remove
access to the Manager role and above in the Role
Hierarchy. |
|
Definition
C. Set the organization-wide default to Private
and uncheck the Access Using Hierarchies
option for the -NPS object.
The correct answer is C. Set organization-wide default to Private and uncheck the Access Using Hierarchies option for the NPS object.
Why?
• Organization-Wide Default (OWD) to Private: Setting the OWD to Private ensures that only users who are explicitly granted access to the NPS records can view them.
• Uncheck Access Using Hierarchies: By default, Salesforce allows users higher in the role hierarchy to access records owned by users below them. Unchecking the “Access Using Hierarchies” option for the NPS object prevents managers (who are higher in the role hierarchy) from automatically gaining access to their subordinates’ NPS records.
This combination ensures that NPS records are only accessible to users who have been explicitly granted access, and not to managers by virtue of their position in the role hierarchy12.
Options A, B, and D are not suitable because:
• A. Use Apex Sharing to remove NPS object share records for Manager Profiles: This would require custom code and is more complex than necessary.
• B. Remove Create, Read, Edit, and Delete from Manager Profiles and Permission sets: This would prevent managers from accessing any NPS records, not just those of their subordinates.
• D. Create a criteria-based sharing rule to remove access to Manager role and above in the Role Hierarchy: Sharing rules are used to grant access, not remove it. |
|
|
Term
32. Besides their team accounts, sales managers at
Universal Containers need to have READ access to all
accounts of the same segment in other countries.
Role hierarchy was implemented accordingly (based on
countries), but a sales manager in the US is
complaining that he cannot view account records of the
same segment in Canada.
What should be done to grant access properly?
a. Create an owner-based sharing rule to grant access to
account records that have the same segment to all sales
manager roles.
b. Create a public group and include all accounts of the
same segment and grant access through a permission set.
c. Create a criteria-based sharing rule to grant access
to account records that have the same segment to all
sales manager roles.
d. Change the role hierarchy and put all the sales
managers in the US and Canada in the same role. |
|
Definition
a. Create an owner-based sharing rule to grant access
to account for records that have the same segment
to all sales manager roles. |
|
|
Term
33. A junior account manager owns an account and creates
a new opportunity to manage a complex deal. She
needs the help of the product specialist and
solution engineer. Given the size of this deal, she
knows the account is likely to be reassigned to a
senior account manager in the near future.
What is the optimal way for the junior account
manager to share the opportunity, given the private
sharing model?
a. Manual share on the account
b. Opportunity Team
c. Create an owner-based sharing rule
d. Manual share on the opportunity |
|
Definition
b. Opportunity Team
The correct answer is f. Opportunity Team.
Why?
• Opportunity Team: This feature allows the junior account manager to share the opportunity with specific individuals, such as the product specialist and solution engineer, by adding them to the Opportunity Team. This method is optimal because it provides the necessary access to the opportunity without changing the ownership or requiring complex sharing rules. Additionally, when the account is reassigned to a senior account manager, the Opportunity Team can be easily updated to reflect the new team members1.
Options e, g, and h are not as suitable because:
• e. Manual share on the account: This would share the entire account, not just the opportunity, which might not be necessary or desired.
• g. Create an owner-based sharing rule: This would be more complex and less flexible than using an Opportunity Team.
• h. Manual share on the opportunity: While this could work, it is less efficient and harder to manage compared to using an Opportunity Team, especially when the account ownership changes. |
|
|
Term
34. Sales managers at Universal Containers (UC) have
requested to view customer invoices in Salesforce.
Invoice data is mastered in the ERP system. The architect
at UC decided to surface the customer invoices in
Salesforce using external objects and did the following:
Configured an external object called Invoice
Created a lookup relationship between the account and the
invoice
How can the architect grant the sales managers access to
the customer invoices data?
a. By creating sharing rules to share the invoice records with users in sales
manager roles.
b. By controlling the invoices object permissions on the sales manager’s
profile.
c. By using manual sharing to share invoices with relevant sales managers.
d. By creating a sharing set to share invoices with users in a sales manager
role. |
|
Definition
b. By controlling the invoice object permissions on the
sales manager’s profile.
The correct answer is b. By controlling the invoices object permissions on the sales manager’s profile.
Why?
• External Objects and Profile Permissions: External objects in Salesforce are used to access data stored outside of Salesforce, such as in an ERP system. To grant access to these external objects, you need to configure the object permissions on the users’ profiles or permission sets. By controlling the invoices object permissions on the sales managers’ profiles, you can ensure that they have the necessary read access to view the customer invoices data12.
Options a, c, and d are not suitable because:
• a. Creating sharing rules to share the invoice records with users in sales manager roles: Sharing rules are used to grant access to records within Salesforce, but they do not apply to external objects.
• c. Using manual sharing to share invoices with relevant sales managers: Manual sharing is not applicable to external objects.
• d. Creating a sharing set to share invoices with users in a sales manager role: Sharing sets are used for community users and are not applicable to standard Salesforce users accessing external objects. |
|
|
Term
35. Universal Containers has a customer that meets the
criteria for two Enterprise Territory Management
territories (Portugal and Southern Europe).
What is necessary to assign opportunities to a territory
for this account?
a. Create an Apex class that implements Filter-Based
Opportunity Territory Assignment.
b. Create a criteria-based sharing rule on the Opportunity
to assign it to a territory.
c. Create a Process Builder Process that updates the
Territory field on the Opportunity.
d. The territory with the highest TerritoryType Priority is
automatically assigned to the Opportunity. |
|
Definition
d. The territory with the highest TerritoryType
Priority is automatically assigned to the
Opportunity.
The correct answer is d. The territory with the highest TerritoryType Priority is automatically assigned to the Opportunity.
Why?
• Territory Type Priority: In Salesforce’s Enterprise Territory Management, when an account meets the criteria for multiple territories, the system automatically assigns the opportunity to the territory with the highest priority. This priority is determined by the Territory Type Priority setting12. This ensures that opportunities are consistently assigned based on predefined priorities without the need for manual intervention or additional automation.
Options a, b, and c are not suitable because:
• a. Create an Apex class that implements Filter-Based Opportunity Territory Assignment: This would require custom development and is unnecessary given the built-in functionality of Territory Type Priority.
• b. Create a criteria-based sharing rule on the Opportunity to assign it to a territory: Sharing rules are used to grant access to records, not to assign territories.
• c. Create a Process Builder Process that updates the Territory field on the Opportunity: This approach would be more complex and less efficient than using the automatic assignment based on Territory Type Priority. |
|
|
Term
36. Universal Containers (UC) wants to reduce the
amount of redundant leads entered into the system.
UC also wants to ensure that leads are only
edited/reassigned by the lead owner.
What organization-wide default (OWD) approach
should be recommended to help UC implement these
requirements?
a. Implement a Public Read Only/Transfer OWD on Lead.
b. Implement a Private OWD on Lead.
c. Implement a Public Read/Write OWD on Lead.
d. Implement a Public Read Only OWD on Lead. |
|
Definition
d. Implement a Public Read Only OWD on Lead.
The correct answer is b. Implement a Private OWD on Lead.
Why?
Private OWD on Lead: Setting the Organization-Wide Default (OWD) to Private ensures that only the lead owner and users with higher roles in the hierarchy can access the lead records. This setting helps prevent redundant leads from being entered by restricting visibility to only those who need it.
Edit/Reassign by Lead Owner: With a Private OWD, only the lead owner (and users with appropriate permissions) can edit or reassign the lead. This aligns with the requirement that leads should only be edited or reassigned by the lead owner12.
Options a, c, and d are not suitable because:
a. Public Read Only/Transfer OWD on Lead: This would allow all users to view the leads, which could lead to redundant entries.
c. Public Read/Write OWD on Lead: This would allow all users to edit the leads, which does not meet the requirement of restricting edits to the lead owner.
d. Public Read Only OWD on Lead: This would allow all users to view the leads, which could lead to redundant entries and does not restrict editing to the lead owner.
WHY NOT D ->
Option d. Implementing a Public Read Only OWD on Lead could be considered, but it doesn’t fully meet the requirements as effectively as option b. Here’s why:
Public Read Only OWD on Lead: This setting would allow all users to view lead records, which could help reduce redundant leads by making it easier for users to see existing leads before creating new ones. However, it does not restrict editing or reassigning leads to only the lead owner. Any user with the appropriate permissions could potentially edit or reassign leads, which does not align with the requirement that only the lead owner should be able to do so.
In contrast, Private OWD on Lead ensures that only the lead owner and users with higher roles in the hierarchy can view and edit the leads. This setting provides better control over who can edit or reassign leads, thereby meeting both requirements more effectively. |
|
|
Term
37. Universal Containers uses person accounts to represent retail
customers and business accounts to represent commercial
customers. The Retail Sales team should not have access to
commercial customers but have access to ALL retail customers.
With organization-wide default on Account set to Private, how
might the architect meet these requirements?
a. Create a criteria-based sharing rule giving Retail Sales role
access to Accounts of type PersonAccount.
b. Create an owner-based sharing rule on AccountContactRelation
to grant access to all account contact role records owned by
retail sales reps.
c. Update Retail Sales profile to grant access to Person Account
record type
d. Give View All access for Accounts to the Retail Sales profile. |
|
Definition
a. Create a criteria-based sharing rule giving Retail Sales
role access to Accounts of type PersonAccount.
The correct answer is a. Create a criteria-based sharing rule giving Retail Sales role access to Accounts of type PersonAccount.
Why?
Criteria-based sharing rule: This rule allows you to share records based on specific field values. In this case, you can create a sharing rule that grants access to accounts where the type is “PersonAccount” to users in the Retail Sales role. This ensures that the Retail Sales team has access to all retail customers (Person Accounts) while keeping commercial customers (Business Accounts) private12.
Options b, c, and d are not suitable because:
b. Create an owner-based sharing rule on AccountContactRelation to grant access to all account contact roles records owned by retail sales reps: This approach does not address the requirement to differentiate between Person Accounts and Business Accounts.
c. Update Retail Sales profile to grant access to Person Account record type: This would allow the Retail Sales team to create and view Person Accounts but does not control access to existing records based on their type.
d. Give View All access for Accounts to the Retail Sales profile: This would grant access to all accounts, including commercial customer, which does not meet the requirement to restrict access to only retail customers. |
|
|
Term
38. The sales managers in Japan have asked the sales
manager in Australia to assist them with closing
their deals.
How are these requirements achieved?
a. Create an ownership-based sharing rule.
b. Use a sharing set to give the sales manager access
to the deals.
c. Assign the sales manager View All on the
opportunity object.
d. Use opportunity teams to automatically add the
sales manager as a team member. |
|
Definition
d. Use opportunity teams to automatically add the
sales manager as a team member.
The correct answer is d. Use opportunity teams to automatically add the sales manager as a team member.
Why?
• Opportunity Teams: This feature allows you to add specific users to an opportunity, giving them the necessary access to collaborate on closing deals. By adding the sales manager from Australia to the Opportunity Team, they can assist the sales managers in Japan with their deals. This method is flexible and ensures that the right people have access to the right opportunities without changing ownership or broader sharing settings12.
Options a, b, and c are not as suitable because:
• a. Create ownership-based sharing rule: This would require changing the ownership of the opportunities, which is not necessary and could complicate the process.
• b. Use sharing set to give the sales manager access to the deals: Sharing sets are typically used for community users and are not applicable in this context.
• c. Assign the sales manager View All on the opportunity object: This would grant the sales manager access to all opportunities, not just the ones they need to assist with, which is broader than required. |
|
|
Term
39. Universal Containers (UC) has recently changed its internal policy
to follow market regulations and create an internal team to manage
the collection process. Only this team should have access to
Invoice records. Currently, Invoice is a child in a master-detail
relationship to the Account. Although related lists have been
removed
from the page layouts, some profiles still have access to the
Invoice object.
Which approach should an architect recommend to fix this problem?
a. Change the Invoice organization-wide default from Controlled by Parent
to Private and remove Invoice Access from the unauthorized profiles.
b. Create a new Profile with no access to the Invoice object and assign
it to all unauthorized users.
c. Replace Account and Invoice Master-Detail Relationship by a Lookup and
remove Invoice Access from the unauthorized profiles.
d. Create a Permission Set with No Access to the Invoice object and
assign it to unauthorized users. |
|
Definition
c. Replace Account and Invoice Master-Detail
Relationship by a Lookup and remove Invoice
Access from the unauthorized profiles.
The correct answer is a. Change the Invoice organization-wide default from Controlled by Parent to Private and remove Invoice Access from the unauthorized profiles.
Why?
Organization-Wide Default (OWD) to Private: Changing the OWD for the Invoice object from “Controlled by Parent” to “Private” ensures that only users who are explicitly granted access can view or edit Invoice records. This setting overrides the default sharing behavior inherited from the parent Account object, providing more granular control over who can access Invoice records.
Remove Invoice Access from Unauthorized Profiles: After changing the OWD to Private, you need to ensure that only the internal team responsible for managing the collection process has access to the Invoice object. This involves removing access from any profiles that should not have it12.
Options b, c, and d are not as suitable because:
b. Create a new Profile with no access to the Invoice object and assign it to all unauthorized users: This approach is less efficient and more complex to manage compared to changing the OWD and adjusting existing profiles.
c. Replace Account and Invoice Master-Detail Relationship by a Lookup and remove Invoice Access from the unauthorized profiles: This would require significant changes to the data model and could have broader implications on existing functionality and relationships.
d. Create a Permission Set with No Access to the Invoice object and assign it to unauthorized users: Permission sets are typically used to grant additional permissions, not to restrict them. This approach would also be more complex to manage.
Option C could be considered, but it involves significant changes to the data model and might not be the most efficient solution. Here’s why:
c. Replace Account and Invoice Master-Detail Relationship by a Lookup and remove Invoice Access from the unauthorized profiles:
Changing the Relationship: Converting the Master-Detail relationship between Account and Invoice to a Lookup relationship would decouple the sharing settings of the Invoice from the Account. This means you could then set the OWD for Invoice to Private and manage access independently.
Removing Access: After changing the relationship, you would need to remove access to the Invoice object from unauthorized profiles.
While this approach could work, it involves more complexity and potential disruption:
• Data Model Impact: Changing the relationship type can have significant implications on existing functionality, reports, and any automation that relies on the Master-Detail relationship.
• Maintenance: Managing access through a Lookup relationship might require additional configuration and ongoing maintenance.
In contrast, Option A (changing the OWD to Private and removing access from unauthorized profiles) is a more straightforward and less disruptive solution. It leverages existing Salesforce features to achieve the desired access control without altering the data model. |
|
|
Term
40. Universal Containers (UC) is in a legal dispute
regarding several orders. UC has found out that
these records were removed from the system. The VP
of Sales has asked to ensure this cannot happen in
the future.
What approach would meet this requirement?
a. Remove Order Delete Permission from Profiles and
Permission Sets.
b. Remove the Delete button from the Order Page Layout.
c. Change the Record Type/Page Layout assignment for
Orders to be Read Only.
d. Implement a Sharing Rule that changes access for
orders to Read. |
|
Definition
a. Remove Order Delete Permission from Profiles and
Permission Sets.
The correct answer is a. Remove Order Delete Permission from Profiles and Permission Sets.
Why?
• Remove Delete Permission: By removing the delete permission from profiles and permission sets, you ensure that users cannot delete order records. This is the most direct and effective way to prevent records from being removed from the system. It addresses the root cause of the issue by restricting the ability to delete orders at the permission level12.
Options b, c, and d are not as suitable because:
• b. Remove the Delete button from the Order Page Layout: This only removes the button from the user interface but does not prevent users from deleting records through other means, such as API calls or other interfaces.
• c. Change the Record Type/Page Layout assignment for Orders to be Read Only: This approach would make the records read-only but does not specifically address the delete permission. Users might still have the ability to delete records through other interfaces.
• d. Implement a Sharing Rule that changes access for orders to Read: Sharing rules control record visibility and access but do not specifically address the delete permission. Users with delete permissions could still remove records. |
|
|
Term
41. After testing and deploying a new trigger that
creates a related order when an opportunity is
closed, the Architect begins receiving complaints
of permission error messages appearing when closing
an opportunity.
How did this error occur?
a. The trigger handlers class does not use any sharing
keywords and the user does not have access to the
orders related to the opportunity.
b. The trigger handler class is using “with sharing”
and the user does not have access to the orders
related to the opportunity.
c. The trigger should be using RunAs() when creating
the order.
d. Trigger is using IsCreateable() Apex method and the
user does not have to create permission on the Order
object |
|
Definition
b. The trigger handler class is using “with sharing”
and the user does not have access to the orders
related to the opportunity.
The correct answer is b. The trigger handler class is using “with sharing” and the user does not have access to the orders related to the opportunity.
Why?
• “With Sharing” Keyword: When a class is defined with the “with sharing” keyword, it enforces the sharing rules of the current user. This means that if the user does not have access to the related orders, they will encounter permission errors when the trigger attempts to create or access these orders1.
• User Permissions: Since the user does not have the necessary permissions to access the orders, the trigger fails when it tries to perform operations on the orders. This is why the error occurs when closing an opportunity.
Options a, c, and d are not as suitable because:
• a. The trigger handlers class does not use any sharing keywords and the user does not have access to the orders related to the opportunity: If the class did not use any sharing keywords, it would run in system context, ignoring sharing rules, and the error would not occur due to sharing settings.
• c. The trigger should be using RunAs() when creating the order: The RunAs() method is used in test classes to run code as a specific user and is not applicable in this context.
• d. Trigger is using IsCreateable() Apex method and the user does not have create permission on the Order object: The isCreateable() method checks if the current user has permission to create a specific object, but the issue here is related to sharing rules, not object-level permissions. |
|
|
Term
42. A sales rep at Universal Containers (UC) is a member of the
Default Opportunity team for an account manager. The account
manager created an opportunity and the sales rep is added to
that Opportunity team.
The sales rep is complaining about no longer having access to
an opportunity record that the sales rep was helping with.
What is the cause of this problem?
a. The opportunity owner can enable/disable if the “Default
Opportunity team” can access the record.
b. The Account team was changed and consequently the Opportunity
team members were replaced by the Account team members.
c. The sales rep was manually removed from the Opportunity team.
d. The sales rep was removed from the Opportunity team in another
opportunity record of the same account. |
|
Definition
c. The sales rep was manually removed from the Opportunity team.
The correct answer is c. The sales rep was manually removed from the Opportunity team.
Why?
Manual Removal: If the sales rep was manually removed from the Opportunity team, they would lose access to the opportunity record. This action overrides the default team settings and directly impacts the sales rep’s access to the specific opportunity12.
Options a, b, and d are not as suitable because:
a. The opportunity owner can enable/disable if the “Default Opportunity team” is able to access the record: This option is not accurate because the default Opportunity team settings apply automatically unless manually changed.
b. The Account team was changed and consequently the Opportunity team members were replaced by the Account team members: Changing the Account team does not automatically replace Opportunity team members.
d. The sales rep was removed from the Opportunity team in another opportunity record of the same account: Removing the sales rep from the Opportunity team in another opportunity would not affect their access to the current opportunity. |
|
|
Term
43. Universal Containers has built a recruiting application
on the Salesforce Platform. HR requested that all
internal users should have edit access to the Referral
custom object. One of the recruiters needed to share a
referral record with another colleague for collaboration
using manual sharing. The recruiter opened the referral
record and could not find the Share button.
What could be the technical reason for this?
a. The Referral object OWD is Public Read Only.
b. The Referral object OWD is Private.
c. The Referral object OWD is Public Full Access.
d. The Referral object OWD is Public Read/Write. |
|
Definition
d. The Referral object OWD is Public
Read/Write.
The correct answer is b. The Referral object OWD is Private.
Why?
Private OWD: When the organization-wide default (OWD) for an object is set to Private, the “Share” button becomes available on the record detail page. This allows users to manually share the record with others. If the OWD were set to Public Read Only, Public Full Access, or Public Read/Write, the “Share” button would not appear because the records are already accessible to users based on the OWD settings12.
In this scenario, the absence of the “Share” button indicates that the OWD is not set to Private, which is why the recruiter cannot manually share the referral record.
WHY NOT d.
Option d. The Referral object OWD is Public Read/Write is not the right answer because:
Public Read/Write OWD: When the organization-wide default (OWD) for an object is set to Public Read/Write, all users can already view and edit the records. In this case, the “Share” button does not appear because there is no need for manual sharing; the records are already accessible to everyone with the necessary permissions.
In contrast, when the OWD is set to Private, the “Share” button becomes available, allowing users to manually share records with specific individuals who do not have access by default. This is why the absence of the “Share” button indicates that the OWD is not set to Private. |
|
|
Term
44. Universal Containers (UC) has 600 sales reps. UC has a
rollout plan to deploy Salesforce in 3 weeks. At the end
of the second week, they received a “User Role Limit
Exceeded” error. After investigation, they discovered
that during the User provisioning process, a new role
was generated for every new user.
Which two recommendations could solve this problem?
(Choose two.)
a. Remove Role hierarchy from Salesforce org and control the
record access using APEX-managed sharing.
b. Contact Salesforce support and request to increase the
number of user roles allowed.
c. Review the user provisioning process to not automatically
create a user role for any new user.
d. Create an APEX class to replace the User Roles with a -
generic one as soon as they are created. |
|
Definition
b. Contact Salesforce support and request to
increase the number of user roles
allowed.
c. Review the user provisioning process to
not automatically create a user role for
any new user.
The correct answers are b. Contact Salesforce support and request to increase the number of user roles allowed and c. Review the user provisioning process to not automatically create a user role for any new user.
Why?
1. Contact Salesforce support and request to increase the number of user roles allowed:
Salesforce has a limit on the number of roles that can be created in an organization. If you exceed this limit, you can contact Salesforce support to request an increase. This is a straightforward solution to address the immediate issue of hitting the role limit1.
2. Review the user provisioning process to not automatically create a user role for any new user:
The root cause of the problem is that a new role is being generated for every new user during the provisioning process. By reviewing and modifying this process, you can prevent the automatic creation of roles for each user, thereby avoiding the role limit issue in the future2.
Options a and d are not as suitable because:
a. Remove Role hierarchy from Salesforce org and control the record access using APEX managed sharing: This approach would involve significant changes to the existing security model and could be complex to implement and maintain.
d. Create an APEX class to replace the User Roles by a generic one as soon as they are created: This would require custom development and might not be as efficient or effective as addressing the root cause directly. |
|
|
Term
45. Which two capabilities does the delegated administrator permission provide?
(Choose two.)
a. Create profiles.
b. Set OWD.
c. Assign users to profiles.
d. Unlock users. |
|
Definition
c. Assign users to profiles.z
d. Unlock users.
The correct answers are c. Assign users to profiles and d. Unlock users.
Why?
1. Assign users to profiles:
Delegated administrators have the ability to assign users to profiles. This allows them to manage user access and permissions within the scope defined by their delegated administration settings.
2. Unlock users:
Delegated administrators can unlock user accounts. This is useful for managing user access issues, such as when users are locked out of their accounts due to multiple failed login attempts.
Options a and b are not correct because:
a. Create profiles: Creating profiles is a higher-level administrative task that typically requires full administrative permissions, not delegated administration.
b. Set OWD: Setting Organization-Wide Defaults (OWD) is also a high-level administrative task that is not within the scope of delegated administration. |
|
|
Term
46. Universal Containers (UC) has 200 distributors that use Partner
Community licenses. Partners cannot see each other’s data, but
UC is also trying to give more visibility to data for certain
individuals at a distributor.
Which scalable solution would an architect recommend that will
give users in the partner manager role access to all Case and
Container records owned by other partner managers and partner
users (but not the partner executive) at the same distributor?
a. Create sharing sets.
b. Create a permission set granting the View All permission to Case
and Container records.
c. Create ownership-based sharing rules for your distributors.
d. Give Super User permission to the partner manager users. |
|
Definition
d. Give Super User permission to the partner
manager users.
The correct answer is d. Give Super User permission to the partner manager users.
Why?
Super User Permission: This permission allows users to access data owned by other users within the same account or role. By granting the Super User permission to partner manager users, they can view and manage all Case and Container records owned by other partner managers and partner users within the same distributor. This approach is scalable and ensures that data visibility is restricted to the same distributor, without exposing data across different distributors.
Options a, b, and c are not as suitable because:
a. Create sharing sets: Sharing sets are typically used for community users to grant access based on their profile, but they might not provide the granular control needed for this scenario.
b. Create a permission set granting the View All permission to Case and Container records: This would grant access to all records, not just those within the same distributor, which does not meet the requirement.
c. Create ownership-based sharing rules for your distributors: Ownership-based sharing rules are less flexible and might not efficiently handle the requirement to share records within the same distributor while excluding others. |
|
|
Term
47. To allow community users to collaborate on
Opportunities, which license type must the
users be given?
a. Customer Community Plus
b. Partner Community
c. Customer Community
d. Sales Community |
|
Definition
b. Partner Community
The correct answer is b. Partner Community.
Why?
Partner Community License: This license type is specifically designed to allow external users, such as partners, to access and collaborate on Salesforce records, including Opportunities. It provides the necessary permissions and access to standard Salesforce objects like Opportunities, which is essential for collaboration.
Options a, c, and d are not suitable because:
a. Customer Community Plus: While this license provides access to more features than the standard Customer Community license, it does not include access to Opportunities.
c. Customer Community: This license is more limited and does not provide access to Opportunities.
d. Sales Community: This is not a standard Salesforce license type. |
|
|
Term
48. To grant Universal Containers sales managers access
to shipment records properly, it was necessary to
leverage Apex-managed sharing. The IT team is
worried about improper access to records.
Which two features and best practices should a
Salesforce architect recommend to mitigate this
risk?
(Choose two.)
a. Use isShare ability will be followed.
b. Use runAs system method in test classes to test
using different users and profiles.
c. Use the With Sharing keyword in Apex classes to
assure record visibility will be followed.
d. Use isAccessible keyword in Apex classes to ensure
record visibility will be followed. |
|
Definition
b. Use runAs system method in test classes to test
using different users and profiles.
c. Use the With Sharing keyword in Apex classes to
assure record visibility will be followed.
The correct answers are b. Use runAs system method in test classes to test using different users and profiles and c. Use With Sharing keyword in Apex classes to assure record visibility will be followed.
Why?
1. Use runAs system method in test classes to test using different users and profiles:
The runAs method allows you to write test methods that execute as a specific user. This is crucial for testing Apex-managed sharing to ensure that the sharing rules and permissions are correctly applied for different users and profiles. It helps in verifying that users have the appropriate access and that no improper access is granted.
2. Use With Sharing keyword in Apex classes to assure record visibility will be followed:
The with sharing keyword enforces the sharing rules of the current user in Apex classes. This ensures that the code respects the sharing settings and permissions defined in Salesforce, preventing unauthorized access to records. Using with sharing helps maintain data security and integrity by adhering to the established sharing model.
Options a and d are not as suitable because:
a. Use isShareable keyword in Apex classes to assure record visibility will be followed: There is no isShareable keyword in Apex. This option is not applicable.
d. Use isAccessible keyword in Apex classes to assure record visibility will be followed: The isAccessible method checks field-level security, not record-level sharing. While important, it does not address the specific need to enforce record visibility through sharing rules. |
|
|
Term
49. Universal Containers (UC) operates worldwide with
offices in more than 100 regions in 10 different
countries and has established a complex role
hierarchy to control data visibility. In the new
fiscal year, UC is planning to reorganize the
roles and reassign account owners.
Which two points should an Architect consider in
this situation?
(Choose two.)
a. Using a temporary parking lot account to improve
performance.
b. Replacing Account records ownership massively can cause
data skew.
c. Changing complex role hierarchy can cause a high level of
sharing recalculation.
d. restricting the organization-sharing configurations to private. |
|
Definition
b. Replacing Account records ownership massively can
cause data skew.
c. Changing complex role hierarchy can cause a high
level of sharing recalculation.
The correct answers are b. Replacing Account records ownership massively can cause data skew and c. Changing complex role hierarchy can cause a high level of sharing recalculation.
Why?
1. Replacing Account records ownership massively can cause data skew:
Data Skew: When a large number of records are owned by a single user, it can lead to performance issues and data skew. This happens because Salesforce has to manage a large volume of sharing recalculations and access checks for that user. It’s important to plan the reassignment of account ownership carefully to avoid creating such bottlenecks.
2. Changing complex role hierarchy can cause a high level of sharing recalculation:
Sharing Recalculation: Modifying a complex role hierarchy triggers extensive sharing recalculations. This can significantly impact system performance, especially in a large organization with many users and records. It’s crucial to consider the timing and method of implementing these changes to minimize disruption.
Options a and d are not as suitable because:
a. Using a temporary parking lot account to improve performance: While this might temporarily alleviate some performance issues, it does not address the root causes and could introduce additional complexity.
d. Restricting the organization-sharing configurations to private: This option is unrelated to the specific issues of role hierarchy changes and account ownership reassignment. It also does not address the potential performance impacts directly |
|
|
Term
50. Universal Containers (UC) use External Objects to
retrieve Invoice data from a Legacy ERP. A finance team
requested to have access to the Invoice records on the
account page.
In addition to object access in the finance users
Profile, what other feature should a Salesforce
Architect recommend?
a. Use APEX-managed sharing to grant access to the records.
b. Include the Invoice Related List on the Account Page
layout.
c. Create a criteria-based sharing rule to grant access to
the records.
d. Create an owner-based sharing rule to grant access to the
records. |
|
Definition
b. Include the Invoice Related List on the Account
Page layout.
The correct answer is b. Include the Invoice Related List on Account Page layout.
Here’s why:
Including the Invoice Related List on Account Page layout is the most straightforward and effective way to provide finance users with access to Invoice records directly from the Account page. This approach leverages the existing relationship between Accounts and External Objects, making it easy for users to view related invoices without needing additional sharing rules or complex configurations.
Options a, c, and d are less relevant in this context:
APEX-managed sharing (option a) is typically used for more complex sharing scenarios that require custom logic, which isn’t necessary here.
Criteria-based sharing rules (option c) and owner-based sharing rules (option d) are used to grant access based on specific criteria or ownership, but they are not needed if the goal is simply to display related records on the Account page.
By adding the Invoice Related List to the Account Page layout, finance users can easily access the necessary records without additional configuration1. |
|
|
