Integration-Architect Practice Test Questions

Make an API inbound integration from an external Java client more secure.

Explanation:

Salesforce supports SAML-based Single Sign-On (SSO) for both UI and API authentication. If a company already uses a SAML-compliant Identity Provider (IdP), this can be extended to secure inbound API connections. For example, a Java client integrating with Salesforce can authenticate users using SAML Bearer Assertion Flow. This allows the external system to obtain an access token for Salesforce using a previously authenticated SAML session, eliminating the need to store or transmit passwords.

Options B and C (Apex outbound calls) are not secured via SAML, as SAML is primarily for inbound user authentication—not for securing outbound REST/SOAP integrations from Salesforce.
Option A (HYPERLINK fields) isn't relevant to authentication at all.

So, option D is correct because it properly applies SAML for authenticating API requests coming into Salesforce, leveraging existing identity infrastructure and enhancing security by removing reliance on stored credentials.

Develop custom APIs on the company's network that are invokable by Salesforce.

Deploy MuleSoft to the on-premise network and design externally facing APIs to expose the data.

Explanation:

To achieve real-time data access from Salesforce to on-premise systems, the integration must overcome network barriers and ensure secure, low-latency access. Developing custom REST or SOAP APIs (B) on the internal network that Salesforce can invoke (via callouts) is a direct and flexible approach. These APIs should be exposed securely through a DMZ or API gateway.

Alternatively, MuleSoft (C) is an ideal middleware solution for hybrid integrations. When deployed on-premise, MuleSoft can bridge cloud-to-ground communication, managing authentication, transformation, and secure API exposure. It simplifies complex integration flows and allows centralized governance and error handling.

Option A (Heroku + ODBC) is overly complex and introduces unnecessary hops. Option D (batch ETL) does not support real-time use cases and contradicts the requirement for live access.

Therefore, the best strategy includes secure, API-based access with minimal latency, enabled either directly or through a robust integration platform like MuleSoft.

Users should be authorized to view information specific to the customer they are servicing without a need to search for customer.

Consider Enterprise security needs for access to DMS and EBS.

Users should be authenticated into DMS and EBS without having to enter username and password.

Explanation:

Integrating Salesforce with systems like Document Management Systems (DMS) and Enterprise Billing Systems (EBS) requires strong identity and access control. First, users should be able to view only data for the customer they are supporting (A)—this is critical for both data privacy and security compliance.

Enterprise-level security (C) must be accounted for, including firewall restrictions, audit logging, and encryption. The architecture should align with internal IT and security policies, especially when exposing sensitive customer billing and document data.

For seamless user experience, users should be authenticated into DMS and EBS without re-entering credentials (E). This is best achieved with SSO or token-based authentication (like SAML or JWT), which improves usability and security by avoiding password proliferation.

Option B (storing credentials in Salesforce) is discouraged due to security risks. Option D (migrating DMS/EBS into Salesforce) is impractical for most enterprises due to cost, complexity, and compliance limitations.

Callouts to RESTful services

Encryption in transit and at rest

Explanation:

To meet strict data privacy requirements for medical data, integrations must ensure security and compliance. The Community Cloud portal (now called Experience Cloud) must retrieve sensitive prescription data via secure RESTful APIs (C). These APIs are built to support token-based access control (e.g., JWT, one-time-use tokens) and ensure that only authorized users can access specific data.

In addition, encryption in transit and at rest (D) is a regulatory and ethical requirement. TLS/SSL ensures data is secure during transmission, while database-level or platform encryption protects stored data from unauthorized access. Einstein Analytics (now Tableau CRM) must also adhere to these policies if it handles even de-identified data.

Option A (storing identity tokens) is incorrect, as tokens are transient and should not be persisted. Option B (bulk loading into analytics) violates the real-time, secure, and minimal retention principles defined in the scenario.

Insert and query using Bulk API 2.0.

Explanation:

Salesforce Bulk API 2.0 is optimized for large-scale data operations with simplified job management and better performance over Bulk API 1.0. It automatically handles batching and concurrency behind the scenes. For inserting 90 million records in a day, Bulk API 2.0 is the best-suited tool due to its ability to parallelize jobs and manage throughput automatically.

Moreover, querying 30 million records for extraction (e.g., audit system) is also more efficient with Bulk API 2.0, which supports PK chunking and handles large result sets better than the REST API. REST API isn't built for high-volume querying—it’s better for transactional data.

Bulk API 1.0, while still valid, requires manual batch splitting and doesn’t scale as effectively. Big Objects (used in D) are for long-term storage of non-transactional data—not for high-volume daily inserts and extracts.
Thus, Bulk API 2.0 is the correct tool for both insertion and extraction at this scale, while simplifying operations and improving reliability.

Both Platform Events and Outbound Message offer declarative means for asynchronous near-real time needs. They aren't best suited for realtime integrations.

Number of concurrent subscribers to Platform Events is capped at 2,000. An Outbound Message configuration can pass only 100 notifications in a single messages to a SOAP end point.

Both Platform Events and Outbound Message are highly scalable. However, unlike Outbound Message, only Platform Events have Event Delivery and Event Publishing limits to be considered.

Explanation:

When comparing Platform Events and Outbound Messaging, it’s important to evaluate scale, reliability, and delivery characteristics. Both are asynchronous and near-real-time mechanisms and can be triggered declaratively (Apex, Workflow, or Process Builder).

Platform Events (PE) support multiple subscribers (up to 2,000), while Outbound Messages (OM) only target a single endpoint per configuration and support up to 100 messages per call (D). PE is more flexible for event-driven, publish-subscribe patterns across many consumers.

However, PE has strict event publishing and delivery limits (E), which can throttle high-throughput use cases. Outbound Messaging doesn't have such publish limits but lacks the scalability and retry customization offered by PE.

Option B is false — PE doesn’t guarantee message order or uniqueness, and messages may be delivered more than once. Option C is also incorrect — message sequencing is not guaranteed in OM and reliability varies.

User Interface API

Explanation:

Salesforce’s User Interface (UI) API is purpose-built for building custom apps (especially mobile or SPA apps) that require the same metadata-driven behavior as the Lightning Experience. It automatically respects things like record layouts, field-level security, and Lightning page configurations without the developer having to hard-code these aspects.

If you want your mobile app to mimic the Lightning Experience, the UI API is ideal—it’s what Lightning Experience and Salesforce mobile use under the hood. It minimizes development effort while ensuring consistency in business logic and page rendering.

REST API (B) and Connect REST API (C) are great for data access, but they don’t replicate the user interface logic (e.g., layouts, dynamic components). Streaming API (A) is for event-based push notifications, not for rendering or form-building.

So, for an employee-facing app that needs to look and feel like Lightning and respect dynamic layouts and metadata-driven UI behavior, UI API is the best and most efficient choice.

Configure Identity Type for OData connection.

Configure a Certificate for OData connection.

Configure CSRF Protection for OData connection.

Explanation:

For OData (Open Data Protocol) security:

Identity Type (A): Configure authentication (e.g., OAuth, Basic Auth).
Certificate (B): Encrypt connections via TLS.
CSRF Protection (D): Prevent cross-site request forgery.

"Special Compatibility" (C) and External Data Source CSRF (E) are red herrings.

Use Salesforce standard object, REST API and ETL.

Explanation:

This integration scenario requires real-time order creation, minimal customization, and support for a large sales team. Using Salesforce standard objects like Orders, Products, and OrderItems minimizes customization (requirement #2), and aligns with Salesforce data models.

For real-time order creation (#1), Salesforce REST API is well-suited — it's lightweight, stateless, and easy to implement. Since the legacy system is already connected to an ESB, the ESB can expose RESTful endpoints that Salesforce can call. This also supports current order status visibility (#3) and avoids duplicating data.

For reporting (#4), Salesforce needs to ingest daily volumes. An ETL process can extract summarized data from the legacy system and load it into Salesforce standard objects or a custom reporting layer.

Big Objects (D) are not suitable due to limited reporting tools. Custom REST APIs (B) increase dev effort. External objects (A) can’t be reported on easily and may perform poorly for complex data sets.

External gateway products in use

Explanation:

When Salesforce performs outbound callouts to on-premise systems, the key challenge is passing through network boundaries and firewalls securely. In most enterprise environments, this is managed via API gateways or proxy servers deployed in a DMZ. These external gateway products (e.g., Apigee, Mulesoft, Azure API Management) handle tasks like IP whitelisting, SSL offloading, load balancing, authentication, and throttling.

Before designing the integration, the architect must understand the current gateway infrastructure (A) to align with enterprise architecture, reduce friction, and ensure compliance. This may affect endpoint URLs, header formats, and certificate management.

Option B (Default gateway restrictions) is vague and not directly actionable. Option C (Deterministic Encryption) and Option D (Shield Encryption limitations) are more relevant to data storage, not to outbound connection strategy.

So, understanding what external gateway technology is in use is critical for ensuring compatibility, security, and maintainability of the integration.