A company has an external system that processes and tracks orders. Sales reps manage their leads and opportunity pipeline in Salesforce. The company decided to integrate Salesforce and the Order Management System (OMS) with minimal customization and code. Sales reps need to see order history in real-time. The legacy system is on-premise and connected to an ESB. There are 1,000 reps creating 15 orders each per shift, mostly with 20-30 line items. How should an integration architect integrate the two systems based on these requirements?
Correct Answer: C
To meet the requirements of minimal customization, low developer resources, and real-time visibility without data replication, the architect should utilize Salesforce Connect with External Objects and an OData connector. Salesforce External Objects allow the OMS data to be viewed within Salesforce as if it were stored natively, but the data remains in the on-premise system. This fulfills the requirement for sales reps to see "up-to-date information" because every time they view the record, Salesforce Connect fetches the latest data via the ESB's OData endpoint. This Data Virtualization pattern is the most efficient choice for real-time history where users only need to view the data occasionally. Options A and B involve Data Replication via ETL, which would store the order data inside Salesforce. Given the volume (15,000 orders/shift with 25 line items each = 375,000 records daily), this would rapidly consume Salesforce data storage limits and require significant custom development for the ETL logic and REST APIs. Furthermore, ETL is typically batch-oriented and would not provide the true "real-time" view requested. By using an OData connector, the architect leverages a declarative, "no-code" solution that satisfies the timeline constraints and provides immediate access to order details and line items without the cost of data storage.
Integration-Architect Exam Question 42
The URL for a business-critical external service providing exchange rates changed without notice. Which solutions should be implemented to minimize potential downtime for users in this situation?
Correct Answer: A
To minimize downtime when an external endpoint changes, an Integration Architect must ensure that the URL is not "hardcoded" within Apex code or configuration. The standard Salesforce mechanism for abstracting and managing external endpoints is Named Credentials. Named Credentials specify the URL of a callout endpoint and its required authentication parameters in one definition. If the URL changes, an administrator simply updates the "URL" field in the Named Credential setup. This change takes effect immediately across all Apex callouts, Flows, and External Services that reference it, without requiring a code deployment or a sandbox-to-production migration. Along with Named Credentials, Remote Site Settings (or the more modern External Website Configurations) are required. Salesforce blocks all outbound calls to URLs that are not explicitly whitelisted. By having both in place, the remediation process is: * Update the URL in the Named Credential. * Update (or add) the new URL in the Remote Site Settings. This approach follows the "Separation of Concerns" principle. Option B (ESB) could technically handle this, but it adds an extra layer of failure and complexity for a simple URL change. Option C (Content Security Policies) is used to control which resources (like scripts or images) a browser is allowed to load in the UI; it does not govern server-side Apex callouts. Therefore, the combination of Named Credentials and Remote Site whitelisting is the most efficient and standard way to provide architectural agility and minimize downtime.
Integration-Architect Exam Question 43
A subscription-based media company's system landscape forces many subscribers to maintain multiple accounts and to log in more than once. An Identity and Access Management (IAM) system, which supports SAML and OpenID, was recently implemented to improve the subscriber experience through self-registration and single sign-on (SSO). The IAM system must integrate with Salesforce to give new self-service customers instant access to Salesforce Community Cloud.
Correct Answer: B
To provide "instant access" and a seamless experience for Community (Experience Cloud) users, the architect must choose an authentication and provisioning strategy that handles user creation on-the-fly. While both SAML and OpenID Connect (OIDC) are viable for SSO, OpenID Connect is the modern standard for consumer-facing "Social" or external identity integrations because it is built on OAuth 2.0. The critical component for "self-service" is the Registration Handler. When an OpenID Connect Authentication Provider is configured in Salesforce, you must associate it with an Apex class that implements the Auth.RegistrationHandler interface. This handler is executed during the SSO flow if the user does not already exist. It provides the architect with full programmatic control to: * Match the incoming identity to an existing Contact or Account. * Create a new Contact record if one doesn't exist. * Provision a new User record with the correct Profile, Permission Sets, and Locale settings. * Link the User to the correct Account hierarchy, which is vital for Community security models. Option A suggests Just-in-Time (JIT) provisioning, which is a declarative way to create users. However, JIT is often too rigid for Experience Cloud requirements, as it has limited ability to perform complex data lookups or handle the specific linking of Contacts to Accounts required for external users. Option C is technically mismatched in common Salesforce terminology; while SAML uses JIT, the Registration Handler is the native, specific mechanism designed to work with Authentication Providers (like OIDC). By using B, the company ensures that a subscriber logging in for the first time via the IAM system is instantly and accurately provisioned in Salesforce, eliminating the need for multiple accounts.
Integration-Architect Exam Question 44
Northern Trail Outfitters uses Salesforce to track leads and opportunities, and to capture order details. However, Salesforce isn't the system that holds or processes orders. After the order details are captured in Salesforce, an order must be created in the Remote system, which manages the order's lifecycle. The integration architect for the project is recommending a remote system that will subscribe to the platform event defined in Salesforce. Which integration pattern should be used for this business use case?
Correct Answer: B
In this scenario, Salesforce acts as the trigger for a business process that completes in an external system. The architect's recommendation for the remote system to subscribe to a platform event is the classic implementation of the Remote Process Invocation-Fire and Forget pattern.1 In a Fire and Forget pattern, Salesforce initiates a process by publishing a message (the event) to the event bus and then immediately continues its own2 processing without waiting for a functional response from the target system. The "Fire" part occurs when the order details are captured and the event is published; the "Forget" part refers to Salesforce handing off the responsibility of order creation to the remote system. This pattern is ideal for improving user experience and system performance, as it avoids blocking the user interface while waiting for potentially slow back-office systems to respond. Option A (Request and Reply) is incorrect because that would require Salesforce to make a synchronous call and wait for the remote system to confirm the order was created before allowing the user to proceed. Option C (Remote Call-In) is the inverse of what is described; it would involve the remote system actively reaching into Salesforce to "pull" the data, whereas here Salesforce is "pushing" the notification via an event stream. By using Platform Events to facilitate this hand-off, Northern Trail Outfitters ensures a decoupled, scalable architecture where the remote system can process orders at its own pace while Salesforce remains responsive to sales users.
Integration-Architect Exam Question 45
Northern Trail Outfitters (NTO) has recently changed its Corporate Security Guidelines requiring all cloud applications to pass through a secure firewall before accessing on-premise resources. NTO is evaluating middleware solutions. Which consideration should an integration architect evaluate before choosing a middleware solution?
Correct Answer: C
When corporate guidelines mandate a firewall-protected entry point for cloud traffic, the middleware architecture must include a component capable of residing in a Demilitarized Zone (DMZ) or perimeter network. The architect must evaluate the solution's API Gateway capabilities. A secure API Gateway acts as the intermediary that terminates external (cloud) TLS connections and inspects incoming traffic before proxying it to internal systems. It allows the security team to implement: * IP Whitelisting: Ensuring only Salesforce's IP ranges can access the gateway. * Mutual Authentication: Using certificates to verify that the request is genuinely coming from the Salesforce org. * Rate Limiting: Protecting on-premise resources from being overwhelmed by cloud requests. Option A (OAuth) is an authorization framework and does not satisfy the network-level firewall requirement on its own. Option B (ODBC) is an internal database protocol that should generally never be exposed to a cloud-facing firewall due to security risks. By prioritizing a solution with a hardened API Gateway, the architect ensures that NTO meets its new security mandates while providing a scalable and secure bridge for Salesforce to access back-office services.