Northern Trail Outfitters is creating a distributable Salesforce package. The package needs to call into a custom Apex REST endpoint in the central org. The security team wants to ensure a specific integration account is used in the central org that they will authorize after installation of the package. Which item should an architect recommend to secure the integration?
Correct Answer: B
To securely integrate a distributed package with a central "Hub" org, the architect should utilize the OAuth 2.0 Web Server Flow. In this model, a Connected App is created in the central org to act as the identity and access provider.1 A critical component of this setup is the Callback URL (Redirect URI). When a user in the "Subscriber" org (where the packag2e is installed) initiates the connection, Salesforce redirects them to the central org to authorize the access. After successful authentication, the central org needs the correct callback URL to return the authorization code to the specific subscriber org. Using this flow satisfies the security team's requirement for a specific integration account. The administrator in the central org can pre-authorize specific profiles or permission sets to use the Connected App, ensuring that only the designated integration user's credentials are used to fulfill requests. Option A is a security "anti- pattern" (storing passwords in fields), and Option C is unnecessary as API access is a standard feature. This OAuth-based approach provides a secure, revocable, and standardized way to manage cross-org communication in a multi-tenant environment.
Integration-Architect Exam Question 12
A customer is evaluating the Platform Events solution and would like help in comparing/contrasting it with Outbound Messaging for real-time/near-real time needs. They expect 3,000 customers to view messages in Salesforce. What should be evaluated and highlighted when deciding between the solutions?12
Correct Answer: C
When comparing Platform Events and Outbound Messaging for a near-real-time architecture, a Salesforce Platform Integration Architect must evaluate fundamental differences in their delivery models and governance. While both provide declarative, asynchronous "Fire-and-Forget" capabilities, their technical constraints differ significantly, particularly regarding scalability and platform limits. The key architectural highlight in this scenario is that Platform Events operate on a specialized event bus with specific Event Publishing and Event Delivery limits. Unlike Outbound Messaging, which is governed by more general daily outbound call limits (often tied to user licenses), Platform Events have a dedicated allocation for the number of events that can be published per hour and delivered in a 24-hour period to external clients via the Pub/Sub API or CometD. For example, the number of concurrent subscribers to a Platform Event channel is typically capped at 2,000 for standard configurations. Since the customer expects 3,000 customers to view these messages, this limit is a critical evaluation point; the architecture would need to account for this gap, perhaps by using middleware to fan out messages to the larger audience. In contrast, Outbound Messaging does not have an "Event Delivery" limit in the same sense. It is a point-to- point SOAP-based push mechanism where Salesforce manages retries for up to 24 hours if the receiving endpoint is unavailable. However, it is less flexible for multi-consumer scenarios because it requires a separate configuration for every unique destination. Regarding the other options: Option A is incorrect because neither system strictly guarantees "exactly-once" delivery without the possibility of duplicates; in fact, Outbound Messaging may deliver a message more than once if it doesn't receive a timely acknowledgment. Option B is incorrect because Platform Events do not have built-in "fault recovery" handled by Salesforce in the same way as Outbound Messaging's automatic retry queue; with Platform Events, it is the subscriber's responsibility to use a Replay ID to retrieve missed events within the 72-hour retention window. Therefore, highlighting the unique delivery and publishing limits is the most vital step for the architect.
Integration-Architect Exam Question 13
Northern Trail Outfitters is creating a distributable Salesforce package. The package needs to call into a Custom Apex REST endpoint in the central org. The security team wants to ensure a specific integration account is used in the central org that they will authorize after installation. Which item should an architect recommend?
Correct Answer: B
For a distributable package to securely access a central "Hub" org, the architecture must support the OAuth 2.0 Web Server Flow. This flow is designed for applications (like the package installed in a "Spoke" org) that can securely store a Client Secret and need to act on behalf of a specific user. The Connected App in the central org acts as the "Identity and Access" gatekeeper. A critical component of the Connected App configuration is the Callback URL (Redirect URI). When a user in the "Subscriber" org clicks "Authorize," Salesforce redirects them to the central org to log in. After successful authentication, the central org needs to know where to send the "Authorization Code" back to. In a multi-org packaging scenario, each subscriber org will have a unique instance URL (e.g., na15.salesforce. com). The architect must ensure that the Connected App's callback URLs are correctly configured to handle these redirects. Option C (Encrypted Passwords) is a major security risk and is considered an "anti-pattern" in modern integration. Option A is unnecessary, as API access is a standard feature. By using the Connected App with correct Callback URLs, the architect allows the security team in the central org to oversee exactly which "Spoke" orgs have authorized access. They can use the "Connected Apps OAuth Usage" page to monitor, rotate secrets, or revoke access for individual orgs, providing the granular security control required for an enterprise-grade distributed Salesforce architecture.
Integration-Architect Exam Question 14
Northern Trail Outfitters needs to use Shield Platform Encryption to encrypt social security numbers in order to meet a business requirement. Which action should an integration architect take prior to the implementation of Shield Platform Encryption?
Correct Answer: C
Integration-Architect Exam Question 15
Northern Trail Outfitters (NTO) has an affiliate company that would like immediate notifications of changes to opportunities in the NTO Salesforce instance. The affiliate company has a CometD client available. Which solution is recommended in order to meet the requirement?
Correct Answer: B
To provide "immediate notifications" to a client that already supports CometD, the architect must utilize Salesforce's Streaming API. PushTopic Events are the classic Streaming API implementation for broadcasting changes to specific records. A PushTopic is a definition that includes a SOQL query and a set of trigger events (Create, Update, Delete). When an Opportunity in NTO's instance is updated and matches the query, Salesforce automatically pushes a notification to the topic's channel. The affiliate's CometD client, having subscribed to this channel, receives the data payload instantly.12 Option A (Polling) is the architectural opposite of "immediate notifications". Polling is inefficient, consumes API limits, and int13roduces latency between the actual record change and the client's discovery of that change. Option C is incorrect as there is no "Accept CometD" setting in a Connected App; while a Connected App is used for OAuth authentication, the PushTopic is the mechanism that actually defines and delivers the stream. By using PushTopic, NTO provides a decoupled, event-driven architecture that fulfills the requirement for real-time visibility while minimizing the technical burden on the affiliate's infrastructure.