Universal Containers has just deployed a change to its role hierarchy. A manager is reporting that their staff can now see Accounts that they do not own and should not have access to. How should the Architect troubleshoot?

Universal Containers (UC) enables customers to manage issues using a Customer Community license. The Case external organization-wide default is set to Private. Currently community users can only see cases they created.
What can be done to allow community users to see all cases for their account?

When writing test methods, what functionality is verified by the system method"runAs()"?

Universal Containers (UC) has 600 sales reps. UC has rollout plan to deploy salesforce in 3 weeks. At the end of the second week, they received a "User Role Limit Exceeded" error.
After investigation, they discovered that during the user provisioning process, a new role was generated for every new user.
Which two recommendations could solve this problem?
Choose 2 answers.

To grant Universal Containers sales manager access to shipment records properly, it was necessary to leverage Apex managed sharing. The IT team is worried about improper access to records.
Which two features and best practices should a Salesforce architect recommend to mitigate this risk?