SHARING-AND-VISIBILITY-DESIGNER Online Practice Questions and Answers

Universal Containers has the following requirements:

A custom Loan object requires Org-Wide Defaults set to Private.

The owner of the Loan record will be the Loan Origination Officer.

The Loan record must be shared with a specific Underwriter on a loan-by-loan basis.

The Underwriters should only see the Loan records for which they are assigned.

What should the Architect recommend to meet these requirements?

A. Use criteria-based sharing rules to share the Loan object with the Underwriter based upon the criteria defined in the criteria-based sharing.

B. Create a lookup relationship from the Loan object to the User object. Use a trigger on the Loan object to create the corresponding record in the Loan_share object.

C. Create a master-detail relationship from the Loan to the User object. Loan records will be automatically shared with the Underwriter.

D. Create an Apex Sharing Reason on the Loan object that shares the Loan with the Underwriter based upon the criteria defined in the Sharing Reason.

Universal Containers has a strict security model enforced through object, field, and row-based security mechanisms. The Architect would like to ensure the security model is being thoroughly tested using Apex automated tests.

Which three considerations should be made when using the runAs() method to design Apex unit tests?

Choose 3 answers

A. runAs() can be used inside of test classes to validate record-level security.

B. runAs() can be used outside of test classes to bypass record-level security.

C. runAs() can be used inside of test classes to validate field-level permissions.

D. runAs() does not enforce user permissions or field-level permissions in test classes.

E. runAs() counts towards total DML statements issued within the transaction.

Universal Containers is updating its Organization-Wide Sharing Settings for the Account Object from a "Public Read/Write" model to a "Private" model, so that they can hide certain national accounts from sales reps and sales managers. These national accounts should only be accessible by sales directors and above. Universal Container's Role Hirerarchy matches its organizational hierarchy. Which two options should the Architect consider when designing the solution?

Choose 2 answers

A. Sales directors will need a sharing rule created so that they can see accounts owned by Sales Users.

B. National accounts must be owned by a user who is above the sales managers in the Role Hierarchy.

C. Apex managed sharing will have to be disabled for the account object to protect the national accounts.

D. If a sales rep is added to the Opportunity Team for a national account, they will gain access to account data.

Ursa Major Solar sells solar panels globally and is growing rapidly. The company has over 5,000 dealerships throughout the world where local dealers service solar panels sold locally. Ursa Major Solar recently opened two dealerships in California: NorthCal and SoCal. Ursa Major Solar implemented a new partner community to enable their dealers. Each dealership has a dealer Manager who has all service agents report into them. Additionally, Ursa Major Solar uses a private sharing model.

The company needs to enable dealer managers to have visibility to customer cases within their dealership but NOT across all dealerships.

What should the Architect recommend to accomplish this goal?

A. No changes are needed to the sharing and visibility model to implement this requirement

B. Implement sharing groups that share all cases to all agents under the Dealer manager

C. Build a trigger that creates manual sharing of cases as needed whenever a new case is created

D. Implement a batch job that creates sharing rules as needed, based on the cases created

DreamHouse Realty partners with the healthcare sector to adapt housing for clients with specific health conditions. DreamHouse Realty wants to store client notes. These client notes are text data that may be long and often contain Personally Identifiable Information (PII) and Personal Health Information (PHI).

This data must be encrypted at rest as well as in transit in order to comply with the Health Insurance Portability and Accountability Act (HIPA).

Which action should the Architect perform to fulfill this requirement?

A. Create a new Custom Field of type "Text (Encrypted)" and move the client notes data into the new field

B. No action is required; all Salesforce data is encrypted at rest as part of Salesforce's standard trust measures

C. Use an Apex trigger and the Apex Crypto class to encrypt client notes as soon as they are saved to Salesforce

D. Enable Salesforce Shield Platform Data Encryption and mark the client notes field as encrypted

Universal Containers has developed an AppExchange managed package for their distribution partners,

which required a private key to be generated for each partner and used by the code. Universal Containers

support representatives must be able to access the private key value to debug connection issues, but it

must not be possible for the partner to access the value.

How can the Architect best support this requirement?

A. Store the value in a text field on a protected custom setting in the package.

B. Store the value in a static variable in a class included in the managed package.

C. Store the value in the text field on a list custom setting in the managed package.

D. Store the value in an encrypted field on a custom object in the package.

How should the Architect ensure that OBJECT-LEVEL SECURITY is enforce within a custom Visualforce application that was a standard Apex controller on the Lead object?

A. Use the runAs() method to enforce user permissions in the Apex controller.

B. Use the Schema.DescribeSObjectResultisAccessible() method in the Apex controller.

C. Use the {!$ObjectType.lead.accessible} expression within the Visualforce page.

D. Use the "With Sharing" keyword when defining the Visualforce page.

A Visualforce controller has a requirement to be written with "Without Sharing" at the top level; however,

certain methods within the page still need to enforce the user permissions for creating records and

accessing certain fields.

Which two methods below would be used to enforce this requirements?

Choose 2 answers.

A. Schema.DescribeFieldResult

B. Schema.getGlobalDescribe

C. UserInfo.getProfileID

D. Schema.DescribeSObjectResult

Which three areas should the Architect review in order to increase performance of "Record Access" and "Sharing" calculations? Choose 3 answers.

A. Custom Object data, to ensure that no Account has more than 10,000 Custom Objects that look up to it.

B. Opportunity data, to ensure that no Account has more than 10,000 Opportunity records that are related to it.

C. Record ownership, to ensure that no user owns more than 10,000 Object records in the system.

D. Apex Managed Sharing triggers, to ensure that no trigger is querying more that 10,000 Object records.

Which two options provide implicit record access to users? Choose 2 answers

A. Read-only access to parent account for a user, based on a criteria-based sharing rule

B. Read-only access to parent account for a user with access to a child case

C. Access to child opportunities for the owner of the parent account

D. Access to related leads for the owner of the parent campaign