Valid Sharing-and-Visibility-Architect Dumps shared by ExamDiscuss.com for Helping Passing Sharing-and-Visibility-Architect Exam! ExamDiscuss.com now offer the newest Sharing-and-Visibility-Architect exam dumps, the ExamDiscuss.com Sharing-and-Visibility-Architect exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Sharing-and-Visibility-Architect dumps with Test Engine here:
Universal Containers (UC) would like to store an encryption key within Salesforce for use in Apex code, but it does not want users to be able to see this confidential key. Users require the view setup permission. How can UC securely store the confidential key?
Correct Answer: A
Recent Comments (The most recent comments are at the top.)
test - Nov 25, 2025
**Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
test - Nov 25, 2025
**Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
Recent Comments (The most recent comments are at the top.)
**Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
**Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...