Valid Sharing-and-Visibility-Architect Dumps shared by ExamDiscuss.com for Helping Passing Sharing-and-Visibility-Architect Exam! ExamDiscuss.com now offer the newest Sharing-and-Visibility-Architect exam dumps, the ExamDiscuss.com Sharing-and-Visibility-Architect exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Sharing-and-Visibility-Architect dumps with Test Engine here:
Recent Comments (The most recent comments are at the top.)
Theodore - Dec 29, 2025
I used your updated Sharing-and-Visibility-Architect study materials and passed my exam easily.
Zoe - Dec 28, 2025
Passed Salesforce Sharing-and-Visibility-Architect Today in UK. I used Sharing-and-Visibility-Architect learning materials. Be careful in the exam and good luck to you!
test - Dec 11, 2025
No.# The requirement: **Distributors need to use the community to see *opportunities* assigned to their distributor.**
In Salesforce:
* **Customer Community** → good for high-volume external users, but **does NOT provide access to Opportunities**. * **Customer Community Plus** → adds reports, dashboards, and sharing features, but **still does NOT include Opportunities**. * **Partner Community** → **includes Opportunities, Leads, Campaigns, and advanced selling features**.
Even though there are many users (1 million), the *only* license type that provides **Opportunity access** for external users is:
### ✅ **C. Partner Community**
This is the correct choice because *access to Opportunities automatically requires a Partner Community license*.
test - Dec 02, 2025
No.# **Correct Answer: B. Trigger on Presenter junction object that uses Apex Managed Sharing to add or remove access to the related Presentation record.**
---
### **Explanation**
Requirements:
* **Presenters need edit access** to their Presentation records. * **Multiple presenters per presentation** via a **junction object**. * Presentation object is **private**, so standard sharing won’t automatically give access.
---
### **Why Apex Managed Sharing is needed**
1. **Permission Sets (Option A)**
* ❌ Incorrect. Permission sets grant **object-level permissions**, not record-level access. * Since the Presentation object is private, giving Edit rights at the object level doesn’t let a presenter access a specific record.
2. **Sales Team (Option C)**
* ❌ Incorrect. **Sales Teams only work on Opportunity objects**, not custom objects.
3. **Trigger with Apex Managed Sharing (Option B)**
* ✅ Correct. * When a **Presenter junction record** is created or updated:
* Trigger checks the related Presentation. * Creates a **Presentation__Share** record granting **Edit access** to the User in the junction. * Also handles removal when a presenter is removed. * This gives **fine-grained, record-level edit access** dynamically.
---
### ✔️ Key Takeaway
**Apex Managed Sharing is the standard approach for granting dynamic, record-level access to users based on a many-to-many relationship (junction object) when the object is private.**...
test - Dec 02, 2025
No.# **Correct Answer: B. Trigger on Case to lookup and share to the manager of an Assigned Agent custom field (the subject of the complaint) using Apex Managed Sharing.**
---
### **Explanation**
The requirement is:
* The **agent who is the subject of the complaint** must **not see the case**. * The **agent’s manager** should **see the case**. * Cases are assigned to **HR**, not the agent.
Given this:
1. **Role Hierarchy or Criteria-Based Sharing Rules won’t help**:
* **A. Criteria-based sharing rule** ❌
* Criteria-based sharing rules can only share to **users, roles, or public groups**, but you **cannot dynamically share with the manager of a user referenced in a custom field**. * The "Assigned Agent" is not the owner; the manager of that user cannot automatically get access via standard sharing rules.
* **C. Case owned by the subject** ❌
* You **cannot make the agent the owner** (they must not see it). * Even if you remove their CRUD permissions, this is **not a standard, safe way** to manage this scenario.
2. **Apex Managed Sharing works**:
* With **Apex Managed Sharing**, you can programmatically grant access to a **specific user** (the manager of the Assigned Agent) while ensuring the agent does not get access. * Trigger logic: On Case creation → look up the manager of the Assigned Agent → create a **CaseShare** record granting access to the manager.
This approach ensures **fine-grained, dynamic access control** that standard sharing cannot accomplish.
---
### ✔️ Key Takeaway
**Dynamic record sharing based on a related user field often requires Apex Managed Sharing, especially when the subject should not see the record but their manager should.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Use Account teams and sharing rules to share cases with sales associates. No change required to the Opportunity object.**
---
### **Explanation**
Let’s break down the requirements:
1. **Sales associates need:**
* **Read access to accounts** → They don’t own the accounts. * **Read access to related cases** → Cases are private and linked to accounts. * **No access to opportunities (deals) unless explicitly granted** → Opportunities remain private by default. 2. **Sales managers want accountability & collaboration via roles on accounts** → Account Teams are perfect for this. Account Teams allow you to define a user’s role on an account and specify their level of access to the account and related records (like Opportunities and Cases).
---
### **How to implement:**
1. **Account Teams:**
* Use account teams to define roles on accounts for each user. * Assign **Read access** to the account for sales associates.
2. **Case Sharing:**
* Since the org’s sharing model is **Private**, related Cases inherit the default access (Private). * Create a **criteria-based or manual sharing rule** to grant the sales associates **Read access to cases** related to the accounts they are on.
3. **Opportunities:**
* Default Private sharing means sales associates **won’t see opportunities unless specifically shared**. * No extra configuration is needed; access can be granted on a case-by-case basis.
---
### **Why not the other options?**
* **A. Use Account teams to define access to accounts as well as opportunities and cases** ❌ Incorrect. Account Teams **cannot grant access to Cases**. Cases require separate sharing configuration (sharing rules or Case Teams).
* **B. Use Account teams and Case teams. No configuration required for the Opportunity object** ❌ Partially correct, but Case Teams are **optional** and mainly for collaboration, not for fulfilling sharing requirements automatically. Sharing rules are simple...
test - Dec 02, 2025
No.# **Correct Answer: A. Searching for other external users.**
---
### **Explanation**
The **Site User Visibility** setting in **Sharing Settings** controls whether **external users (community users)** can see other **external users** in the community.
* **When turned off:**
* Community users **cannot search for or view other external users**. * This is useful for privacy when distributors, partners, or customers should not see each other.
* **Internal users** are **unaffected** by this setting.
* **User profile updates** are also unaffected; users can still update their own profile.
---
### Why not the others?
* **B. Updating their user profile** ❌ Users can still edit their own profile regardless of Site User Visibility.
* **C. Searching for internal users** ❌ Internal users are visible according to normal org sharing rules; Site User Visibility only affects **external-to-external visibility**.
---
### ✔️ Key Takeaway
**Site User Visibility = controls whether external users can see/search for each other in a community.**...
test - Dec 02, 2025
No.# **Correct Answer: B. The user who posted the file and users with access to the record**
---
### **Explanation**
When a user posts a file to a **Chatter feed on a record**:
* The **file inherits the sharing settings of the record** it’s posted to. * Since the object’s **OWD is Private**, only users who have **access to that record** can see the file. * The user who posted it obviously always has access.
This ensures that sensitive files are **not visible to users who cannot see the record**, maintaining proper data security.
---
### Why not the others?
* **A. Only the user who posted the file** ❌ Incorrect. Files posted to a record are shared with anyone who can access the record, not just the poster.
* **C. Users with a shared Chatter post link** ❌ Incorrect. A shared Chatter link does **not bypass record-level security**. Users still need access to the record to see the file.
---
### ✔️ Key Takeaway
**File visibility on a record always respects the record’s sharing settings.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**
---
### **Explanation**
UC is using a **Partner Community** with **multiple users per distributor**, and the Delivery object is **OWD = Private**.
Because **each distributor is assigned to specific customer accounts**, and UC wants **all users at that distributor** to access the Delivery records for the customers they own, the correct tool is:
### ✅ **Sharing Sets**
Sharing Sets allow Customer Community and Partner Community users to automatically gain access to records **based on their Account or Contact**, without having to create roles or complex rules.
If the Delivery object has a lookup to **Account** (the customer), then a Sharing Set can grant access to all Delivery records where:
* **Delivery.Account = User.Account**
This automatically gives all users under a distributor’s partner account access to those Delivery records.
---
### Why the other choices are incorrect:
#### **A. Public Groups & Sharing Rules**
Sharing rules for *external users* (community users) **do not work with Public Groups**. Public Groups are for internal users only.
#### **B. Role Hierarchy Sharing**
Partner Community users **do not get full hierarchical inheritance**, and using roles for 200 distributors would create complexity and performance issues.
---
### ✔️ Best Recommendation:
**C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**...
test - Dec 02, 2025
No.# **Correct Answer: C. Use `runAs` system method in test classes to test using different users and profiles.**
---
### **Explanation**
When using **Apex Managed Sharing**, Salesforce does **not** automatically enforce CRUD/FLS or record-level access in Apex. Because of this, architects must ensure that sharing logic is implemented correctly and that improper access cannot occur.
The **best way to mitigate risk** is to **thoroughly test sharing behaviors using different users, roles, and profiles**, which is exactly what `System.runAs()` enables.
`runAs` allows your test methods to simulate operations as different types of users, so you can validate:
* Whether sharing is applied as expected * Whether users (in this case, sales managers) receive only the intended access * That unauthorized users **cannot** see or modify shipment records
This ensures the Apex managed sharing logic behaves correctly in all scenarios.
---
### **Why not the others?**
#### **A. `with sharing` (not “isSharesble”)**
There *is* a `with sharing` keyword, but there is **no keyword called `isSharesble`** in Apex. Also, **class sharing keywords do not apply to the Apex Managed Sharing logic you write**—they only govern SOQL row visibility, not programmatic sharing.
#### **B. `isAccessible`**
`Schema.sObjectField.isAccessible()` checks **field-level security**, not **record-level sharing**. It does not prevent improper access to the records themselves.
---
### ✔️ Recommended choice:
**C. Use `runAs` system method in test classes to test using different users and profiles.**...
test - Dec 02, 2025
No.# **Correct Answer: A. Share the list views with the appropriate public group.**
### **Explanation**
When you create a list view in Salesforce, you can control its visibility by choosing who to share it with. The best practice—especially when there will be many list views and they need to be shown only to certain groups of users—is to:
➡️ **Create Public Groups** based on geography (or role, team, etc.) ➡️ **Share the list views with those public groups**
This keeps administration scalable and avoids having to manage visibility user-by-user. Queues are not meant for this purpose, and sharing with individual users does not scale well when many users need the same view.
### Why not the others?
* **B. Share with a queue** Queues are used for record ownership and routing—*not* for list-view visibility. Not appropriate here.
* **C. Share with individual users** This works but becomes unmanageable as the number of users grows. Not scalable.
### ✔️ Therefore, the best and most scalable option is:
**A. Share the list views with the appropriate public group.**...
Large-scale Role Hierarchy realignments can cause **record locking and performance issues**, especially when many users and records are involved. **Granular Locking** is an advanced Salesforce platform feature that reduces lock contention by allowing more specific, fine-grained locks instead of broad object- or table-level locks.
Salesforce Support can enable this feature to improve performance during operations like:
* Role hierarchy changes * Territory realignments * Sharing recalculations * Large data loads
### Why not the others?
* **A. Skinny Table Indexing** Used to improve query performance on large objects; unrelated to role hierarchy realignment.
* **B. Partitioning by Divisions** Helps logically segment data for reporting and searching, but does not address locking.
### Final Answer: **C. Granular Locking**
test - Nov 25, 2025
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
test - Nov 25, 2025
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects. * Therefore, **Custom Metadata and Custom Settings are visible** to them. * UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins). * **Managed package** → protection only works in **managed** (not unlocked) packages. * **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect | | ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- | | **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. | | **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
test - Nov 25, 2025
No.# **Correct Answer: C. Create a sharing set to share cases with the students.**
### Explanation
Because the students are using a **Customer Community license** (not Customer Community Plus), they cannot be granted record access using sharing rules or role hierarchy.
**Sharing Sets** are specifically designed for Customer Community users and allow access to records associated with the user’s **Account** or **Contact**.
For this requirement:
* Students should only see **Cases related to their Account**. * A **Sharing Set** can be configured to grant Case access based on the user’s AccountId matching the Case’s AccountId.
### Why not the other options?
| Option | Reason | | ------------------- | ------------------------------------------------------------------------------------------------------------------------ | | **A. Apex sharing** | ❌ Not necessary and not allowed for Customer Community users unless they are Customer Community Plus or Partner users. | | **B. Sharing rule** | ❌ Sharing rules *do not apply* to Customer Community license users. They have no roles, and sharing rules require roles. |
Thus, the optimal, Salesforce-recommended method is:
👉 **C. Create a sharing set to share cases with the students.**...
When you need to give access to a **specific, unrelated group of users** (users who are not connected by role hierarchy, territory, or other structural relationships), the correct approach in Salesforce is to:
✔ **Create a Public Group** ✔ **Use a Sharing Rule** (criteria-based or manual sharing) ✔ **Grant that group access to the records**
### Why not the other options?
| Option | Why It’s Incorrect | | --------------------- | ------------------------------------------------------------------------------------------------------------------------- | | **A. Role Hierarchy** | Only works for users related through the hierarchy (e.g., managers above subordinates). Doesn't help for unrelated users. | | **B. Sharing Sets** | Used exclusively for **Communities/Experience Cloud** users, not internal users. |
So the correct and standard solution is:
👉 **C. Public Groups**...
test - Nov 25, 2025
No.# **Correct Answer: B. Use Encryption Policy and wait for an email from Salesforce indicating the field values are encrypted.**
### Explanation
Because the company is already using **Salesforce Shield Platform Encryption**, adding encryption to new fields is straightforward:
1. Go to **Encryption Policy** in Setup. 2. Enable encryption for the newly identified fields (Billing Street, Billing City, Phone). 3. Salesforce will begin an **asynchronous background encryption process** for existing records. 4. Once the encryption job completes, Salesforce sends an **email notification** confirming it.
### Why the other options are incorrect
| Option | Reason | | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **A. Contact Salesforce to update the existing records** | ❌ Not needed. Platform Encryption updates existing records automatically once enabled—no Salesforce support required. | | **C. Use Classic Encryption** | ❌ Classic Encryption is limited, deprecated for most use cases, and *cannot* encrypt these standard fields. Since Shield Encryption is already implemented, switching to Classic is not appropriate. |
Thus, **Option B** is the correct and Salesforce-aligned approach....
test - Nov 25, 2025
No.# **Correct Answer: A. Create an owner-based sharing rule to grant access to account records, that have the same segment, to all sales-manager roles.**
### Explanation
The issue arises because **Role Hierarchy is based on countries**, so a U.S. sales manager is *not* above or equal to a Canadian sales manager in the hierarchy. That means they will **not** get visibility into Canadian accounts through roles alone, even if the accounts share the same business segment.
To enable visibility **across countries but within the same segment**, you need **criteria-based or owner-based sharing rules** that grant Read access horizontally across roles.
Let’s analyze the choices:
| Option | Analysis | | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **A. Owner-based sharing rule** | ✔ **Correct**. Sharing rules allow sharing *across* role hierarchy branches—exactly what is needed. You can share accounts owned by Canadian segment teams with U.S. sales-manager roles, and vice-versa. | | **B. Public group + permission set** | ❌ **Incorrect.** Permission sets do not grant record-level access. A public group is fine, but permission sets only give object-level permissions. They cannot open up record visibility. | | **C. Change the Role Hierarchy** | ❌ **Incorrect.** Putting all sales managers in one role breaks the design and removes country-based hierarchical separation. It may also unintentionally expose more records than intended. Not recommended. |
### Why Sharing Rules Are the Proper Solution
* They grant **lateral** acc...
test - Nov 21, 2025
No.# **Correct Answer: B — Customer Community Plus** ✅
### **Explanation**
Requirements:
* Distributors (external users) need to **access opportunities assigned to their distributor**. * Opportunity is a **standard object**, which requires **role-based sharing or record-level access**. * Total community users are very large (~1 million).
**License considerations:**
| License | Access to Standard Objects | Role Hierarchy | Sharing | | ----------------------- | ------------------------------------------------------------------------------------------ | -------------- | ------- | | Customer Community | Limited access to Accounts, Contacts, Cases; no role hierarchy; cannot see Opportunities | ❌ | Limited | | Customer Community Plus | Access to standard objects (including Opportunities); supports **roles and sharing rules** | ✅ | ✅ | | Partner Community | Designed for partners; similar to Customer Community Plus, but more expensive | ✅ | ✅ |
**Customer Community Plus** is optimal because:
* It supports **record-level access via roles**, enabling distributors to see only Opportunities assigned to their account. * Supports **large-scale deployments** more cost-effectively than Partner Community.
---
### Why the others are incorrect:
**A. Customer Community**
* Cannot access Opportunities because it **does not support standard object sharing**.
**C. Partner Community**
* More expensive; overkill if distributors only need access to their own Opportunities.
---
✔ **Correct: B — Customer Community Plus**...
test - Nov 21, 2025
No.# **Correct Answer: C — Leverage default Account Team** ✅
### **Explanation**
Scenario:
* Sales reps need to **grant access to internal support users** (legal, engineering, finance) for customer records. * The **sales reps on deals don’t change often**. * Goal: Reduce **manual steps** and improve productivity.
**Default Account Team** is ideal:
* Allows **predefined roles and access levels** for users who frequently support accounts. * When a sales rep adds an account to their default team, all designated supporting users **automatically get the correct access**. * Reduces manual sharing and ensures consistent access.
---
### Why the others are incorrect:
**A. Permission set with View All Data**
* Grants **global access** to all records, which violates **least privilege** principles. * Overly broad and not aligned with the requirement.
**B. Criteria-based sharing rule**
* Useful for automated sharing based on record criteria, but in this scenario the supporting users are **the same for all accounts**, not dynamically determined by record fields. * Less flexible than leveraging default account teams.
---
✔ **Correct: C — Use Default Account Team to automate internal support access.**...
Recent Comments (The most recent comments are at the top.)
I used your updated Sharing-and-Visibility-Architect study materials and passed my exam easily.
Passed Salesforce Sharing-and-Visibility-Architect Today in UK. I used Sharing-and-Visibility-Architect learning materials. Be careful in the exam and good luck to you!
No.# The requirement:
**Distributors need to use the community to see *opportunities* assigned to their distributor.**
In Salesforce:
* **Customer Community** → good for high-volume external users, but **does NOT provide access to Opportunities**.
* **Customer Community Plus** → adds reports, dashboards, and sharing features, but **still does NOT include Opportunities**.
* **Partner Community** → **includes Opportunities, Leads, Campaigns, and advanced selling features**.
Even though there are many users (1 million), the *only* license type that provides **Opportunity access** for external users is:
### ✅ **C. Partner Community**
This is the correct choice because *access to Opportunities automatically requires a Partner Community license*.
No.# **Correct Answer: B. Trigger on Presenter junction object that uses Apex Managed Sharing to add or remove access to the related Presentation record.**
---
### **Explanation**
Requirements:
* **Presenters need edit access** to their Presentation records.
* **Multiple presenters per presentation** via a **junction object**.
* Presentation object is **private**, so standard sharing won’t automatically give access.
---
### **Why Apex Managed Sharing is needed**
1. **Permission Sets (Option A)**
* ❌ Incorrect. Permission sets grant **object-level permissions**, not record-level access.
* Since the Presentation object is private, giving Edit rights at the object level doesn’t let a presenter access a specific record.
2. **Sales Team (Option C)**
* ❌ Incorrect. **Sales Teams only work on Opportunity objects**, not custom objects.
3. **Trigger with Apex Managed Sharing (Option B)**
* ✅ Correct.
* When a **Presenter junction record** is created or updated:
* Trigger checks the related Presentation.
* Creates a **Presentation__Share** record granting **Edit access** to the User in the junction.
* Also handles removal when a presenter is removed.
* This gives **fine-grained, record-level edit access** dynamically.
---
### ✔️ Key Takeaway
**Apex Managed Sharing is the standard approach for granting dynamic, record-level access to users based on a many-to-many relationship (junction object) when the object is private.**...
No.# **Correct Answer: B. Trigger on Case to lookup and share to the manager of an Assigned Agent custom field (the subject of the complaint) using Apex Managed Sharing.**
---
### **Explanation**
The requirement is:
* The **agent who is the subject of the complaint** must **not see the case**.
* The **agent’s manager** should **see the case**.
* Cases are assigned to **HR**, not the agent.
Given this:
1. **Role Hierarchy or Criteria-Based Sharing Rules won’t help**:
* **A. Criteria-based sharing rule** ❌
* Criteria-based sharing rules can only share to **users, roles, or public groups**, but you **cannot dynamically share with the manager of a user referenced in a custom field**.
* The "Assigned Agent" is not the owner; the manager of that user cannot automatically get access via standard sharing rules.
* **C. Case owned by the subject** ❌
* You **cannot make the agent the owner** (they must not see it).
* Even if you remove their CRUD permissions, this is **not a standard, safe way** to manage this scenario.
2. **Apex Managed Sharing works**:
* With **Apex Managed Sharing**, you can programmatically grant access to a **specific user** (the manager of the Assigned Agent) while ensuring the agent does not get access.
* Trigger logic: On Case creation → look up the manager of the Assigned Agent → create a **CaseShare** record granting access to the manager.
This approach ensures **fine-grained, dynamic access control** that standard sharing cannot accomplish.
---
### ✔️ Key Takeaway
**Dynamic record sharing based on a related user field often requires Apex Managed Sharing, especially when the subject should not see the record but their manager should.**...
No.# **Correct Answer: C. Use Account teams and sharing rules to share cases with sales associates. No change required to the Opportunity object.**
---
### **Explanation**
Let’s break down the requirements:
1. **Sales associates need:**
* **Read access to accounts** → They don’t own the accounts.
* **Read access to related cases** → Cases are private and linked to accounts.
* **No access to opportunities (deals) unless explicitly granted** → Opportunities remain private by default.
2. **Sales managers want accountability & collaboration via roles on accounts** → Account Teams are perfect for this. Account Teams allow you to define a user’s role on an account and specify their level of access to the account and related records (like Opportunities and Cases).
---
### **How to implement:**
1. **Account Teams:**
* Use account teams to define roles on accounts for each user.
* Assign **Read access** to the account for sales associates.
2. **Case Sharing:**
* Since the org’s sharing model is **Private**, related Cases inherit the default access (Private).
* Create a **criteria-based or manual sharing rule** to grant the sales associates **Read access to cases** related to the accounts they are on.
3. **Opportunities:**
* Default Private sharing means sales associates **won’t see opportunities unless specifically shared**.
* No extra configuration is needed; access can be granted on a case-by-case basis.
---
### **Why not the other options?**
* **A. Use Account teams to define access to accounts as well as opportunities and cases**
❌ Incorrect. Account Teams **cannot grant access to Cases**. Cases require separate sharing configuration (sharing rules or Case Teams).
* **B. Use Account teams and Case teams. No configuration required for the Opportunity object**
❌ Partially correct, but Case Teams are **optional** and mainly for collaboration, not for fulfilling sharing requirements automatically. Sharing rules are simple...
No.# **Correct Answer: A. Searching for other external users.**
---
### **Explanation**
The **Site User Visibility** setting in **Sharing Settings** controls whether **external users (community users)** can see other **external users** in the community.
* **When turned off:**
* Community users **cannot search for or view other external users**.
* This is useful for privacy when distributors, partners, or customers should not see each other.
* **Internal users** are **unaffected** by this setting.
* **User profile updates** are also unaffected; users can still update their own profile.
---
### Why not the others?
* **B. Updating their user profile** ❌
Users can still edit their own profile regardless of Site User Visibility.
* **C. Searching for internal users** ❌
Internal users are visible according to normal org sharing rules; Site User Visibility only affects **external-to-external visibility**.
---
### ✔️ Key Takeaway
**Site User Visibility = controls whether external users can see/search for each other in a community.**...
No.# **Correct Answer: B. The user who posted the file and users with access to the record**
---
### **Explanation**
When a user posts a file to a **Chatter feed on a record**:
* The **file inherits the sharing settings of the record** it’s posted to.
* Since the object’s **OWD is Private**, only users who have **access to that record** can see the file.
* The user who posted it obviously always has access.
This ensures that sensitive files are **not visible to users who cannot see the record**, maintaining proper data security.
---
### Why not the others?
* **A. Only the user who posted the file**
❌ Incorrect. Files posted to a record are shared with anyone who can access the record, not just the poster.
* **C. Users with a shared Chatter post link**
❌ Incorrect. A shared Chatter link does **not bypass record-level security**. Users still need access to the record to see the file.
---
### ✔️ Key Takeaway
**File visibility on a record always respects the record’s sharing settings.**...
No.# **Correct Answer: C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**
---
### **Explanation**
UC is using a **Partner Community** with **multiple users per distributor**, and the Delivery object is **OWD = Private**.
Because **each distributor is assigned to specific customer accounts**, and UC wants **all users at that distributor** to access the Delivery records for the customers they own, the correct tool is:
### ✅ **Sharing Sets**
Sharing Sets allow Customer Community and Partner Community users to automatically gain access to records **based on their Account or Contact**, without having to create roles or complex rules.
If the Delivery object has a lookup to **Account** (the customer), then a Sharing Set can grant access to all Delivery records where:
* **Delivery.Account = User.Account**
This automatically gives all users under a distributor’s partner account access to those Delivery records.
---
### Why the other choices are incorrect:
#### **A. Public Groups & Sharing Rules**
Sharing rules for *external users* (community users) **do not work with Public Groups**.
Public Groups are for internal users only.
#### **B. Role Hierarchy Sharing**
Partner Community users **do not get full hierarchical inheritance**, and using roles for 200 distributors would create complexity and performance issues.
---
### ✔️ Best Recommendation:
**C. Create a Sharing Set for the Distributor profile to grant access to the Delivery object.**...
No.# **Correct Answer: C. Use `runAs` system method in test classes to test using different users and profiles.**
---
### **Explanation**
When using **Apex Managed Sharing**, Salesforce does **not** automatically enforce CRUD/FLS or record-level access in Apex. Because of this, architects must ensure that sharing logic is implemented correctly and that improper access cannot occur.
The **best way to mitigate risk** is to **thoroughly test sharing behaviors using different users, roles, and profiles**, which is exactly what `System.runAs()` enables.
`runAs` allows your test methods to simulate operations as different types of users, so you can validate:
* Whether sharing is applied as expected
* Whether users (in this case, sales managers) receive only the intended access
* That unauthorized users **cannot** see or modify shipment records
This ensures the Apex managed sharing logic behaves correctly in all scenarios.
---
### **Why not the others?**
#### **A. `with sharing` (not “isSharesble”)**
There *is* a `with sharing` keyword, but there is **no keyword called `isSharesble`** in Apex.
Also, **class sharing keywords do not apply to the Apex Managed Sharing logic you write**—they only govern SOQL row visibility, not programmatic sharing.
#### **B. `isAccessible`**
`Schema.sObjectField.isAccessible()` checks **field-level security**, not **record-level sharing**.
It does not prevent improper access to the records themselves.
---
### ✔️ Recommended choice:
**C. Use `runAs` system method in test classes to test using different users and profiles.**...
No.# **Correct Answer: A. Share the list views with the appropriate public group.**
### **Explanation**
When you create a list view in Salesforce, you can control its visibility by choosing who to share it with. The best practice—especially when there will be many list views and they need to be shown only to certain groups of users—is to:
➡️ **Create Public Groups** based on geography (or role, team, etc.)
➡️ **Share the list views with those public groups**
This keeps administration scalable and avoids having to manage visibility user-by-user. Queues are not meant for this purpose, and sharing with individual users does not scale well when many users need the same view.
### Why not the others?
* **B. Share with a queue**
Queues are used for record ownership and routing—*not* for list-view visibility. Not appropriate here.
* **C. Share with individual users**
This works but becomes unmanageable as the number of users grows. Not scalable.
### ✔️ Therefore, the best and most scalable option is:
**A. Share the list views with the appropriate public group.**...
No.# The correct answer is:
✅ **C. Granular Locking**
### Explanation
Large-scale Role Hierarchy realignments can cause **record locking and performance issues**, especially when many users and records are involved. **Granular Locking** is an advanced Salesforce platform feature that reduces lock contention by allowing more specific, fine-grained locks instead of broad object- or table-level locks.
Salesforce Support can enable this feature to improve performance during operations like:
* Role hierarchy changes
* Territory realignments
* Sharing recalculations
* Large data loads
### Why not the others?
* **A. Skinny Table Indexing**
Used to improve query performance on large objects; unrelated to role hierarchy realignment.
* **B. Partitioning by Divisions**
Helps logically segment data for reporting and searching, but does not address locking.
### Final Answer: **C. Granular Locking**
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
No.# **Correct Answer: A. Create a protected custom metadata type… packaged in a managed package.**
### Explanation
UC needs to store an encryption key **inside Salesforce**, but:
* Users have **View Setup** permission → they can see Setup objects.
* Therefore, **Custom Metadata and Custom Settings are visible** to them.
* UC needs a way to hide the key **even from admins**, but still allow **Apex code** to read it.
The **only** Salesforce mechanism that allows this is:
### ✔ **Protected Custom Metadata in a Managed Package**
* **Protected** → the metadata values are *not visible* in subscriber orgs (even to admins).
* **Managed package** → protection only works in **managed** (not unlocked) packages.
* **Apex in the subscriber org** can read the protected data if the packaged Apex code exposes it correctly.
### Why the other options are wrong?
| Option | Why it’s incorrect |
| ---------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| **B. Protected CMDT in an unlocked package** | ❌ Unlocked packages do **not** support protected metadata. Values would be visible. |
| **C. Custom metadata type with restricted profile access** | ❌ Users with **View Setup** permission can still see metadata and its values. Not secure. |
### Final Answer
👉 **A. Create a protected custom metadata type in a managed package and deploy it to production.**...
No.# **Correct Answer: C. Create a sharing set to share cases with the students.**
### Explanation
Because the students are using a **Customer Community license** (not Customer Community Plus), they cannot be granted record access using sharing rules or role hierarchy.
**Sharing Sets** are specifically designed for Customer Community users and allow access to records associated with the user’s **Account** or **Contact**.
For this requirement:
* Students should only see **Cases related to their Account**.
* A **Sharing Set** can be configured to grant Case access based on the user’s AccountId matching the Case’s AccountId.
### Why not the other options?
| Option | Reason |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------ |
| **A. Apex sharing** | ❌ Not necessary and not allowed for Customer Community users unless they are Customer Community Plus or Partner users. |
| **B. Sharing rule** | ❌ Sharing rules *do not apply* to Customer Community license users. They have no roles, and sharing rules require roles. |
Thus, the optimal, Salesforce-recommended method is:
👉 **C. Create a sharing set to share cases with the students.**...
No.# **Correct Answer: C. Public Groups**
### Explanation
When you need to give access to a **specific, unrelated group of users** (users who are not connected by role hierarchy, territory, or other structural relationships), the correct approach in Salesforce is to:
✔ **Create a Public Group**
✔ **Use a Sharing Rule** (criteria-based or manual sharing)
✔ **Grant that group access to the records**
### Why not the other options?
| Option | Why It’s Incorrect |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| **A. Role Hierarchy** | Only works for users related through the hierarchy (e.g., managers above subordinates). Doesn't help for unrelated users. |
| **B. Sharing Sets** | Used exclusively for **Communities/Experience Cloud** users, not internal users. |
So the correct and standard solution is:
👉 **C. Public Groups**...
No.# **Correct Answer: B. Use Encryption Policy and wait for an email from Salesforce indicating the field values are encrypted.**
### Explanation
Because the company is already using **Salesforce Shield Platform Encryption**, adding encryption to new fields is straightforward:
1. Go to **Encryption Policy** in Setup.
2. Enable encryption for the newly identified fields (Billing Street, Billing City, Phone).
3. Salesforce will begin an **asynchronous background encryption process** for existing records.
4. Once the encryption job completes, Salesforce sends an **email notification** confirming it.
### Why the other options are incorrect
| Option | Reason |
| -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **A. Contact Salesforce to update the existing records** | ❌ Not needed. Platform Encryption updates existing records automatically once enabled—no Salesforce support required. |
| **C. Use Classic Encryption** | ❌ Classic Encryption is limited, deprecated for most use cases, and *cannot* encrypt these standard fields. Since Shield Encryption is already implemented, switching to Classic is not appropriate. |
Thus, **Option B** is the correct and Salesforce-aligned approach....
No.# **Correct Answer: A. Create an owner-based sharing rule to grant access to account records, that have the same segment, to all sales-manager roles.**
### Explanation
The issue arises because **Role Hierarchy is based on countries**, so a U.S. sales manager is *not* above or equal to a Canadian sales manager in the hierarchy. That means they will **not** get visibility into Canadian accounts through roles alone, even if the accounts share the same business segment.
To enable visibility **across countries but within the same segment**, you need **criteria-based or owner-based sharing rules** that grant Read access horizontally across roles.
Let’s analyze the choices:
| Option | Analysis |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **A. Owner-based sharing rule** | ✔ **Correct**. Sharing rules allow sharing *across* role hierarchy branches—exactly what is needed. You can share accounts owned by Canadian segment teams with U.S. sales-manager roles, and vice-versa. |
| **B. Public group + permission set** | ❌ **Incorrect.** Permission sets do not grant record-level access. A public group is fine, but permission sets only give object-level permissions. They cannot open up record visibility. |
| **C. Change the Role Hierarchy** | ❌ **Incorrect.** Putting all sales managers in one role breaks the design and removes country-based hierarchical separation. It may also unintentionally expose more records than intended. Not recommended. |
### Why Sharing Rules Are the Proper Solution
* They grant **lateral** acc...
No.# **Correct Answer: B — Customer Community Plus** ✅
### **Explanation**
Requirements:
* Distributors (external users) need to **access opportunities assigned to their distributor**.
* Opportunity is a **standard object**, which requires **role-based sharing or record-level access**.
* Total community users are very large (~1 million).
**License considerations:**
| License | Access to Standard Objects | Role Hierarchy | Sharing |
| ----------------------- | ------------------------------------------------------------------------------------------ | -------------- | ------- |
| Customer Community | Limited access to Accounts, Contacts, Cases; no role hierarchy; cannot see Opportunities | ❌ | Limited |
| Customer Community Plus | Access to standard objects (including Opportunities); supports **roles and sharing rules** | ✅ | ✅ |
| Partner Community | Designed for partners; similar to Customer Community Plus, but more expensive | ✅ | ✅ |
**Customer Community Plus** is optimal because:
* It supports **record-level access via roles**, enabling distributors to see only Opportunities assigned to their account.
* Supports **large-scale deployments** more cost-effectively than Partner Community.
---
### Why the others are incorrect:
**A. Customer Community**
* Cannot access Opportunities because it **does not support standard object sharing**.
**C. Partner Community**
* More expensive; overkill if distributors only need access to their own Opportunities.
---
✔ **Correct: B — Customer Community Plus**...
No.# **Correct Answer: C — Leverage default Account Team** ✅
### **Explanation**
Scenario:
* Sales reps need to **grant access to internal support users** (legal, engineering, finance) for customer records.
* The **sales reps on deals don’t change often**.
* Goal: Reduce **manual steps** and improve productivity.
**Default Account Team** is ideal:
* Allows **predefined roles and access levels** for users who frequently support accounts.
* When a sales rep adds an account to their default team, all designated supporting users **automatically get the correct access**.
* Reduces manual sharing and ensures consistent access.
---
### Why the others are incorrect:
**A. Permission set with View All Data**
* Grants **global access** to all records, which violates **least privilege** principles.
* Overly broad and not aligned with the requirement.
**B. Criteria-based sharing rule**
* Useful for automated sharing based on record criteria, but in this scenario the supporting users are **the same for all accounts**, not dynamically determined by record fields.
* Less flexible than leveraging default account teams.
---
✔ **Correct: C — Use Default Account Team to automate internal support access.**...