Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
Universal Containers is creating a custom Visualforce page to allow
users to edit contact records. The developer has used an
apex:outputField for the Phone field on the contact object. What is
the expected behavior if a user without field-level security accesses
the Visualforce page?
A. The user encounters an error while saving the record.
B. The output field is visible to the user.
C. The user is able to enter a value into the Phone field.
D. The field is automatically removed from the page. -
correct answer ✅D. The field is automatically removed from the
page.
"An <apex:outputField> component respects the attributes of the
associated field, including how it should be displayed to the user."
Refer to: https://developer.salesforce.com/docs/atlas.en-
us.pages.meta/pages/pages_compref_outputField.htm
The Collections department at Universal Containers uses Salesforce
to track its efforts. All Invoices and invoice line items are store in
,Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
salesforce. Invoice line item object details, such as quantity and
extended amount, should be summarized at the invoice object
level, and all users who can see a given invoice should always see all
invoice line items. Without leveraging Apex code, how should an
Architect create the relationship between the Invoice object and
the Invoice Line Item object?
A. The invoice Line Item object should have a Lookup to the Invoice
object.
B. The Invoice object should have a Master-Detail to the Invoice
Line Item object.
C. The Invoice object should have an inner join to the Invoice Line
Item object.
D. The Invoice Line Item object should have a Master-Detail to the
Invoice Object. -
correct answer ✅D. The Invoice Line Item object should have a
Master-Detail to the Invoice Object.
With Master-Detail relationship, user who has access to the parent
object (Invoice) will automatically have access to the child object
(Invoice Line Item).
,Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
Master-Detail relationship field is configured on the Invoice Line
Item object.
What should the Architect do to ensure Field-Level Security is
enforced on a custom Visualforce page using the Standard Lead
Controller?
A. Use the "With Sharing" keyword on the Standard Lead Controller.
B. Nothing; Field-Level Security will automatically be enforced.
C. Use the {!Schema.sObjectType.Lead.fields.isAccessible()}
expression
D. Use the Schema.SObject.Lead.isAccessible() method. -
correct answer ✅B. Nothing; Field-Level Security will automatically
be enforced.
When rendering Visualforce pages, the platform will automatically
enforce CRUD and FLS when the developer references SObjects and
SObject fields directly in the Visualforce page.
Refer to:
https://developer.salesforce.com/wiki/enforcing_crud_and_fls
, Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
What is the security vulnerability in the following code snippet?
<apex:form><apex:commandButton rerender="outputIt"
value="Update It"/><apex:inputText value="{
!myTextField}"/></apex:form><apex:outputPanel
id="outputIt">Value of myTextField is <apex:outputText vlue="{!
myTextField}" escape="false"/></apex:outputPanel>
A. SOQL Injection
B. Access Control
C. Arbitrary Redirects
D. Cross-Site Scripting -
correct answer ✅D. Cross-Site Scripting
Whenever you see escape = "false" - a sign for cross-site scripting
vulnerability.
Universal Containers has a custom Job object with a private sharing
model. Based on the size and location of the Job, different teams
must have access to edit the specific Job record. To support this
requirement, Apex Managed Sharing has been implemented to
Certification Exam Questions With
100% Verified Answers
Universal Containers is creating a custom Visualforce page to allow
users to edit contact records. The developer has used an
apex:outputField for the Phone field on the contact object. What is
the expected behavior if a user without field-level security accesses
the Visualforce page?
A. The user encounters an error while saving the record.
B. The output field is visible to the user.
C. The user is able to enter a value into the Phone field.
D. The field is automatically removed from the page. -
correct answer ✅D. The field is automatically removed from the
page.
"An <apex:outputField> component respects the attributes of the
associated field, including how it should be displayed to the user."
Refer to: https://developer.salesforce.com/docs/atlas.en-
us.pages.meta/pages/pages_compref_outputField.htm
The Collections department at Universal Containers uses Salesforce
to track its efforts. All Invoices and invoice line items are store in
,Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
salesforce. Invoice line item object details, such as quantity and
extended amount, should be summarized at the invoice object
level, and all users who can see a given invoice should always see all
invoice line items. Without leveraging Apex code, how should an
Architect create the relationship between the Invoice object and
the Invoice Line Item object?
A. The invoice Line Item object should have a Lookup to the Invoice
object.
B. The Invoice object should have a Master-Detail to the Invoice
Line Item object.
C. The Invoice object should have an inner join to the Invoice Line
Item object.
D. The Invoice Line Item object should have a Master-Detail to the
Invoice Object. -
correct answer ✅D. The Invoice Line Item object should have a
Master-Detail to the Invoice Object.
With Master-Detail relationship, user who has access to the parent
object (Invoice) will automatically have access to the child object
(Invoice Line Item).
,Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
Master-Detail relationship field is configured on the Invoice Line
Item object.
What should the Architect do to ensure Field-Level Security is
enforced on a custom Visualforce page using the Standard Lead
Controller?
A. Use the "With Sharing" keyword on the Standard Lead Controller.
B. Nothing; Field-Level Security will automatically be enforced.
C. Use the {!Schema.sObjectType.Lead.fields.isAccessible()}
expression
D. Use the Schema.SObject.Lead.isAccessible() method. -
correct answer ✅B. Nothing; Field-Level Security will automatically
be enforced.
When rendering Visualforce pages, the platform will automatically
enforce CRUD and FLS when the developer references SObjects and
SObject fields directly in the Visualforce page.
Refer to:
https://developer.salesforce.com/wiki/enforcing_crud_and_fls
, Salesforce Sharing and Visibility
Certification Exam Questions With
100% Verified Answers
What is the security vulnerability in the following code snippet?
<apex:form><apex:commandButton rerender="outputIt"
value="Update It"/><apex:inputText value="{
!myTextField}"/></apex:form><apex:outputPanel
id="outputIt">Value of myTextField is <apex:outputText vlue="{!
myTextField}" escape="false"/></apex:outputPanel>
A. SOQL Injection
B. Access Control
C. Arbitrary Redirects
D. Cross-Site Scripting -
correct answer ✅D. Cross-Site Scripting
Whenever you see escape = "false" - a sign for cross-site scripting
vulnerability.
Universal Containers has a custom Job object with a private sharing
model. Based on the size and location of the Job, different teams
must have access to edit the specific Job record. To support this
requirement, Apex Managed Sharing has been implemented to
