Plat-Arch-204 Online Practice Questions

Explanation:
In a standard API-led connectivity model, the First Tier (Experience APIs) is responsible for tailoring data for specific systems of engagement.
The Experience APIs take the core data from the lower tiers and transform it into the specific return formats (e.g., JSON for mobile, XML for legacy web) and security protocols (e.g., OAuth for Salesforce, API Keys for web) required by each consumer.
Option B correctly identifies that these transformations and security enforcements should happen at this outer layer. While an API Gateway (Option A) can provide generic security and rate limiting, it is the Experience API layer that provides the functional transformation and specific protocol requirements defined by the business needs of the engagement systems.

Explanation:
Comprehensive and Detailed 250 to 350 words of Explanation From Salesforce Pl14atform Integration Architect documents: In the rol15e of a Salesforce Platform Integration Architect, evaluating a legacy landscape requires a clinical mapping of current system functions against Salesforce’s native capabilities, while strictly adhering to the "Constraints and Goals" provided by the business. The objective here is to maximize the ROI of the Salesforce implementation by consolidating redundant systems into the core platform.
According to Goal 2, the business intends to utilize Salesforce for Marketing, Sales, and Service processes. Salesforce is architected to handle these three domains through its core clouds: Marketing Cloud (replacing the legacy Email Marketing System), Sales Cloud (replacing the Sales Activity System), and Service Cloud (replacing the Case Management System). By consolidating these three specific functions into Salesforce, the organization achieves Goal 1, which is the creation of a 360-degree view of the customer. When these activities occur on a single platform, the data is unified, eliminating the silos that existed in the previous landscape.
However, the architect must also respect the technical constraints defined in Goal 3, which explicitly states the need to reuse enterprise capabilities built for quoting and order management. In architectural design, this designates the "Quoting System" and the "Order Management System" as systems of record that must remain in the future-state landscape. These systems likely contain complex, proprietary logic or are tightly coupled with back-end ERP systems like SAP Business Suite, making them "non-negotiable" for retirement at this stage.
Therefore, because Email Marketing, Sales Activity, and Case Management map directly to Salesforce’s primary strengths and are not excluded by the "reuse" requirement, they are the three systems that should be retired. This strategic retirement simplifies the integration architecture, allowing the architect to focus on building robust integration patterns (such as Request-Reply or Fire-and-Forget) between Salesforce and the remaining Quoting and Order Management systems.

Explanation:
When dealing with extremely large files, such as the 2.5 GB design files mentioned, an architect must consider the platform's file size limits and storage costs. Salesforce Files have a maximum upload size of 2 GB through most interfaces, making Option B technically unfeasible for a 2.5 GB file.
Furthermore, storing numerous large files natively in Salesforce would lead to excessive storage consumption and costs.
The most efficient and cost-effective approach is Data Virtualization or Redirection. By creating a custom object to store the file location URL (Option C), the actual file remains in the performant on-premise file store. When the community user needs to access the design, they are redirected to the source system, which handles the massive data transfer. This fulfills the requirement to "view" the files without the overhead of moving gigabytes of data through the Salesforce infrastructure.
Option A is less ideal because a 2.5 GB download over a standard Request-Reply pattern would likely lead to timeouts and a poor user experience.

Explanation:
For outbound integrations from Salesforce to an external cloud gateway like Microsoft Azure API Gateway, securing the communication at the transport layer is a fundamental requirement. While standard SSL provides one-way encryption where the client (Salesforce) verifies the server (Azure), Mutual Server Authentication (Two-Way SSL/TLS) ensures that both parties are verified before data is exchanged.
In this architecture, Salesforce presents a digital certificate to the Azure API Gateway during the TLS handshake. For production environments, Salesforce architects recommend using certificates signed by a Certification Authority (CA) rather than self-signed certificates to establish a trusted chain of identity that complies with enterprise security standards. This mechanism prevents unauthorized clients from connecting to the Azure endpoint, effectively mitigating man-in-the-middle attacks and unauthorized data exfiltration.
While a Connected App and OAuth (Option B) are essential for inbound requests where external systems call Salesforce, they do not natively secure the point-to-point connection when Salesforce acts as the client. Similarly, a federated API access model (Option A) focuses on user identity but does not address the transport layer security between the two cloud platforms. By configuring two-way SSL, Northern Trail Outfitters ensures that the Azure API Gateway only processes requests originating from a trusted, authenticated Salesforce instance, fulfilling the high security and trust requirements of modern integration architecture.

Explanation:
To provide near real-time notifications to a client that already supports CometD, an Integration Architect should leverage the Streaming API. While Platform Events are a modern alternative, PushTopic Events are specifically designed to stream changes to Salesforce records based on a defined SOQL query.
A PushTopic event is triggered when a record is created, updated, deleted, or undeleted. By creating a PushTopic on the Opportunity object, NTO defines the criteria (fields and record states) that should trigger a message to the 1subscriber. The affiliate’s CometD client can then subscribe to this topic's channel (e.g., /topic/OpportunityUpdates) to receive the data payload instantly.
Option A is incorrect because "Accept CometD API Requests" is not a standard checkbox or configuration within a Connected App; authentication is handled via standard OAuth flows, but the streaming channel must still be defined.
Option C describes a Polling mechanism, which is the architectural opposite of the requested "immediate notification" and would unnecessarily consume SOAP API limits while introducing latency. By using a PushTopic, NTO ensures a decoupled, event-driven architecture that scales effectively for notification-only use cases while respecting the technical capabilities of the affiliate’s existing CometD-compatible infrastructure.