Salesforce-Platform-Developer Practice Test

Salesforce Spring 25 Release -
Updated On 1-Jan-2026
237 Questions

Universal Containers recently transitioned from Classic to Lighting Experience. One of its business processes requires certain value from the opportunity object to be sent via HTTP REST callout to its external order management system based on a user-initiated action on the opportunity page. Example values are as follow

Name
Amount
Account

Which two methods should the developer implement to fulfill the business requirement? (Choose 2 answers)

A. Create a Lightning component that performs the HTTP REST callout, and use a Lightning Action to expose the component on the Opportunity detail page.

B. Create a Process Builder on the Opportunity object that executes an Apex immediate action to perform the HTTP REST callout whenever the Opportunity is updated.

C. Create an after update trigger on the Opportunity object that calls a helper method using @Future(Callout=true) to perform the HTTP REST callout.

D. Create a Visualforce page that performs the HTTP REST callout, and use a Visualforce quick action to expose the component on the Opportunity detail page.

A.   Create a Lightning component that performs the HTTP REST callout, and use a Lightning Action to expose the component on the Opportunity detail page.
D.   Create a Visualforce page that performs the HTTP REST callout, and use a Visualforce quick action to expose the component on the Opportunity detail page.

Explanation:

Since Universal Containers transitioned to Lightning Experience, the best approach is to use user-initiated actions that allow direct execution of the HTTP REST callout when the user interacts with the Opportunity record.

Why are A and D correct?

A. Lightning Component + Lightning Action:
Lightning Actions can be used to trigger custom logic via a Lightning Component, allowing users to initiate the REST callout directly from the Opportunity detail page.
This provides a modern, flexible solution that fits well with Lightning Experience.

D. Visualforce Page + Quick Action:
Visualforce pages can execute HTTP REST callouts and can be exposed as Quick Actions, allowing the user to trigger the request manually.
This solution is useful for organizations transitioning from Classic to Lightning while still leveraging existing Visualforce-based logic.

A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Whithin the class, the developer identifies the following method as a security threat: List performSearch(String lastName){ return Database.query('Select Id, FirstName, LastName FROM Contact WHERE LastName Like %'+lastName+'%); } What are two ways the developer can update the method to prevent a SOQL injection attack? Choose 2 answers

A. Use variable binding and replace the dynamic query with a static SOQL.

B. Use the escapeSingleQuote method to sanitize the parameter before its use.

C. Use a regular expression on the parameter to remove special characters.

D. Use the @Readonly annotation and the with sharing keyword on the class.

C.   Use a regular expression on the parameter to remove special characters.
D.   Use the @Readonly annotation and the with sharing keyword on the class.

Explanation:

The provided method is vulnerable to SOQL injection because it directly includes untrusted user input (lastName) in a dynamic SOQL query. To fix this, the developer should sanitize the input and/or avoid dynamic queries when possible.

A. Use variable binding and replace the dynamic query with a static SOQL. This is the best and most secure approach. Using variable binding (bind variables) ensures that input is treated as data, not executable code:

List results = [SELECT Id, FirstName, LastName FROM Contact WHERE LastName LIKE :('%' + lastName + '%')];

B. Use the escapeSingleQuote method to sanitize the parameter before its use.
If dynamic SOQL must be used, sanitizing input with String.escapeSingleQuotes(lastName) helps prevent injection by escaping special characters:

String safeInput = String.escapeSingleQuotes(lastName);
List results = Database.query('SELECT Id, FirstName, LastName FROM Contact WHERE LastName LIKE \'%' + safeInput + '%\'');

When a user edits the Postal Code on an Account, a custom Account text field named ''Timezone'' must be updated based on the values another custom object object called. What is the optimal way to Implement this feature?

A. Build a flow with flow Builder.

B. Build an account assignment rule.

C. Create a formula field.

D. Create an account approval process.

A.   Build a flow with flow Builder.

Explanation:

The requirement involves updating a custom field (Timezone) on the Account when the Postal Code is changed, using data from another custom object. This type of logic:

Is conditional,
Involves data lookup from another object,

And updates a field.

This is best handled using a Flow, specifically a Record-Triggered Flow, which allows for querying related objects and updating records.

In the following example, which sharing context will myMethod execute when it is invoked?

A. Sharing rules will not be enforced for the running user.

B. Sharing rules will be Inherited from the calling context.

C. Sharing rules will be enforced by the instantiating class.

D. Sharing rules will be enforced for the running user.

B.   Sharing rules will be Inherited from the calling context.

Explanation:

In Apex, if a class is defined without the with sharing or without sharing keyword (as in your example), then it runs in the sharing context of the caller. This is known as inherited sharing behavior.

Example Analysis:

public class myClass {
public void myMethod() {
// implementation
}
}

The class doesn't explicitly specify a sharing context.
Therefore, myMethod will execute in the sharing context of the class or code that called it.

Since Aura application events follow the traditional publish-subscribe model, which method is used to fire an event?

A. ernit()

B. fireEvent()

C. fire()

D. registerEvent()

C.   fire()

Explanation:

In Aura components, application events follow the publish-subscribe model, meaning any component that registers for the event can handle it when it's fired. To trigger an Aura application event, developers use the fire() method.

How it works:

Define the event using the tag.
Register the event in the component that will handle it.
Fire the event using event.fire() in the component that triggers the event.

Analyzing the incorrect options:

A. ernit() – This method doesn't exist in Aura event handling.
B. fireEvent() – This is an incorrect method; fire() is the correct one.
D. registerEvent() – This method is used to register an event in the component, not to fire it.

Salesforce-Platform-Developer Exam Questions - Home Previous
Page 3 out of 48 Pages