Salesforce Certified Integration Architect — Question 32
A company’s security assessment noted vulnerabilities on the unmanaged packages in its Salesforce orgs, notably secrets that are easily accessible and in plain text, such as usernames, passwords, and OAuth tokens used in callouts from Salesforce.
Which two persistence mechanisms should an integration architect require to be used to ensure that secrets are protected from deliberate or inadvertent exposure. (Choose two.)
Answer options
- A. Named Credentials
- B. Encrypted Custom Fields
- C. Protected Custom Settings
- D. Protected Custom Metadata Types
Correct answer: A, B
Explanation
Named Credentials and Encrypted Custom Fields are effective for protecting sensitive information because they offer built-in security features that encrypt and manage access to secrets. In contrast, Protected Custom Settings and Protected Custom Metadata Types do not provide the same level of security for sensitive data as they are not specifically designed to handle secrets securely.