Apex Programming & Development
What is required for deploying Apex code to a Production instance?
What to Listen For:
- Knowledge of the three critical requirements: all classes and triggers must compile, tests must cover at least 75% of Apex code with no failures, and all triggers need minimum 1% coverage
- Understanding of the importance of test coverage for code quality and deployment success
- Awareness of testing best practices and the role of unit tests in the deployment process
What's the difference between queueable Apex, batch Apex and schedulable Apex?
What to Listen For:
- Understanding that Queueable Apex handles asynchronous processing for long-running operations or callouts that can't run in triggers
- Recognition that Batch Apex processes large data volumes (up to 50 million records) in smaller batches of 1-2000 records
- Knowledge that Scheduled Apex runs at specific times/dates and can be configured for recurring execution via UI or CRON strings
What are the different events for an Apex Trigger?
What to Listen For:
- Clear explanation of before and after trigger types, with before running before database save and after running post-save
- Knowledge of operation types: insert, update, delete, and undelete that determine when triggers fire
- Understanding that before triggers are optimal for same-record calculations/validations while after triggers handle operations on related records
What is a global Apex class?
What to Listen For:
- Definition that global classes use the global access modifier making them visible across all namespaces
- Recognition that global classes should be used sparingly and only when explicitly necessary
- Awareness of appropriate use cases such as managed packages or Apex REST web services
What is an Interface and why would we use one?
What to Listen For:
- Understanding that interfaces are class-like structures with method declarations but no implementations
- Recognition that interfaces abstract method declaration from implementation, as seen with Database.Batchable
- Ability to explain how interfaces enable different runtime behaviors based on context through polymorphism
How can we allow Apex to be called by Lightning components?
What to Listen For:
- Knowledge that methods must be annotated with @AuraEnabled to expose them to Lightning Components
- Understanding of the cacheable parameter: @AuraEnabled(cacheable=true) for methods supporting caching
- Awareness of when to use cacheable vs non-cacheable methods based on data freshness requirements
How can we debug our Apex code?
What to Listen For:
- Familiarity with debug logs that capture execution details, exceptions, and System.debug() output
- Knowledge of Apex Replay Debugger in VS Code for step-through debugging with checkpoints and breakpoints
- Understanding that increasing logging levels provides more detailed execution insights for troubleshooting
What is Apex?
What to Listen For:
- Clear explanation that Apex is Salesforce's proprietary server-side programming language with Java-like syntax
- Understanding of when to use Apex over Flow for complex business logic, performance requirements, or specialized processing
- Recognition that Apex provides more control and flexibility than declarative tools for advanced customizations
What is with sharing and without sharing in Apex?
What to Listen For:
- Understanding that "with sharing" enforces the current user's sharing rules while "without sharing" bypasses them
- Recognition that it's best practice to use "with sharing" unless specific requirements dictate otherwise
- Awareness that sharing keywords only affect record access, not field-level or object-level security which must be enforced separately
What is mixed DML error and when do we encounter it?
What to Listen For:
- Clear explanation that mixed DML errors occur when performing DML on setup and non-setup objects in a single transaction
- Understanding that the error is triggered by sharing recalculation when modifying setup objects like User with role assignments
- Knowledge of resolution strategies such as using future methods to separate transactions and avoid the error
Apex Triggers & Context Variables
What is Trigger in Salesforce?
What to Listen For:
- Definition of triggers as Apex code that executes automatically before or after database operations
- Understanding that triggers respond to insert, update, delete, and undelete operations on records
- Recognition of appropriate use cases for triggers versus declarative automation tools
What are the two types of triggers in Salesforce?
What to Listen For:
- Clear distinction between before triggers (execute before record is saved to database) and after triggers (execute after save)
- Understanding that before triggers are ideal for validations and same-record updates without additional DML
- Recognition that after triggers are used for operations on related records or when record IDs are needed
What are different events available in Triggers?
What to Listen For:
- Comprehensive list of trigger events: isInsert, isUpdate, isDelete, isBefore, isAfter, and isUndelete
- Knowledge of context variables like Trigger.new, Trigger.old, Trigger.newMap, Trigger.oldMap, and Trigger.size
- Understanding of when to use each context variable for accessing record data in different trigger scenarios
What is recursion in Trigger and how can we prevent it?
What to Listen For:
- Understanding that recursion occurs when a trigger invokes itself in a loop, eventually hitting governor limits or the 16-level stack depth limit
- Knowledge of prevention methods: static Boolean variables, static Sets to track processed IDs, static Maps for event tracking, or comparing Trigger.old values
- Ability to explain practical examples like a trigger updating the same records it's monitoring and how to prevent the loop
What is the Apex Trigger Handler pattern?
What to Listen For:
- Recognition that the handler pattern separates trigger logic from the trigger itself into dedicated handler classes
- Understanding of benefits including better code organization, reusability, testability, and maintainability
- Awareness that this is a best practice that keeps triggers lightweight with business logic in handler classes
What is Apex Trigger Framework?
What to Listen For:
- Understanding that trigger frameworks provide standardized structures for organizing and managing trigger logic across an org
- Knowledge of popular frameworks and their benefits for recursion prevention, order of execution control, and code maintainability
- Practical experience implementing or working with trigger frameworks in real-world projects
When should we use Apex Trigger?
What to Listen For:
- Recognition that triggers are appropriate for complex business logic that exceeds Flow capabilities
- Understanding of scenarios requiring triggers: bulk processing, complex calculations, external system integrations, or performance-critical operations
- Awareness that declarative tools should be evaluated first before resorting to trigger development
Does the Apex trigger run with sharing or without sharing?
What to Listen For:
- Clear statement that Apex triggers run in system context (without sharing) by default
- Understanding that triggers cannot have explicit sharing declarations unlike regular Apex classes
- Awareness that to enforce sharing rules in triggers, you must call classes that use "with sharing" keywords
How many times does the trigger execute on an Upsert event?
What to Listen For:
- Understanding that upsert operations trigger both insert and update events depending on whether records exist
- Recognition that triggers may fire multiple times in a single upsert operation for different record sets
- Awareness of the importance of bulkifying trigger logic to handle mixed insert/update scenarios efficiently
What is the difference between Trigger.New and Trigger.newMap?
What to Listen For:
- Clear explanation that Trigger.new is a list of sObject records while Trigger.newMap is a map of record IDs to sObject records
- Understanding that Trigger.newMap provides faster lookup performance when accessing specific records by ID
- Recognition of appropriate use cases: use Trigger.new for iteration and Trigger.newMap for ID-based lookups
Integration & Web Services
How can we integrate into external REST web services?
What to Listen For:
- Knowledge of using HTTP callouts to invoke external REST APIs from Salesforce
- Understanding of JSON and XMLStreamWriter classes for building payloads that match external API specifications
- Awareness of callout limitations, authentication methods, and error handling best practices
How can an external system integrate into Salesforce?
What to Listen For:
- Recognition that external systems can utilize Salesforce's built-in REST API for creating, updating, and querying records
- Understanding of custom Apex REST services for bespoke or niche integration requirements
- Knowledge of authentication mechanisms like OAuth 2.0 for securing inbound integrations
How can we secure credentials used for outbound integrations?
What to Listen For:
- Strong preference for Named Credentials which handle authentication automatically and keep credentials secure
- Knowledge of Custom Metadata types as an alternative for storing credentials with environment-specific values and controlled access
- Clear understanding that hard-coding credentials in code is a critical security violation and should never be done
What is web services?
What to Listen For:
- Clear definition of web services as standardized methods for application-to-application communication over networks
- Understanding of the two main types: SOAP (protocol-based) and REST (architectural style)
- Recognition of when to use each type based on requirements for structure, security, and simplicity
What is the difference between SOAP and REST?
What to Listen For:
- Understanding that SOAP is a protocol with strict standards while REST is an architectural style with more flexibility
- Recognition that SOAP uses XML exclusively while REST supports multiple formats including JSON, XML, and others
- Awareness that REST is generally simpler and more lightweight while SOAP offers built-in security and transaction standards
What is the difference between Enterprise WSDL and Partner WSDL?
What to Listen For:
- Understanding that EnterpriseWSDL is strongly-typed and specific to a single org's schema, while Partner WSDL is loosely-typed and generic across orgs
- Recognition that Enterprise WSDL must be regenerated whenever the schema changes, while Partner WSDL remains stable
- Awareness that Enterprise WSDL offers better compile-time type checking while Partner WSDL provides more flexibility for multi-org integrations
What is an API and how does Salesforce use them?
What to Listen For:
- Clear explanation that APIs (Application Programming Interfaces) are contracts that define how applications communicate
- Knowledge of Salesforce's various APIs including REST, SOAP, Bulk, Metadata, Streaming, and Tooling APIs
- Understanding of when to use each API type based on data volume, real-time requirements, and operation types
What authentication methods does Salesforce support for integrations?
What to Listen For:
- Knowledge of OAuth 2.0 as the primary authentication protocol for modern integrations
- Understanding of different OAuth flows: Web Server, User-Agent, JWT Bearer, and Username-Password
- Awareness of session ID authentication and when it's appropriate versus OAuth methods
What is Platform Events and when should we use it?
What to Listen For:
- Understanding that Platform Events enable event-driven architecture with publish-subscribe messaging
- Recognition of use cases like real-time integration, decoupling systems, and notifying external systems of Salesforce changes
- Knowledge that Platform Events support both inbound and outbound scenarios with guaranteed delivery
What is Change Data Capture and how does it differ from Platform Events?
What to Listen For:
- Clear explanation that Change Data Capture automatically publishes change events for record creates, updates, deletes, and undeletes
- Understanding that CDC is specifically for data synchronization while Platform Events are for custom business events
- Recognition that CDC requires no code to set up and provides both standard and custom object support
Security & Best Practices
What are the different levels of security in Salesforce?
What to Listen For:
- Comprehensive understanding of four security layers: Organization (login access), Object (CRUD), Field (read/edit), and Record (sharing rules)
- Knowledge that security moves from least to most granular through these layers
- Recognition that all layers must be considered for comprehensive security implementation
What is CRUD and FLS security?
What to Listen For:
- Clear explanation that CRUD (Create, Read, Update, Delete) controls object-level access permissions
- Understanding that FLS (Field-Level Security) controls individual field visibility and editability
- Awareness that Apex doesn't enforce these automatically and requires WITH SECURITY_ENFORCED or Security methods
How can we enforce security in Apex code?
What to Listen For:
- Knowledge of WITH SECURITY_ENFORCED clause in SOQL queries for object and field-level security
- Understanding of Security.stripInaccessible() method for removing inaccessible fields from query results
- Familiarity with Schema methods like isAccessible(), isCreateable(), isUpdateable() for manual permission checks
What are sharing rules and how do they work?
What to Listen For:
- Understanding that sharing rules extend access beyond organization-wide defaults to specific users or groups
- Knowledge of rule types: criteria-based and owner-based sharing rules
- Recognition that sharing rules can only extend access, never restrict it
What is the difference between Profiles and Permission Sets?
What to Listen For:
- Clear distinction that each user has exactly one Profile (baseline permissions) but can have multiple Permission Sets (additional permissions)
- Understanding that Permission Sets can only extend permissions, never restrict them
- Recognition that Permission Sets are more flexible and recommended for managing additional access
What are best practices for handling sensitive data in Apex?
What to Listen For:
- Never hard-code credentials or sensitive data in code; use Custom Settings, Custom Metadata, or Named Credentials
- Always enforce sharing rules with "with sharing" keyword unless explicitly required otherwise
- Implement proper error handling that doesn't expose sensitive system information to users
What is SOQL Injection and how can we prevent it?
What to Listen For:
- Understanding that SOQL Injection occurs when user input is directly concatenated into dynamic SOQL queries
- Knowledge of prevention methods: use bind variables, String.escapeSingleQuotes(), or type-casting for numeric values
- Recognition that static queries with bind variables are always preferred over dynamic SOQL when possible
What are Organization-Wide Defaults (OWD)?
What to Listen For:
- Clear explanation that OWD sets the baseline record access level for each object across the organization
- Knowledge of access levels: Private, Public Read Only, Public Read/Write, and Controlled by Parent (for detail records)
- Understanding that OWD should be as restrictive as possible, with sharing rules extending access as needed
What is Role Hierarchy and how does it affect record access?
What to Listen For:
- Understanding that Role Hierarchy automatically grants record access to users higher in the hierarchy
- Knowledge that this applies only when OWD is set to Private or Public Read Only
- Recognition that "Grant Access Using Hierarchies" checkbox can disable this for sharing rules
What are manual sharing and Apex managed sharing?
What to Listen For:
- Understanding that manual sharing allows users to grant access to individual records via Share button
- Knowledge that Apex managed sharing uses Share objects (like AccountShare) to programmatically grant record access
- Awareness that Apex sharing is necessary for complex, custom sharing logic beyond declarative capabilities
Data Management & Migration
What tools are available for data migration in Salesforce?
What to Listen For:
- Knowledge of Data Loader for bulk operations (insert, update, upsert, delete) with up to 5 million records
- Understanding of Data Import Wizard for simpler imports (up to 50,000 records) with automatic duplicate matching
- Awareness of third-party ETL tools like MuleSoft, Informatica, or Jitterbit for complex integrations
What is the difference between Data Loader and Data Import Wizard?
Whatcontent-item__box-title">What to Listen For:
- Clear distinction: Data Loader handles up to 5 million records and requires installation, while Data Import Wizard handles up to 50,000 records and is web-based
- Understanding that Data Loader supports all DML operations including delete and hard delete, while Import Wizard only supports insert and update
- Recognition that Data Import Wizard offers built-in duplicate matching and is more user-friendly for standard objects
What is an External ID field and when should we use it?
What to Listen For:
- Understanding that External IDs are custom fields marked to contain unique identifiers from external systems
- Knowledge that External IDs enable upsert operations to match records without knowing Salesforce IDs
- Recognition that External IDs are automatically indexed for better query performance on large data volumes
What is the Bulk API and when should we use it?
What to Listen For:
- Clear explanation that Bulk API is designed for loading or querying large data sets asynchronously with better performance
- Understanding that Bulk API processes data in batches and is ideal for operations involving thousands or millions of records
- Knowledge of Bulk API 2.0 improvements including higher throughput and simpler implementation compared to Bulk API 1.0
How can we prevent duplicate records in Salesforce?
What to Listen For:
- Knowledge of Duplicate Rules that identify potential duplicates based on matching rules during record creation or editing
- Understanding of Matching Rules that define the criteria for identifying duplicate records using fuzzy or exact matching
- Awareness of options to block duplicates, allow with alerts, or report only, depending on business requirements
What is Data Skew and how does it impact performance?
What to Listen For:
- Understanding that Data Skew occurs when a single parent record has an excessive number of child records (typically 10,000+)
- Recognition that skew can cause lock contention, slower processing, and timeout issues during operations
- Knowledge of mitigation strategies: redesigning data model, using asynchronous processing, or implementing record locking strategies
What are Big Objects and when should we use them?
What to Listen For:
- Clear explanation that Big Objects store and manage massive data volumes (millions to billions of records) with consistent performance
- Understanding that Big Objects have limitations: no triggers, workflows, or standard UI, and queries must filter on indexed fields
- Recognition of use cases like historical data archiving, audit trails, or IoT sensor data storage
How can we optimize SOQL queries for better performance?
What to Listen For:
- Knowledge of using selective filters on indexed fields (Id, Name, External ID, unique fields) to leverage query optimizer
- Understanding of limiting result sets with WHERE clauses, avoiding non-selective queries like open-ended date ranges
- Awareness of using SOQL FOR loops for processing large result sets without hitting heap size limits
What is the difference between Upsert and Insert/Update?
What to Listen For:
- Clear explanation that Upsert combines insert and update in a single operation based on External ID or Salesforce ID matching
- Understanding that Upsert creates new records when no match is found and updates existing records when a match exists
- Recognition that Upsert is more efficient for data synchronization scenarios than separate insert/update operations
How can we handle large data volumes in triggers?
What to Listen For:
- Understanding of bulkification principles: processing collections rather than individual records, avoiding SOQL/DML in loops
- Knowledge of using Maps and Sets for efficient data lookups instead of nested loops or repeated queries
- Awareness that asynchronous processing (Queueable, Batch) may be necessary for operations that exceed synchronous limits
