Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free SF System Architect Practice Questions

Pass your Salesforce Certified System Architect exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

A Salesforce System Architect is designing Salesforce Platform Developer I testing standards. Which statement about Apex test coverage requirements is correct?

A
B
C
D
to track
Same family resources

Explore More Salesforce Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Salesforce Certified Administrator

Practice QuestionsStudy GuideCheat SheetFlashcards1 video2 blogs

Salesforce Agentforce

Practice Questions

Salesforce Certified Advanced Administrator

Practice Questions

Salesforce Platform App Builder

Practice Questions

Salesforce Platform Developer I

Practice Questions

Salesforce Service Cloud Consultant

Practice Questions

More From This Family

Videos and articles for deeper review.

VideoFREE Salesforce Admin Exam Guide 2026: Pass on First TryArticleFREE Salesforce Admin Exam Guide 2026: Pass on First Try28 min readArticleSalesforce Admin Salary & Is It Worth It in 2026? (Free)13 min read
2026 Statistics

Key Facts: SF System Architect Exam

4

Constituent Certifications

Lifecycle, IAM, Integration, PD1

$1,600

Total Exam Costs

$400 × 4 constituent exams

0

Separate Architect Exams

Umbrella credential — no standalone test

5

OAuth 2.0 Flows Tested

JWT, Client Cred, PKCE, ROPC, Auth Code

4

Sandbox Types

Developer, Developer Pro, Partial, Full Copy

Annual

Maintenance Required

Each constituent cert must stay active

The System Architect credential is earned automatically by holding four active certs: Development Lifecycle & Deployment Architect, Identity & Access Management Architect, Integration Architect, and Platform Developer I. No separate System Architect exam exists. Combined domain weights: Lifecycle & Deployment 25%, IAM 25%, Integration 25%, Platform Developer I 25%. Each constituent exam costs $400 ($200 retake). Annual maintenance is required for each constituent cert to keep the umbrella credential active.

Sample SF System Architect Practice Questions

Try these sample questions to test your SF System Architect exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1A Salesforce System Architect is designing the deployment lifecycle for an enterprise org with 5 development teams working simultaneously. Which environment strategy supports parallel development with minimal integration conflicts?
A.Use Salesforce DX with feature-branch development: each team works in a scratch org from a shared feature branch; completed features merge to an integration sandbox that serves as the pre-production gate before UAT and production promotion
B.All 5 teams share one developer sandbox and coordinate changes via a shared spreadsheet
C.Each team deploys directly to production independently when their feature is complete
D.Use a single full copy sandbox for all development, locking it during deployments
Explanation: SFDX feature-branch development with scratch orgs provides team isolation. Each team works independently in scratch orgs seeded from a source-controlled feature branch. Completed features merge to an integration sandbox for conflict resolution and testing before UAT. This follows Salesforce's recommended enterprise development lifecycle and supports parallel work without interference.
2A Salesforce System Architect is designing Single Sign-On for a company where Salesforce should authenticate using the company's SAML 2.0 identity provider (Active Directory). In this setup, Salesforce acts as what?
A.The Service Provider (SP) — Salesforce trusts the IdP to authenticate users and accepts SAML assertions from Active Directory to grant Salesforce access without a separate Salesforce password
B.The Identity Provider (IdP) — Salesforce provides the authentication for Active Directory
C.A proxy that forwards credentials between Active Directory and third-party applications
D.A certificate authority that issues SAML certificates to Active Directory
Explanation: In SSO with SAML 2.0, Salesforce is the Service Provider (SP) — it provides the service (CRM) but delegates authentication to the Identity Provider (IdP, which is Active Directory/ADFS in this case). The IdP authenticates the user and sends a SAML assertion to Salesforce. Salesforce validates the assertion (using the configured certificate) and grants access without requiring a separate Salesforce password.
3A Salesforce System Architect must design an integration where Salesforce needs to receive data from an external system whenever a specific event occurs (e.g., a payment is processed). Which integration pattern is MOST appropriate?
A.Event-driven / Fire-and-Forget: the external system calls a Salesforce Platform Event or a REST API endpoint when payment is processed; Salesforce processes the event asynchronously without requiring a synchronous response
B.Polling: Salesforce queries the external payment system every 5 minutes using a Scheduled Apex job to check for new payments
C.Request-Reply: Salesforce makes a real-time REST API call to the payment system on demand to retrieve payment status
D.File-based batch: the payment system generates a nightly file that is uploaded to Salesforce via SFTP
Explanation: Event-driven integration is the appropriate pattern for real-time event notification (payment processed). The external system publishes an event (via Platform Event, Streaming API, or REST webhook) and Salesforce subscribes/receives. This provides real-time data with minimal coupling — the external system does not wait for Salesforce to respond. It is more efficient than polling and more real-time than batch.
4A Salesforce System Architect is designing an integration between Salesforce and an ERP system for bidirectional order synchronization. What is the key risk to address when both systems can write to the same data?
A.Conflict resolution: when both systems modify the same order data simultaneously, the integration must define a conflict resolution strategy (e.g., "Last Write Wins", "Salesforce Wins", or "ERP Wins") and detect update conflicts using timestamps or version tokens to prevent data loss
B.The integration should be designed so only one system can ever modify order data; bidirectional write is architecturally unsound in all cases
C.Salesforce automatically detects and resolves conflicts with external systems via its built-in conflict management service
D.Bidirectional sync only creates conflicts if the sync runs more than once per hour
Explanation: Bidirectional synchronization requires explicit conflict detection and resolution design. Without it, concurrent updates from both systems can result in data loss (one system's update silently overwrites the other's). The architect must define: how conflicts are detected (comparing LastModifiedDate or version fields), which system's data wins, and how conflict cases are logged or alerted for human review when needed.
5A Salesforce System Architect must implement OAuth 2.0 for a server-to-server integration where no user interaction is possible. Which OAuth flow is designed for this use case?
A.OAuth 2.0 JWT Bearer Token Flow (for integration users) or Client Credentials Flow, which allow a server to authenticate to Salesforce using a pre-configured certificate/secret without requiring user login
B.OAuth 2.0 Authorization Code Flow which requires a user to log in and authorize the application
C.OAuth 2.0 Implicit Flow which is designed for client-side browser applications
D.OAuth 2.0 PKCE Flow which is designed for mobile applications
Explanation: The JWT Bearer Token Flow is the recommended OAuth flow for server-to-server integrations where no user interaction is possible. The server (external system) signs a JWT with a private key, sends it to Salesforce's token endpoint, and receives an access token. This supports fully automated, scheduled integrations without a user present. The Client Credentials Flow is an alternative that uses client_id/secret.
6A Salesforce System Architect is designing the deployment pipeline. A complex change requires modifying 3 Apex classes, 2 Flows, and 5 custom fields. Which deployment approach ensures all components deploy together atomically?
A.Use a single SFDX deployment (sf project deploy start) or Metadata API deployment that includes all 10 components in one package; Salesforce validates and deploys the entire package atomically — if any component fails, the entire deployment rolls back
B.Deploy each component individually in sequence: fields first, then Apex, then Flows
C.Deploy Flows first since they depend on custom fields, then deploy Apex separately after manual testing
D.Deploy to production directly using Setup > Custom Fields/Apex Class editors one at a time
Explanation: Salesforce Metadata API deployments (and SFDX deployments) are atomic within a single deployment package: either all components deploy successfully or the entire deployment rolls back. Packaging all 10 components together ensures that interdependent components (e.g., an Apex class that references the new custom fields) are deployed as a unit, preventing partial-deployment states where some components are deployed and others are not.
7A Salesforce System Architect is designing an integration between Salesforce and a legacy mainframe system. The mainframe exposes a SOAP web service. How should this integration be implemented in Salesforce?
A.Generate Apex classes from the SOAP WSDL using Salesforce's WSDL import tool (Apex > WSDL2Apex), which creates strongly-typed Apex proxy classes for calling the mainframe SOAP service from Salesforce
B.Use a REST adapter in Salesforce to convert REST calls to SOAP automatically before sending to the mainframe
C.Salesforce cannot call SOAP services; the mainframe must be modernized to a REST API first
D.Use a custom JavaScript controller to make SOAP calls from the browser to the mainframe directly
Explanation: Salesforce supports outbound SOAP calls via the WSDL2Apex tool (in Setup > Apex Classes > Generate from WSDL). Importing the mainframe's WSDL generates strongly-typed Apex classes that represent the SOAP service. Apex code can then call these proxy classes to interact with the mainframe synchronously or via @future callout for async execution. Named Credentials can store the endpoint and authentication.
8A Salesforce System Architect must ensure that integration API credentials (client_id, client_secret, endpoint URL) are stored securely and not hardcoded in Apex. Which Salesforce feature handles this?
A.Named Credentials — a Salesforce feature that stores endpoint URLs and authentication credentials securely, referenced in Apex callouts by the Named Credential label without exposing the actual credentials in code
B.Custom Settings — store the credentials in a Hierarchy Custom Setting accessible from Apex
C.Custom Metadata Types — store the credentials as text fields in a Custom Metadata Type record
D.Static Resources — package the credentials in a JSON file uploaded as a Static Resource
Explanation: Named Credentials are Salesforce's purpose-built secure credential storage for callout endpoints. They store URL, authentication method, and credentials (username/password, OAuth tokens, certificates) encrypted in Salesforce. Apex references Named Credentials by their developer name (callout:MyCredential/path) without ever seeing the actual credentials. This is the platform-recommended approach for securing integration credentials.
9A Salesforce System Architect is designing a Platform Developer I assessment. An Apex developer asks: what is the maximum number of DML statements allowed in a single synchronous transaction?
A.150 DML statements per synchronous transaction (higher limits apply in asynchronous contexts)
B.100 DML statements per synchronous transaction
C.200 DML statements, matching the standard batch size
D.There is no DML limit; only the number of records per DML operation is limited
Explanation: The Salesforce governor limit for DML statements in a synchronous transaction is 150 per transaction. Each insert, update, delete, upsert, merge, or undelete call counts as one DML statement (not per record — bulk DML on 200 records still counts as 1 statement). In asynchronous contexts (Batch Apex, @future), the limit is also 150 per execute/transaction.
10A Salesforce System Architect must design a change management process for a heavily customized production org. Developers want to make an urgent hotfix directly to production. What governance process should be followed even for urgent fixes?
A.Deploy the hotfix through the standard pipeline (developer sandbox → integration sandbox → UAT sandbox → production) even if expedited; document the rationale for the expedited timeline and ensure post-deployment monitoring and regression testing
B.Allow direct production edits via Setup for urgent fixes to minimize delay
C.Deploy the hotfix from any available sandbox directly to production if it has been tested by one developer
D.Apply the hotfix to production and document it retroactively in the change management system
Explanation: Even for urgent hotfixes, a responsible change management process moves changes through at least a minimal pipeline: deploying to a sandbox to test, then to production via an expedited approval. Skipping environments creates risk (the fix may introduce new issues). Documenting the rationale for expedition and monitoring after deployment ensures accountability. Direct production edits bypass all safeguards and should be avoided.

About the SF System Architect Exam

The Salesforce Certified System Architect is an umbrella credential automatically awarded when a candidate holds all four constituent certifications: Development Lifecycle & Deployment Architect, Identity & Access Management Architect, Integration Architect, and Platform Developer I. It demonstrates mastery of system-layer architecture including DevOps/CI-CD strategy, SSO and OAuth design, enterprise integration patterns, and Apex platform development.

Questions

60 scored questions

Time Limit

Varies per constituent exam (~105 min each)

Passing Score

65–68% per constituent exam

Exam Fee

Free (umbrella) — $400 per constituent exam (Webassessor / Kryterion)

SF System Architect Exam Content Outline

25%

Development Lifecycle and Deployment

Salesforce DX, scratch orgs, unlocked packages, 2GP managed packages, CI/CD pipelines, sandbox strategy, change management, release management

25%

Identity and Access Management

OAuth 2.0 (JWT Bearer, Client Credentials, PKCE, ROPC, Auth Code), SAML 2.0 SSO, delegated authentication, connected apps, named credentials, SCIM, Shield

25%

Integration Architecture

Integration patterns, Bulk API 2.0, Platform Events, Change Data Capture, REST/SOAP, MuleSoft, API governance, middleware, event-driven architecture

25%

Platform Developer I

Apex classes, triggers, SOQL/SOSL, DML, governor limits, bulkification, LWC, Visualforce, test framework, callouts, HttpCalloutMock

How to Pass the SF System Architect Exam

What You Need to Know

  • Passing score: 65–68% per constituent exam
  • Exam length: 60 questions
  • Time limit: Varies per constituent exam (~105 min each)
  • Exam fee: Free (umbrella) — $400 per constituent exam

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

SF System Architect Study Tips from Top Performers

1For each OAuth 2.0 flow, know the exact use case: JWT Bearer is for server-to-server; PKCE is for mobile apps where client secret cannot be stored securely
2Understand unlocked packages vs. 2GP managed packages: unlocked for org-specific customization, 2GP for ISV distribution with namespace and upgradeable versioning
3For integration questions, map each scenario to a pattern: synchronous request-reply (REST/SOAP), fire-and-forget (Platform Events), batch ETL (Bulk API), or data streaming (CDC)
4Know all CI/CD tooling options: Salesforce CLI, GitHub Actions with sf CLI, Copado, Gearset, AutoRABIT — and their trade-offs for enterprise vs. ISV customers
5For Apex callout questions, always remember: @future(callout=true) cannot be called from a trigger that has DML — use Queueable instead; HttpCalloutMock is required in tests
6Practice designing multi-org vs. single-org topology questions — know the drivers for each: compliance isolation, business unit separation, data sovereignty requirements

Frequently Asked Questions

Is there a separate Salesforce System Architect exam?

No. The System Architect credential is an umbrella certification automatically granted when you hold all four active constituent certifications: Development Lifecycle & Deployment Architect, Identity & Access Management Architect, Integration Architect, and Platform Developer I. There is no standalone System Architect exam.

What are the four certifications needed for System Architect?

You must hold all four simultaneously: (1) Salesforce Certified Development Lifecycle & Deployment Architect, (2) Salesforce Certified Identity & Access Management Architect, (3) Salesforce Certified Integration Architect, and (4) Salesforce Certified Platform Developer I.

What OAuth 2.0 flows does the IAM Architect exam cover?

The IAM Architect exam covers all major OAuth 2.0 flows: JWT Bearer Token (server-to-server, no user interaction), Client Credentials (machine-to-machine), Authorization Code with PKCE (mobile/SPA), ROPC (legacy, discouraged), and standard Authorization Code (web server). Candidates must know when to use each flow based on the integration scenario.

What is the difference between SP-initiated and IdP-initiated SAML SSO?

In SP-initiated SSO, the user starts at the Salesforce (Service Provider) login page and is redirected to the Identity Provider for authentication. In IdP-initiated SSO, the user logs into the Identity Provider portal first and clicks a tile to access Salesforce without a redirect. Both use SAML 2.0 assertions, but the flow initiation and assertion binding differ.

When should I recommend Platform Events vs. Change Data Capture vs. Bulk API for integration?

Use Platform Events for real-time publish/subscribe event-driven integration (custom business events). Use Change Data Capture (CDC) to stream standard/custom object record changes to external systems automatically. Use Bulk API 2.0 for large-volume batch data loading/extraction (millions of records). These serve different integration patterns and are not interchangeable.

What sandbox types are available for the Deployment Architect exam?

Salesforce offers four sandbox types: Developer (smallest, metadata only, free with licenses), Developer Pro (metadata + 1GB data), Partial Copy (metadata + sample data subset, up to 5GB), and Full Copy (exact production replica including all data and metadata, 30-day refresh). The choice depends on use case: unit testing, integration testing, UAT, or performance testing.