Heroku-Architect Practice Test

Universal Containers (UC) has a front-end web application and a back-end service application running on Heroku. The applications are running in the Common Runtime. Now, UC wants to prevent any public access to the back-end application. Which two Heroku features should an Architect propose?

A. Private Space VPN Connections

B. Private Spaces DNS Service Discovery

C. Heroku Internal Routing

D. Apache Kafka on Heroku

A hospital wants to build a mobile app that allows patients to check the status of submitted insurance claims, which the hospital stores in Salesforce Health Cloud. The app's back end will run on Heroku. Which two measures should an Architect recommend to help ensure that the app is compliant with HIPAA? (Choose two.)

A. Use Heroku Shield Connect to sync claim data from Salesforce to a Heroku Postgres database.

B. Use only Heroku Shield Postgres databases to store claim data outside of Salesforce Health Cloud.

C. Ensure that the back-end application's codeencrypts all claim data before writing it to a Heroku Postgres database.

D. Ensure that the mobile app can only run when on the hospital's intranet, which is connected to the back end's Shield Private Space via VPN.

A client wants to create a set of applications that all communicate with each other.Only one of the applications should be accessible from the public internet. This application will act as an API gateway and route requests to the interbak applications using HTTPS. Which architecture should an Architect recommend?

A. Create all of the appsin a Private Space. Configure the Private Space's trusted IP ranges to only permit requests from within the Private Space

B. Create the API gateway application in the Common Runtime. Create all of the internal apps in a Private Space.

C. Create all of theapps in the Common Runtime. Ensure that the internal apps do not define a web process type.

D. Create all of the apps in a Private Space Create the internal apps with Internal Routing enabled. Create the gateway app as a web app

A client's Heroku web application displaysdata that is fetched from a back-end file storage system. The client now wants this data to be viewable, but not editable, from their Salesforce org. Which recommendation should an Architect make in this scenario?

A. Replicate the files to tables in a Heroku Postgres database, and use Heroku Connect to synchronize the tables to the Salesforce org.

B. Store all file URLs in a Heroku Postgres table, and use Heroku Connect to synchronize the table to the Salesforce org.

C. Replicate the files to tables in aHeroku Postgres database, and use Heroku External Objects to expose the tables to the Salesforce org.

D. Replicate the files to the application's local filesystem, and use worker dynos to periodically sync them to the Salesforce org.

Universal Containers is developing a Salesforce app thatinvokes a Heroku app's web service, which asynchronously generates customer invoices. The Heroku app is deployed to a Private Space. When an invoice is ready, the Heroku app sends a POST request to the Salesforce REST API. Which two options should an Architect recommend to ensure that neither the Salesforce nor the Heroku app is accessible from the public internet? Choose 2 answers.

A. Restrict the Private Space's trusted IP range to Salesforce IP addresses

B. Restrict the Private Space's trusted IP range to Universal Containers' VPN

C. Restrict the Salesforce connected app's login IP ranges to Universal Containers' VPN

D. Restrict the Salesforce connected app's login IP ranges to the stable outbound IP addresses of the Private Space