SALESFORCE CERTIFICATION
Certified Platform Administrator II Practice Exam
Exam Number: 3702 | Last updated 14-Apr-26 | 2133+ questions across 7 vendor-aligned objectives
Designed for experienced administrators who have moved beyond basic configuration, the Certified Platform Administrator II exam validates advanced skills in security modeling, change management, and enterprise-scale Salesforce deployments. Candidates should be proficient with permission set groups, custom metadata types, and complex sharing models that handle thousands of users across multiple business units.
A full 25% of the exam targets Security and Access, covering permission set groups, login flows, session settings, and delegated administration. At 15%, Extending Custom Objects and Applications represents the single largest exam section, covering custom metadata types, platform events, and advanced relationship modeling. The exam allocates 15% to Data Management, covering data skew, large data volumes, data archival strategies, and duplicate management. These high-weight domains should anchor your study plan and receive the deepest attention.
Several supporting domains complete the exam outline. The largest portion of the exam — 15% — focuses on content management and change management, which spans sandboxes, change sets, deployment strategies, and release management. Roughly 10% of the questions address Auditing and Monitoring, which spans field history tracking, login history, setup audit trail, and debug logs. Sales Cloud Applications carries the heaviest weight at 10%, which spans advanced lead and opportunity management, territory management, and forecasting. A full 10% of the exam targets service cloud applications, which spans advanced case management, entitlements, milestones, and Knowledge. Do not overlook these sections — the exam regularly weaves them into multi-concept scenarios.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Salesforce documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
751
practice exam users
90%
satisfied users
97.1%
passed the exam
4.7/5
quality rating
Test your Certified Platform Admin Ii knowledge
10 of 2133+ questions
Question #1 - Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
A financial services company with 5,000 users reports that certain users can see records they should not have access to. The org uses a complex role hierarchy with sharing rules and permission set groups.
What should the administrator do first to diagnose the access issue?
A) Disable all permission set groups temporarily to isolate the issue
B) Run a sharing rule recalculation on the affected object
C) Use the ‘Sharing’ button on a specific record to check why access is granted
D) Review the system audit trail for recent sharing rule changes
Show solution
Correct answers: C – Explanation:
The Sharing button on a record shows exactly who has access and why, including role hierarchy, sharing rules, manual shares, and team membership. This is the most effective first diagnostic step. Running a recalculation is a corrective action, not diagnostic. The audit trail shows metadata changes but not current effective permissions. Disabling permission set groups is disruptive. Source: Trailhead: Data Security
Question #2 - Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
An enterprise company wants to delegate user management for a specific business unit to a regional manager without granting full System Administrator access.
Which feature should the administrator configure?
A) Create a custom app with a Visualforce page for user management
B) Configure delegated administration for the regional manager’s role
C) Assign the regional manager a permission set with Modify All Data
D) Create a custom profile with Manage Users permission
Show solution
Correct answers: B – Explanation:
Delegated administration allows administrators to assign specific user management tasks to designated groups without granting full admin privileges. The scope can be limited to specific roles and profiles. Granting Manage Users or Modify All Data is overly broad. Custom Visualforce solutions add unnecessary complexity for a built-in feature. Source: Trailhead: Identity Login Flows
Question #3 - Model and optimize data skew, large data volumes, and data archival strategies to ensure clean, scalable data structures that power accurate reporting and integrations
A large organization using Salesforce is experiencing performance issues with reports that run against an Account object with over 10 million records and significant data skew on the owner field.
What should the administrator recommend to address this data skew issue?
A) Redistribute record ownership so no single user owns more than 10,000 records
B) Enable Enhanced Analytics to bypass data skew limitations
C) Create a hierarchical custom object to replace the Account object
D) Switch all reports to asynchronous mode
Show solution
Correct answers: A – Explanation:
Account data skew occurs when a single user owns a disproportionately large number of records, causing lock contention and performance issues. Salesforce recommends redistributing ownership so no single user owns more than 10,000 records. Enhanced Analytics does not bypass skew issues. Replacing the Account object is impractical. Async reports help with timeout issues but do not resolve the underlying skew. Source: Salesforce Docs: Large Data Volumes Guide
Question #4 - Handle and manage field history tracking, login history, and setup audit trail to deliver reliable platform solutions that meet real-world business demands
The compliance team requires that all changes to the ‘Credit Limit’ field on the Account object be tracked and retained for seven years to meet regulatory requirements.
Which solution should the administrator implement?
A) Enable standard field history tracking for the Credit Limit field
B) Configure Field Audit Trail with a custom retention policy of seven years
C) Use the Setup Audit Trail to track all Account field modifications
D) Create a custom object to log changes via a record-triggered flow
Show solution
Correct answers: B – Explanation:
Field Audit Trail extends the standard field history tracking retention (18-24 months) to custom policies up to 10 years. This meets the seven-year regulatory requirement natively. Standard field history tracking alone would not retain data long enough. A custom logging object adds unnecessary complexity. Setup Audit Trail tracks metadata changes, not data field changes. Source: Salesforce Docs: SOAP API Reference
Question #5 - Manage and distribute sandboxes, change sets, and deployment strategies to deliver the right message to the right audience at the right moment across channels
A company needs to deploy a set of configuration changes from a full-copy sandbox to production, including custom fields, validation rules, and page layouts. They have multiple sandboxes for different projects running in parallel.
What deployment approach best supports their parallel development environment?
A) Deploy change sets from each sandbox directly to production simultaneously
B) Use a staging sandbox to merge changes from all project sandboxes before deploying to production
C) Manually recreate all changes in production to avoid deployment conflicts
D) Refresh all sandboxes from production before deploying any changes
Show solution
Correct answers: B – Explanation:
Using a staging sandbox to consolidate and test changes from multiple development sandboxes prevents conflicts and ensures compatibility before production deployment. Direct simultaneous deployments risk overwriting each other’s changes. Manual recreation is error-prone. Refreshing sandboxes would destroy in-progress development work. Source: Trailhead: SF DevOps
Question #6 - Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
A healthcare organization has configured login flows to verify additional credentials for users accessing sensitive patient data. Some users report being stuck in a login loop after the flow was activated.
What is the most likely cause of the login loop?
A) The login flow does not have a valid finish behavior that redirects users to the home page
B) The users’ profiles are not assigned to the login flow
C) The login flow is using a screen flow instead of an autolaunched flow
D) The session security level is set too high for the login flow
Show solution
Correct answers: A – Explanation:
Login flows must have a properly configured finish behavior, typically a redirect to the Salesforce home page. Without this, the flow restarts after completion, creating an infinite loop. Profile assignment determines who sees the flow but would not cause a loop. Session security levels affect MFA requirements, not flow behavior. Login flows can use screen flows with user interaction. Source: Salesforce Help: Login Flow
Question #7 - Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
A multinational corporation requires that users in the European subsidiary can only access Salesforce between 8:00 AM and 6:00 PM Central European Time on weekdays.
How should the administrator enforce this restriction?
A) Create a login flow that checks the current time and blocks access outside hours
B) Configure session settings to automatically log out users after 6:00 PM CET
C) Set login hours on the European subsidiary users’ profile to restrict access times
D) Use IP-based restrictions to limit access to European office networks only
Show solution
Correct answers: C – Explanation:
Login hours on a profile restrict when users assigned to that profile can log in, enforced by Salesforce based on the user’s timezone. Users already logged in will be logged out once their login hours expire. Login flows add complexity for a feature that is natively supported. Session timeout settings control inactivity, not access windows. IP restrictions limit where users log in from, not when. Source: Trailhead: Data Security
Question #8 - Structure and govern custom metadata types, platform events, and advanced relationship modeling to ensure clean, scalable data structures that power accurate reporting and integrations
An administrator needs to set up a custom metadata type to store integration endpoint URLs that differ between sandbox and production environments.
What is the key advantage of using custom metadata types for this purpose?
A) Custom metadata records are automatically encrypted at rest
B) Custom metadata types support workflow rule automation
C) Custom metadata records can be deployed between environments using change sets or packages
D) Custom metadata types allow real-time synchronization between orgs
Show solution
Correct answers: C – Explanation:
Custom metadata types are deployable through change sets, packages, and the Metadata API, meaning configuration values like endpoint URLs can be managed per environment and promoted through the release pipeline. They are not automatically encrypted, do not support workflow rules, and do not synchronize between orgs. Source: Trailhead: Custom Metadata Types
Question #9 - Configure and track advanced lead and opportunity management, territory management, and forecasting to shorten sales cycles, improve forecast accuracy, and maximize revenue capture
An organization uses Territory Management to distribute Accounts to sales teams. The VP of Sales wants a report showing forecast amounts rolled up by territory hierarchy.
Which feature should the administrator configure?
A) Build a custom report type based on the Territory object with opportunity rollups
B) Configure a joined report that merges territory assignments with opportunity forecasts
C) Enable Collaborative Forecasts with Territory hierarchy as the forecast type
D) Create a dashboard with filters for each territory
Show solution
Correct answers: C – Explanation:
Collaborative Forecasts supports Territory as a forecast hierarchy type, allowing forecasts to roll up through the territory structure rather than the role hierarchy. This is a native capability designed specifically for this use case. Custom report types and joined reports cannot replicate the hierarchical rollup behavior. Dashboards display data but do not perform territory-based aggregation. Source: Salesforce Help: Forecasts3 Territory Management
Question #10 - Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
A system administrator discovers through debug logs that a scheduled Apex job responsible for data cleanup is failing silently every night. The job’s status shows as ‘Completed’ in the Apex Jobs monitoring page.
Where should the administrator look next to identify the root cause?
A) The debug logs filtered for the running user of the scheduled job
B) The Email Logs section for system error notification emails
C) The Event Monitoring analytics for Apex execution events
D) The Setup Audit Trail for recent code changes
Show solution
Correct answers: A – Explanation:
Debug logs for the scheduled job’s running user will capture the actual execution details, including any caught exceptions that allow the job to complete without raising an unhandled error. Email logs only show email delivery. Setup Audit Trail tracks configuration changes. Event Monitoring provides high-level analytics but not granular error details. Source: Trailhead: Developer Console
Get 2133+ more questions with source-linked explanations
Every answer traces to the exact Salesforce documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated 14-Apr-26
Learn more...
What the Certified Platform Admin Ii exam measures
- Enforce and audit permission set groups, login flows, and session settings to safeguard sensitive data and enforce least-privilege access across the organization
- Structure and govern custom metadata types, platform events, and advanced relationship modeling to ensure clean, scalable data structures that power accurate reporting and integrations
- Handle and manage field history tracking, login history, and setup audit trail to deliver reliable platform solutions that meet real-world business demands
- Configure and track advanced lead and opportunity management, territory management, and forecasting to shorten sales cycles, improve forecast accuracy, and maximize revenue capture
- Deflect and automate advanced case management, entitlements, and milestones to reduce resolution times, improve customer satisfaction, and balance agent workloads
- Model and optimize data skew, large data volumes, and data archival strategies to ensure clean, scalable data structures that power accurate reporting and integrations
- Manage and distribute sandboxes, change sets, and deployment strategies to deliver the right message to the right audience at the right moment across channels
How to prepare for this exam
- Review the official exam guide to confirm you have covered every objective
- Review Salesforce’s advanced admin Trailhead trail — focus heavily on the security, sharing, and change management modules
- Set up a Developer Edition org and create a multi-layered sharing model with role hierarchy, sharing rules, and permission set groups to see how they interact
- Volunteer as a release manager for a Salesforce project at your company or join an open-source Salesforce initiative to gain real deployment experience
- Work through one exam objective at a time — start with Security and Access since it carries the highest weight
- Use PowerKram’s learn mode to study each objective in depth with source-linked explanations
- Switch to PowerKram’s exam mode to build stamina and test readiness under timed conditions
Career paths and salary outlook
Advanced administrators command premium salaries and often lead platform teams or transition into consulting roles:
- Senior Salesforce Administrator — $100,000–$140,000 per year, responsible for enterprise-scale org management (Glassdoor salary data)
- Salesforce Platform Manager — $115,000–$155,000 per year, overseeing multiple admins and driving platform strategy (Indeed salary data)
- Salesforce Consultant — $110,000–$160,000 per year, advising clients on platform optimization and best practices (Glassdoor salary data)
Official resources
Follow the official Advanced Administrator Learning Path on Trailhead. Review the official exam guide for the complete objective breakdown and passing score requirements.