40 Salesforce Admin Interview Questions and Answers

Here are top 40 Salesforce Admin Interview Questions and Answers:

1. What are the different types of flows in Salesforce, and when should each be used?

Salesforce offers several types of flows:

• Screen Flows: Include user inputs and are ideal for guided forms (e.g., surveys or multi-step record creation).
• Record-Triggered Flows: Run automatically when records are created/updated/deleted. They replace most Process Builder use cases.
• Scheduled Flows: Execute at a specified time and are used for batch updates (e.g., sending renewal reminders every Monday).
• Auto-Launched Flows: Triggered from Apex, processes, or other flows and run in the background without UI.

Choosing the right flow ensures performance and automation scalability.

2. What is the difference between “Before Save” and “After Save” in Record-Triggered Flows?

• Before Save Flows are executed before a record is committed to the database, making them ideal for field updates. They’re fast and reduce automation overhead.
• After Save Flows run after the record is saved and are useful for actions that rely on the record ID (like related record creation or sending notifications).

3. How does Salesforce handle governor limits, and why should admins care?

Salesforce imposes governor limits to ensure fair resource usage. These include:

• 10 synchronous flows per transaction
• 100 SOQL queries
• 150 DML statements

Admins should build automation efficiently (e.g., combine field updates, avoid recursion) to avoid hitting these limits, which can cause flow or process failures.

4. What is Field History Tracking, and how is it different from Field Audit Trail?

• Field History Tracking: Tracks changes on standard/custom fields for up to 20 fields per object (limited to 18 months of retention).
• Field Audit Trail: A paid feature that extends history tracking up to 10 years and includes custom retention policies.

5. What is the difference between Profile, Permission Set, and Permission Set Group?

• Profile: The base-level access for users.
• Permission Set: Grants additional permissions beyond profiles.
• Permission Set Group: Bundles multiple permission sets into one manageable group.

Use permission set groups to reduce admin overhead and enable scalable permission models.

6. What are login IP ranges and login hours?

• Login IP Ranges (per Profile): Restrict users to log in only from approved IPs.
• Login Hours: Restrict user access to specific times (e.g., 9 AM – 6 PM).

They enforce security and are crucial for compliance-heavy industries.

7. How do you manage record-level security with Manual Sharing and Apex Sharing?

• Manual Sharing: Allows users to share records with other users manually through the UI.
• Apex Sharing: Programmatic record sharing through custom logic, useful in complex sharing scenarios.

Admins define sharing models and build extensions where default sharing rules fall short.

8. What is a dynamic form, and how does it improve user experience?

Dynamic Forms allow admins to configure visibility rules at the field level without needing page layouts. You can:

• Show/hide fields based on conditions
• Group related fields visually.
• Improve performance by only rendering necessary fields.

This gives users a cleaner, more responsive UI.

9. How can you optimize reports and dashboards for performance?

• Use filters and report types effectively.
• Avoid large datasets—use bucket fields or summary filters.
• Schedule heavy reports to run during off-hours.
• Use joined reports sparingly.

Efficient reporting leads to better decision-making and faster dashboard loads.

10. What are cross-object formula fields, and what are their limitations?

Cross-object formulas pull data from parent objects into child records. For example, displaying an account’s type on an opportunity.

Limitations:

• Work only in one direction (child to parent).
• Can’t reference sibling or unrelated objects.
• Count against formula compile size limits.

11. What is the purpose of the “View All” and “Modify All” permissions?

• View All: Grants read access to all records of an object, regardless of ownership.
• Modify All: Grants full access (read/write/delete) to all records.

These override sharing rules and should be assigned cautiously, typically to system admins only.

12. What is a custom metadata type, and when should you use it over custom settings?

Custom metadata types store configuration data and support deployment through change sets and packages. Use them to:

• Store feature flags
• Configure integrations
• Define business logic.

Unlike custom settings, they’re deployable and version-controlled.

13. What is delegated administration?

Delegated Administration allows non-admin users to manage specific tasks like

• Resetting passwords
• Creating users in assigned roles
• Assigning permission sets

This decentralizes admin tasks while preserving overall security.

14. What is Session Timeout and Lockout Policy in Salesforce Security?

• Session Timeout: Defines how long a user can remain inactive before being logged out (e.g., 30 minutes).
• Lockout Policy: Defines how many failed login attempts are allowed before the user is locked out.

These settings ensure your org complies with security best practices.

15. What is the difference between a lookup filter and a validation rule?

• Lookup Filter: Filters picklist options or lookup record selections.
• Validation Rule: Stops users from saving a record unless it meets certain conditions.

Use lookup filters to guide data entry and validation rules to enforce data quality.

16. How can an admin troubleshoot performance issues in a Salesforce org?

Admins can:

• Use the Lightning Usage App to identify slow components.
• Check debug logs for slow-running flows or processes.
• Optimize list views and reduce related list load.
• Ensure clean data and reduce large attachments.

Performance tuning is essential for user adoption.

17. What are High Assurance Sessions in Salesforce?

High Assurance Sessions are triggered when users access sensitive data or apps. Admins can require multi-factor authentication (MFA) or login from trusted IPs to enhance security.

18. What is a deployment connection, and how is it used?

Deployment Connections control inbound and outbound metadata deployments between related orgs like Sandboxes and Production. They ensure controlled and secure release processes.

19. What is Change Data Capture (CDC)?

CDC is an event-based system that tracks changes to records and sends real-time notifications to external systems. It’s ideal for syncing data across platforms.

Admins can use it to replace frequent polling in integrations.

20. What is the Metadata API, and how is it different from the Tooling API?

• Metadata API: Used to deploy or retrieve configuration (e.g., custom fields, page layouts).
• Tooling API: Focused on development tools and diagnostics like Apex classes, logs, etc.

Admins use the Metadata API for CI/CD pipelines and backups.

21. What is Shield Platform Encryption?

Shield Encryption protects sensitive data at rest using stronger encryption keys than the standard classic encryption. It’s essential for industries like healthcare or finance, where data protection is legally required.

22. What are login flows?

Login flows allow admins to define custom logic after user authentication. For example:

• Prompting users for MFA setup
• Accepting terms and conditions
• Routing different users to different dashboards

23. How do you handle data deduplication in Salesforce?

Data duplication can reduce CRM effectiveness and lead to unreliable reporting. Admins can handle deduplication using

• Duplicate Rules: Define matching criteria and actions like allowing, blocking, or alerting.
• Matching Rules: Specify how fields are compared (exact match, fuzzy logic).
• Third-party tools: Like DemandTools or DupeCatcher for more advanced deduplication.

You can also build deduplication logic with Flows or Apex Triggers in complex cases.

24. What is a global picklist, and why is it useful?

Global picklists (aka global value sets) are reusable picklist value lists shared across multiple fields and objects. Benefits include:

• Centralized management of picklist values
• Enforced consistency across departments or apps
• Easy translation and value updates

They’re ideal when the same list (e.g., “Status” or “Region”) is used in multiple objects.

25. What is the difference between a sandbox and a scratch org?

• Sandbox: A replica of your production org used for development, testing, and training. Types include Developer, Partial Copy, and Full Copy.
• Scratch Org: A temporary org used in Salesforce DX for development/testing. They’re created via CLI and last up to 30 days.

Admins typically use sandboxes, but in DevOps or CI/CD environments, scratch orgs offer more flexibility and automation.

26. What are external lookup and indirect lookup relationships?

These relationships link Salesforce objects to external data via:

• External Lookup: Links a child object in Salesforce to an external object using a unique external ID.
• Indirect Lookup: Links an external object to a standard/custom object using an external ID.

Useful for integrating ERP, databases, or legacy systems.

27. What is the purpose of queue-based assignment rules?

Queues allow records (leads, cases, etc.) to be routed to a group of users. With assignment rules, incoming records can automatically

• Be assigned to queues based on criteria
• Notify queue members.
• Improve load balancing and response times.

Admins can also use Flows to push complex routing.

28. What are Shield Event Monitoring and Field Audit Trail?

Both are part of Salesforce Shield, which adds advanced security layers:

• Event Monitoring: Tracks user activity, like logins, downloads, or API usage — useful for security audits.
• Field Audit Trail: Allows retention of field history beyond 18 months (up to 10 years).

Admins use these to support regulatory compliance and forensic investigations.

29. How can you ensure data consistency across integrations?

Admins should:

• Use external IDs for mapping records.
• Enable Upsert in Data Loader/API to avoid duplicates.
• Leverage Platform Events and Change Data Capture (CDC) for real-time sync.
• Use named credentials and external services for secure integration.

Monitoring logs and using Flow error handling also help maintain reliability.

30. How do record types affect Salesforce usability and customization?

Record types let admins:

• Display different page layouts per business scenario.
• Control available picklist values
• Segment data (e.g., B2B vs. B2C accounts)

However, too many record types can lead to complexity. Best practice is to use them only when behavior or data entry is significantly different.

31. What are transaction security policies in Salesforce?

Transaction Security allows real-time actions (block, alert, etc.) based on specific user behavior. For example:

• Block downloads of reports outside business hours.
• Alert when data is exported unusually fast.
• Restrict API access by IP range.

Admins use them to harden org security against insider and outsider threats.

32. What is multi-factor authentication (MFA), and how do you enforce it?

MFA adds a second layer of verification (e.g., SMS, Salesforce Authenticator, or a security key). Admins can enforce MFA via:

• Session Settings
• Login Flows
• Permission Set Assignments

From February 2022, Salesforce requires MFA for all users accessing the UI.

33. How do permission set expiration dates work?

Admins can assign a permission set for a limited time — perfect for:

• Temporary access (e.g., contractors or new hires)
• Security compliance
• Auditing and lifecycle control

This avoids manual revocation and ensures better governance.

34. What are Dynamic Actions in Lightning App Builder?

Dynamic Actions allow field visibility and action buttons to be conditionally shown based on:

• Record field values
• User permissions or profiles
• Device type (mobile/desktop)

They simplify Lightning Pages and reduce the number of page layouts.

35. How do you use custom permissions?

Custom permissions control user access to custom functionality without creating new profiles or roles. You can reference them in:

• Validation rules
• Apex code
• Flows
• Lightning Components

This gives flexible control over feature availability.

36. What is a junction object, and why is it used?

Junction objects create many-to-many relationships between two objects using two master-detail relationships. Example: A “Course Enrollment” object connecting “Students” and “Courses.”

They support:

• Advanced reporting
• Shared record ownership
• Relationship-based automation

37. What is the Lightning App Builder, and how is it used?

The Lightning App Builder allows admins to:

• Customize app pages, home pages, and record pages.
• Drag-and-drop components
• Apply conditional visibility.

Admins use it to create personalized, role-specific experiences without code.

38. How can you use Flow Orchestration in complex business processes?

Flow Orchestration coordinates multiple flows and user interactions over time. Use it when:

• A process spans multiple departments.
• Human approval and automated logic are combined.
• You need pause/resume checkpoints.

It’s ideal for onboarding, case escalation, or contract workflows.

39. What is the AppExchange, and how should admins evaluate apps?

AppExchange is Salesforce’s marketplace for apps and components. When selecting

• Check ratings and reviews.
• Ensure security compliance (e.g., Security Review Passed)
• Test in a sandbox first.

A bad app can affect performance, cost, or data integrity — admins must vet wisely.

40. What are Apex Triggers, and why should admins understand them?

While admins don’t write Apex, understanding triggers is key to

• Debugging issues
• Avoiding automation conflicts
• Collaborating with developers

Admins should know how to read trigger context (before/after insert, bulk-safe logic) and recognize when Flow or Apex is better suited.