Exam AP-211 Topic 1 Question 100 Discussion
Actual exam question for Salesforce's AP-211 exam
Question #: 100
Topic #: 1
Question #: 100
Topic #: 1
Bloomington Caregivers has identified the need to encrypt data to comply with the Health Insurance Portability and Accountability Act (HIPAA).
What are three key considerations when complying with HIPAA regulations using Salesforce Shield in conjunction with Bloomington Caregivers' data strategy?
Choose 3 answers
What are three key considerations when complying with HIPAA regulations using Salesforce Shield in conjunction with Bloomington Caregivers' data strategy?
Choose 3 answers
Suggested Answer: A,D,E Vote an answer
When complying with HIPAA using Salesforce Shield, Bloomington Caregivers must:
Encrypt sensitive data in transit and at rest:
Shield Platform Encryption ensures encryption at rest; Salesforce uses TLS for encryption in transit.
Extract:
"Salesforce Shield encrypts sensitive data at rest. Salesforce also encrypts data in transit using TLS." (Source: Salesforce Security Guide, Shield Platform Encryption Guide) Implement and regularly review audit trails:
Shield Event Monitoring and Field Audit Trail help monitor data access and modifications.
Extract:
"Implement audit trails and monitor them to detect unauthorized or suspicious activities." ([Source: Salesforce Security Guide, Shield Platform Encryption Guide]) Configure data retention policies:
Retain records for legally required periods to comply with HIPAA.
Extract:
"Data retention policies must comply with legal and regulatory requirements, including HIPAA." ([Source: Salesforce Security Guide]) Why not B or C?
Providing access to third-party auditors is not a Salesforce Shield requirement; such reviews are typically handled internally.
Using third-party backup solutions is not a core Shield/HIPAA control within Salesforce, and data residency must be managed with care.
Encrypt sensitive data in transit and at rest:
Shield Platform Encryption ensures encryption at rest; Salesforce uses TLS for encryption in transit.
Extract:
"Salesforce Shield encrypts sensitive data at rest. Salesforce also encrypts data in transit using TLS." (Source: Salesforce Security Guide, Shield Platform Encryption Guide) Implement and regularly review audit trails:
Shield Event Monitoring and Field Audit Trail help monitor data access and modifications.
Extract:
"Implement audit trails and monitor them to detect unauthorized or suspicious activities." ([Source: Salesforce Security Guide, Shield Platform Encryption Guide]) Configure data retention policies:
Retain records for legally required periods to comply with HIPAA.
Extract:
"Data retention policies must comply with legal and regulatory requirements, including HIPAA." ([Source: Salesforce Security Guide]) Why not B or C?
Providing access to third-party auditors is not a Salesforce Shield requirement; such reviews are typically handled internally.
Using third-party backup solutions is not a core Shield/HIPAA control within Salesforce, and data residency must be managed with care.
by Dunn at Jun 26, 2026, 07:00 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).