User Interface 2-6 Flashcards
(21 cards)
What types of resources are included in a Lightning Component bundle?
Choose 3 answers.
A. JavaScript code
B. SVG file
C. Apex code
D. PNG file
E. CSS file
A. JavaScript code, B. SVG file, E. CSS file
JavaScript, SVG, and CSS files are valid resource types included in a Lightning Component bundle.
🧠 Explanation:
A Lightning Component bundle includes:
✅ JavaScript code – for client-side logic.
✅ SVG file – for custom icons used in App Builder.
✅ CSS file – for styling components.
❌ Apex code – is not included directly in the bundle; it is referenced separately.
❌ PNG file – image files are not part of the component bundle.
🔗 Documentation:
https://developer.salesforce.com/docs/atlas.en-us.228.0.lightning.meta/lightning/ref_bundle_comp.htm
https://developer.salesforce.com/docs/atlas.en-us.lightning.meta/lightning/components_bundle_overview.htm
📚 Additional resources:
- Trailhead module: https://trailhead.salesforce.com/content/learn/modules/lex_dev_lc_basics
- GitHub examples: https://github.com/trailheadapps
- Video overview: https://www.youtube.com/watch?v=Dr4Kk5gImhE
A developer of Cosmic Solutions is building a Lightning web component that will allow the current user to search for an account record, view the account details, get additional information about the account from an external system in real time, and update the account and related records using the entered information. The company is using a private sharing model for account records. However, the Lightning web component should allow the current user to access any account record that is stored in Salesforce, regardless of whether the user can view the record. The developer will be creating an Apex controller to perform actions like retrieving and updating the account record. Which of the following are valid considerations related to this use case?
Choose 2 answers.
A. An @AuraEnabled Apex controller enforces the current user’s CRUD permissions and field-level security by default.
B. The behavior of an @AuraEnabled Apex controller that does not use a sharing keyword defaults to ‘with sharing’.
C. Enforcing sharing rules in an @AuraEnabled Apex controller impacts DML operations but not SOQL queries.
D. The Apex controller must use the ‘without sharing’ keyword to bypass sharing rules that apply to the user.
A. An @AuraEnabled Apex controller enforces the current user’s CRUD permissions and field-level security by default.
D. The Apex controller must use the ‘without sharing’ keyword to bypass sharing rules that apply to the user.
🧠 Explanation:
✅ Option A is correct because @AuraEnabled methods enforce the current user’s CRUD and field-level security permissions by default.
✅ Option D is correct because ‘without sharing’ allows the Apex controller to ignore the private sharing model and access records the user normally could not see.
❌ Option B is incorrect: If no sharing keyword is used, the controller defaults to ‘without sharing’, not ‘with sharing’.
❌ Option C is incorrect: Sharing rules affect both DML operations and SOQL queries.
🔗 Documentation:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_security_sharing_rules.htm
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_keywords_sharing.htm
📚 Additional resources:
- https://trailhead.salesforce.com/content/learn/modules/apex_integration_services
- https://trailhead.salesforce.com/content/learn/modules/data_security
- https://www.youtube.com/watch?v=WvJ_jT_y-G0
The IT Director of Cosmic Solutions would like to prevent Cross-Site Request Forgery (CSRF) attacks on the company’s website. Which of the following is the specific defense mechanism provided by Salesforce that can prevent these attacks?
Choose 1 answer.
A. Anti-CSRF Security
B. CSRF Protection
C. Security Token
D. Anti-CSRF Token
D. Anti-CSRF Token
🧠 Explanation:
✅ Option D is correct. Within the Lightning platform, Salesforce implements an anti-CSRF token as a hidden field in pages. This token is validated on each page load to ensure that the request is legitimate. This specific token is the actual mechanism Salesforce uses to protect against CSRF.
❌ Option A refers to the general concept of anti-CSRF security, not a specific mechanism.
❌ Option B (CSRF Protection) is too generic; while true in theory, it doesn’t name the exact mechanism.
❌ Option C (Security Token) is unrelated and used mainly for API authentication.
🔗 Documentation:
Reset Your Security Token
Cross-Site Request Forgery (CSRF)
📚 Additional resources:
- OWASP CSRF Overview: https://owasp.org/www-community/attacks/csrf
The Salesforce developer of Cosmic Lights has created a few Visualforce pages that contain external links. They want to prevent the browser from loading scripts disguised as other file types when users access external content and websites via these links. What default feature would be helpful for this purpose?
A. Lightning Web Security
B. Content Security Policy Protection
C. Cross-Site Request Forgery Protection
D. Content Sniffing Protection
✅ D. Content Sniffing Protection
🧠 Explanation:
- ✅ D. Correct: Content Sniffing Protection prevents browsers from trying to interpret (or “sniff”) the MIME type of a file differently than declared. This is critical when opening external links, as it protects users from scripts disguised as benign file types (like images or documents).
❌ Incorrectas:
- A. Lightning Web Security: Applies to Lightning Web Components, not to Visualforce pages.
- B. Content Security Policy (CSP): Helps mitigate XSS and data injection attacks, but does not directly address MIME-type sniffing.
- C. CSRF Protection: Prevents unauthorized actions from authenticated users — unrelated to file/script interpretation from external content.
🔗 Documentación oficial:
- Clickjack and Content Sniffing Protection in Salesforce
- Salesforce Security Guide – Browser Security Settings
📚 Recursos adicionales:
- Trailhead: Application Security
- OWASP - MIME Sniffing
A custom screen component is being developed for a screen flow that is used for sending documents to an offline storage platform. The Salesforce developer would like to improve the user experience when an administrator configures the screen component in Flow Builder by utilizing a custom property editor. For example, there are different sets of fields required depending on the authentication method selected for connecting to the storage platform. Only the necessary fields can be displayed in the property editor based on the selection. Which of the options below are valid statements related to the requirement?
Choose 2 answers.
A. A custom property editor can be registered for a custom screen component by defining the name of the custom editor in the screen component’s JavaScript controller.
B. The automaticOutputVariables public property should be exposed in the custom property editor’s JavaScript controller to access automatically stored values in Flow Builder.
C. The automaticOutputVariables public property should be defined in the custom property editor’s configuration file to access automatically stored values in Flow Builder.
D. A custom property editor can be registered for a custom screen component by defining the name of the custom editor in the screen component’s configuration file.
✅ B. The automaticOutputVariables public property should be exposed in the custom property editor’s JavaScript controller to access automatically stored values in Flow Builder.
✅ D. A custom property editor can be registered for a custom screen component by defining the name of the custom editor in the screen component’s configuration file.
🧠 Explanation:
- ✅ B. Correct: Exposing a public property named automaticOutputVariables in the JavaScript controller of the custom property editor allows it to access automatically stored values like record collections or return values of Flow elements.
- ✅ D. Correct: The custom property editor is registered in the configuration file (.js-meta.xml) of the custom screen component using the configurationEditor tag.
❌ Incorrectas:
- A: El editor no se registra en el JavaScript controller, sino en el archivo de configuración.
- C: El atributo automaticOutputVariables no se define en el archivo de configuración, sino como propiedad pública en el JavaScript controller.
🔗 Documentación oficial:
- Custom Property Editors for Flow Screen Components
- Use automaticOutputVariables in Property Editors
📚 Recursos adicionales:
- Trailhead: Build Screen Flows with Custom Components
- Salesforce LWC Dev Guide: Configuration File Elements
A Lightning message channel called “SampleChannel” is used by custom Lightning components and a Visualforce page on a Lightning page for sending and receiving messages. A Salesforce developer is creating a custom Lightning web component and needs to publish messages in the channel whenever a user has completed processing a record using the custom component so that other components on the page can respond to the update if necessary. Which of the following can be used in order to reference the Lightning message channel in the component’s client-side controller?
Choose 1 answer.
A. import sampleChannel from “@salesforce/messageService/SampleChannel”;
B. import sampleChannel from “@salesforce/messageChannel/SampleChannel__c”;
C. import sampleChannel from “@salesforce/messageChannel/SampleChannel”;
D. import sampleChannel from “@salesforce/messageService/SampleChannel__s”;
✅ B. import sampleChannel from “@salesforce/messageChannel/SampleChannel__c”
🧠 Explanation:
The correct way to import a Lightning Message Channel (LMC) into a Lightning Web Component is through the scoped module @salesforce/messageChannel/ChannelName\_\_c. Even though \_\_c is generally associated with custom objects, in this case it is also the proper suffix for custom metadata types like LightningMessageChannel.
This allows the component to subscribe to or publish messages on the channel via Lightning Message Service.
❌ Why the others are incorrect:
- A: @salesforce/messageService/... is not a valid import path for channels.
- C: Missing the required \_\_c suffix.
- D: \_\_s is not a recognized suffix for message channels.
🔗 Official documentation:
- Lightning Message Service Overview
- Metadata Reference: LightningMessageChannel
📚 Additional resources:
- Trailhead: Lightning Web Components and Salesforce Data
- Blog: How to Use Lightning Message Service in LWC
A Salesforce developer is building a Lightning web component, which acts as the source component that contains buttons that allow users to navigate to specific URL-addressable Lightning web components. Which of the following are valid statements in this scenario?
A. The lightning/navigation module can be used by the source component to navigate to URL-addressable components.
B. The lightning__UrlAddressable target is used to enable a Lightning web component to be addressable via a page URL.
C. URL-addressable components follow the URL format /lightning/addressable/c__MyComponent?c__myProperty=myValue.
D. Parameters can be passed via the state object where the data type of the property can be a string, number, or boolean.
A, B
✅ A. The lightning/navigation module allows Lightning Web Components to navigate to other components, including URL-addressable components.
✅ B. The lightning\_\_UrlAddressable target in the targets section of a component’s meta file enables the component to be navigated to via a URL.
❌ C. The correct format includes a double underscore, but the URL should follow /lightning/cmp/c\_\_MyComponent rather than /lightning/addressable/....
❌ D. Parameters are passed using the state object, but only when navigating programmatically using the NavigationMixin, not via the URL in lightning\_\_UrlAddressable pages.
🔗 Documentación oficial:
- Make a Component URL Addressable
- NavigationMixin Reference
📚 Recursos adicionales:
- Build URL-Addressable Components Trailhead Module
- LWC Navigation Patterns
Where can a developer use Visualforce in Lightning Experience?
A. Standard Page Layout
B. Navigation Bar
C. Setup Home Page
D. Custom App
E. Chatter Feed
A, B, D
✅ A. Standard Page Layout: Developers can embed Visualforce pages directly into standard page layouts using the Visualforce Page component in the Lightning App Builder.
✅ B. Navigation Bar: Visualforce pages can be added as navigation items in a custom Lightning app.
✅ D. Custom App: A Visualforce page can be included as a tab in a custom app, making it accessible from the Lightning interface.
❌ C. Setup Home Page: Visualforce pages cannot be embedded directly into the Setup Home Page.
❌ E. Chatter Feed: Visualforce pages are not supported directly within the Chatter Feed UI.
🔗 Official Documentation:
- Visualforce in Lightning Experience
- Add Visualforce Pages to Lightning Apps
📚 Additional Resources:
- Trailhead: Build UI with Visualforce
- Embed Visualforce in Lightning App Builder
The Chief Technology Officer of Cosmic Fitness Solutions is concerned about SOQL injection that can be used by attackers to access otherwise restricted data in the company’s Salesforce org. Which of the following methods should an architect recommend in order to prevent SOQL injection attacks?
A. JSENCODE()
B. Static queries and bind variables
C. String.escapeSingleQuotes()
D. Allowlisting
E. Lightning Platform ESAPI
B, C, D
✅ B. Static queries and bind variables: This is the best practice to prevent SOQL injection. Binding variables to the query ensures that input values are properly escaped and safe.
✅ C. String.escapeSingleQuotes(): This method escapes single quotes in input strings, helping to prevent SOQL injection when dynamic queries are necessary.
✅ D. Allowlisting: This is a security approach where only a defined set of safe values are accepted. It’s useful for validating user input before using it in queries.
❌ A. JSENCODE(): This is used for escaping JavaScript, not SOQL queries. It doesn’t protect against SOQL injection.
❌ E. Lightning Platform ESAPI: While ESAPI (Enterprise Security API) exists in some web frameworks, Salesforce does not offer a native ESAPI implementation for Apex.
🔗 Official Documentation:
- SOQL Injection Prevention
- Apex Developer Guide: Escaping Strings
📚 Additional Resources:
- Trailhead: Secure Apex Code
- OWASP Guide on Injection Prevention
Which of the files below can the $ContentAsset global value provider reference?
A. images
B. CSS files
C. HTML files
D. JavaScript files
E. font files
A, B, D
✅ A. images: Image files such as .png, .jpg, and .gif can be stored in Content Assets and referenced using $ContentAsset in Lightning components.
✅ B. CSS files: Stylesheets uploaded as Content Assets can be referenced via $ContentAsset to apply styling dynamically in components.
✅ D. JavaScript files: JavaScript files used for frontend logic can be included as Content Assets and accessed using $ContentAsset, especially when loading scripts via <ltng:require>.
❌ C. HTML files: HTML files are not supported via $ContentAsset; they are generally included as part of static resources for iframes or similar purposes.
❌ E. font files: Fonts are typically loaded through CSS via static resources or CDN links, not directly referenced via $ContentAsset.
🔗 Official Documentation:
- $ContentAsset Global Value Provider
- Salesforce Help: Manage Content Assets
📚 Additional Resources:
- Trailhead: Work with Static Resources and Content Assets
- Salesforce Developer Forums: Use Cases for $ContentAsset
An Aura component bundle contains a component or an app and all its related resources. Which of the following resources are part of the standard component bundle?
A. Renderer
B. Documentation
C. Fonts
D. Images
E. Helper
A, B, E
✅ A. Renderer: Aura components can have a custom renderer (.js file) that overrides the framework’s default rendering behavior.
✅ B. Documentation: The documentation file in a component bundle allows developers to describe how the component should be used. It can include usage examples, descriptions, and specifications.
✅ E. Helper: The helper JavaScript file contains reusable functions that can be called from the component’s controller or renderer, promoting code reuse and separation of concerns.
❌ C. Fonts: Fonts are not a component resource; they are typically included via static resources or external CSS.
❌ D. Images: Images are not stored within the component bundle itself; they are managed through static resources or content assets.
🔗 Official Documentation:
- Component Bundle Contents (Aura)
📚 Additional Resources:
- Trailhead: Aura Components Basics
- Salesforce Dev Guide: Bundle Components
A developer has created an Aura application named ‘MyAuraApplication’, which contains an Aura component called ‘AuraParent’. The ‘AuraParent’ component contains a nested component called ‘AuraChild’. When the page is loaded, in what order will the init() events of the app and components fire?
A. AuraParent > MyAuraApplication > AuraChild
B. AuraChild > AuraParent > MyAuraApplication
C. AuraParent > AuraChild > MyAuraApplication
D. MyAuraApplication > AuraParent > AuraChild
B
✅ B. The init() events fire starting from the innermost component (child) and then move outward towards the parent components and finally to the application. So the order is AuraChild → AuraParent → MyAuraApplication.
❌ A. Incorrect because AuraParent cannot fire before AuraChild when loading nested components.
❌ C. Incorrect because the app should be the last to fire, not the middle.
❌ D. Incorrect because the application (MyAuraApplication) fires its init() after the contained components.
🔗 Documentación oficial:
- Aura Components Developer Guide - Component Lifecycle
📚 Recursos adicionales:
- Trailhead: Build Aura Components
- Salesforce Developer Blog: Mastering Aura Component Events
What is true about how Salesforce deals with cross-site scripting (XSS) attacks?
A. Custom JavaScript is protected from XSS.
B. Visualforce tags always escape XSS-vulnerable characters and this cannot be disabled
C. All standard Visualforce components, which start with <apex>, have anti-XSS filters in place.
D. Salesforce has implemented filters that screen out harmful characters in most output methods as one of the anti-XSS defenses.</apex>
✅ C. All standard Visualforce components, which start with <apex>, have anti-XSS filters in place.</apex>
✅ D. Salesforce has implemented filters that screen out harmful characters in most standard output methods as an anti-XSS measure.
🔗 Documentación oficial:
Security Guidelines for Apex and Visualforce Development
A developer has a requirement to customize the Account record page so that it includes an inline list of related opportunities and a search field to help users easily find records. What are the simplest options to achieve this requirement?
A. Embed the search component into the Account page layout or Lightning record page
B. Create and embed a Visualforce page into the Account Lightning record page
C. Build a Visualforce page to include the related lists and search field and a Visualforce tab
D. Create and embed a Visualforce page into the Account page layout
B,D
✅ B. A Visualforce page can be embedded into a Lightning record page using the Visualforce Lightning Component. This allows standard functionality to be easily extended without complex custom development.
✅ D. A Visualforce page can be embedded into a standard page layout if its standard controller matches the object (Account in this case), providing a simple integration solution.
❌ A. Incorrect: There is no standard search component available for embedding into page layouts or Lightning record pages.
❌ C. Incorrect: Building a full Visualforce page plus a custom tab adds unnecessary complexity compared to embedding Visualforce pages directly into the layout.
🔗 Documentación oficial:
Override Standard Buttons and Tab Home Pages
Considerations for Overriding Standard Buttons
📚 Recursos adicionales:
Which statement is true about overriding standard action buttons?
A. Buttons that appear on the edit page of a record can be overridden.
B. A standard button such as New, View, or Edit can be overridden for Salesforce Classic, Lightning Experience, and Mobile on the same screen.
C. When the New button for the Account object is overridden, the override only takes effect on the New button in the Account detail page.
D. If the Delete button on an object is overridden with a Visualforce page, and the object has a delete trigger, clicking Delete will always fire the trigger.
B
✅ B. A standard button such as New, View, or Edit can be overridden across Salesforce Classic, Lightning Experience, and Mobile, making it the most flexible and correct option.
❌ A. Incorrect: Buttons on the edit page itself (like Save or Cancel) cannot be overridden—only standard action buttons like New, Edit, View, and Delete can be overridden.
❌ C. Incorrect: Overriding the New button applies in more than just the detail page, such as list views or related lists.
❌ D. Incorrect: If the Delete button is overridden, the custom logic may skip the standard delete operation, meaning the trigger won’t necessarily fire unless explicitly coded.
🔗 Documentación oficial:
📚 Recursos adicionales:
- Trailhead: Customize a Salesforce Object
- Salesforce Developer Docs: Lightning Component Button Overrides
An application was developed for customer service agents and uses an Apex method to update records. To ensure that the application does not update records or fields that the current user does not have access to, the DML operation should always be executed in user mode. If ‘cases’ represents the records that need to be updated, which of the following options can be used to meet the requirement?
A. Database.update(cases, true, AccessLevel.USER_MODE);
B. Database.updateAsUser(cases);
C. update cases AccessLevel.USER_MODE;
D. System.runAs([SELECT Id FROM User WHERE ID = :UserInfo.getUserId()]) { update cases; }
“A
✅ A. The correct syntax to perform a DML operation in user mode is Database.update(records, true, AccessLevel.USER_MODE). This ensures that field- and object-level security are respected based on the current user’s access.
❌ B. Database.updateAsUser() is not a valid Apex method and does not exist in the language.
❌ C. update cases AccessLevel.USER_MODE; is not valid Apex syntax and would cause a compilation error.
❌ D. System.runAs() is used for unit test context only, not in runtime code. It is ignored outside of test methods.
🔗 Documentación oficial:
- User Mode for DML Operations
- Database Methods
📚 Recursos adicionales:
- Trailhead: Apex Basics & Database
- Salesforce Developer Blog: Respecting User Access with User Mode DML
A Salesforce developer needs to surface an Aura component on a Lightning record page. Which of the following can they do to achieve this?
A. Implement the ‘flexipage:availableForRecordHome’ interface on the Aura component.
B. Implement the ‘flexipage:availableForAllPageTypes’ interface on the Aura component.
C. Implement the ‘force:hasRecordId’ interface on the Aura component.
D. Implement the ‘force:hasSObjectName’ interface on the Aura component.
“A,B
✅ A. flexipage:availableForRecordHome allows the Aura component to be available for Lightning record pages, which is the key requirement here.
✅ B. flexipage:availableForAllPageTypes makes the component available for all types of Lightning pages, including Home, App, and Record Pages. This increases flexibility and matches the use case.
❌ C. force:hasRecordId is used to retrieve the recordId, but it doesn’t control component visibility on a page. It’s useful, but not the correct interface for surfacing the component.
❌ D. force:hasSObjectName is helpful to get the object’s API name (e.g., Account), but not required to surface the component on a Lightning page.
🔗 Documentación oficial:
- Implement Interfaces to Make Aura Components Available
- Aura Component Developer Guide
📚 Recursos adicionales:
- Trailhead: Lightning App Builder
- Salesforce Developer Guide - flexipage interfaces
Which of the following are considered security vulnerabilities in Apex and Visualforce development?
A. Cross-Site Scripting
B. SOQL Injection
C. Cross-Site Request Forgery
D. Cross-Site Injection
E. SOQL Forgery
“A,B,C
✅ A. Cross-Site Scripting (XSS) is a common vulnerability where malicious scripts are injected into trusted web pages. Visualforce pages must escape output properly to avoid this.
✅ B. SOQL Injection occurs when untrusted input is concatenated directly into a SOQL query, allowing attackers to manipulate queries and potentially access unauthorized data.
✅ C. Cross-Site Request Forgery (CSRF) tricks a user into executing unwanted actions in an application in which they’re authenticated. Salesforce has built-in CSRF protection, but developers should avoid bypassing it.
❌ D. Cross-Site Injection is not a recognized term in the context of web security. It may be a confusion with XSS or SQL Injection.
❌ E. SOQL Forgery is not a standard or documented vulnerability classification. The correct term is SOQL Injection.
Salesforce allows running a specific DML operation in user mode or system mode. To explicitly set the running context of a DML operation using the Database class, the ‘AccessLevel’ class is used. For example:
SOQL Injection involves taking user-supplied input and using those values in a dynamic SOQL query. If the input is not validated, it can include SOQL commands that effectively modify the SOQL statement and cause the application to perform unintended commands.
In Cross-Site Request Forgery (CSRF), the attacker’s page contains a malicious URL that performs an action on a website a user is authenticated with. For example, if the user is still logged into the website and lands on the attacker’s web page, clicking on a specially crafted URL on that page can perform actions on the website on behalf of the user.
SOQL Forgery and Cross-Site Injection are not valid security vulnerability terms in Salesforce.
🔗 Documentación oficial:
- Salesforce Security Guide: Protect Against SOQL Injection
- Cross-Site Scripting (XSS) in Visualforce
- Salesforce CSRF Protection
📚 Recursos adicionales:
- Trailhead: Secure Your Code
- OWASP Top 10 Web Application Security Risks
Apex and Visualforce pages are prone to data access control issues, such as exposing sensitive records that are hidden from normal users. Which approach helps address these issues?
A. Use the [with sharing] keyword in Apex classes
B. Use the [without sharing] keyword in Apex classes
C. Use the [non-shareable] keyword in Apex classes
D. Use the [shareable] keyword in Apex classes
“A
✅ A. Using the with sharing keyword in Apex classes enforces sharing rules, ensuring that record-level access is respected when Apex runs. This prevents exposing data that the user shouldn’t see.
❌ B. The without sharing keyword ignores sharing rules, which is risky for data visibility, especially in Visualforce or exposed classes.
❌ C. non-shareable is not a valid Apex keyword. This option is incorrect.
❌ D. shareable is related to object-level sharing annotations used for Apex classes that access data via relationships, but does not enforce sharing rules at the record level.
🔗 Documentación oficial:
- Apex Developer Guide – Using the with sharing and without sharing Keywords
📚 Recursos adicionales:
- Trailhead: Data Security
- Trailhead: Apex Basics & Database
A custom Lightning application that will be used to integrate with an external client-facing web portal needs to be developed. If users should be able to access the application directly using a standalone URL, which option represents the required base markup of the application that would meet the requirement?
A.
<aura:application> ... </aura:application>
B.
<aura:component> ... </aura:component>
C.
<aura:component standalone="true"> ... </aura:component>
D.
<template> ... </template>
A
✅ A. The <aura:application> tag defines a Lightning application that can be accessed via a standalone URL. It is required when you want to launch a Lightning Aura app independently.
❌ B. <aura:component> is used to define components that are embedded in apps, not directly accessed via URL.</aura:component>
❌ C. The attribute standalone=”true” doesn’t apply to <aura:component>; only applications can be accessed directly.</aura:component>
❌ D. <template> is used in Lightning Web Components (LWC), and those require additional configuration (e.g., Lightning App Page or Community) for standalone access.</template>
🔗 Official Documentation:
Introducing Aura Components
Create Aura Components in the Developer Console
📚 Additional Resources:
- Build Apps with Aura Components
A Salesforce developer is creating a Lightning web component to ease the Lead to Opportunity conversion process in the org. Which of the following are true regarding the various types of content inside a Lightning web component? Choose 3 answers.
A. If the component doesn’t render UI, it doesn’t require an HTML file
B. The client-side controller of the component contains Apex code to define the logic
C. An SVG resource can be added to the component to be used as a custom icon in Lightning App Builder
D. The JavaScript file defines the metadata values of the component
E. A CSS file can be added to style the component
A, C, E
✅ A. HTML file is not required if the component doesn’t render UI, which is valid for service or utility components.
✅ C. You can include an .svg file to define a custom icon for display in the Lightning App Builder.
✅ E. A .css file can be used to apply scoped styling to the component.
❌ B. Apex logic is not written in the JavaScript controller. JS communicates with Apex classes via @AuraEnabled.
❌ D. Metadata like targets and properties is defined in the .xml configuration file, not the JavaScript.
🔗 LWC Bundle Structure
🔗 LWC SVG Icon Guide
🔗 CSS Styling for LWC
