Configuration and Setup

Question 1

What is the benefit of entering trusted IP ranges in the Network Access section?

Answer 1

Users that login within the network will not be required to verify their identity

Question 2

Which are the Levels of Data Access?

Answer 2

Organization
Objects
Fields
Records

Question 3

Explain the Organization level of Data Access:

Answer 3

For your whole org, you can maintain a list of authorized users, set password policies, and limit logins to certain hours and locations.

Question 4

Explain the Objects level of Data Access:

Answer 4

Access to object-level data is the simplest thing to control. By setting permissions on a particular type of object, you can prevent a group of users from creating, viewing, editing, or deleting any records of that object.

Question 5

Explain the Fields level of Data Access:

Answer 5

You can restrict access to certain fields, even if a user has access to the object.

Question 6

Records level of Data Access:

Answer 6

You can allow particular users to view an object, but then restrict the individual object records they’re allowed to see.

Question 7

Which are the 4 ways you can manage record-level access?

Answer 7

Organization-wide defaults
Role hierarchies
Sharing rules
Manual sharing

Question 8

Organization-wide defaults:

Answer 8

specify the default level of access users have to each others’ records. You use org-wide sharing settings to lock down your data to the most restrictive level, and then use the other record-level security and sharing tools to selectively give access to other users.

Question 9

Role hierarchies:

Answer 9

give access for users higher in the hierarchy to all records owned by users below them in the hierarchy. Role hierarchies don’t have to match your organization chart exactly. Instead, each role in the hierarchy should represent a level of data access that a user or group of users needs.

Question 10

Sharing rules:

Answer 10

are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don’t own or can’t normally see. Sharing rules, like role hierarchies, are only used to give additional users access to records. They can’t be stricter than your organization-wide default settings.

Question 11

Manual sharing:

Answer 11

allows owners of particular records to share them with other users. Manual sharing isn’t automated like org-wide sharing settings, role hierarchies, or sharing rules.

Question 12

What can an Audit System Use do?

Answer 12

Record Modification Fields
Login History
Field History Tracking
Setup Audit Trail

Question 13

What Features Does Salesforce Identity Provide?

Answer 13

Single sign-on
Connected apps
Social sign-on
Multi-factor authentication
My Domain
Centralized user account management
User provisioning
App Launcher

Question 14

What is Single Sign-On?

Answer 14

Single sign-on (SSO) lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app.

Question 15

What is Social Sign-On?

Answer 15

With social sign-on, users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google.

Question 16

What is Connected Apps?

Answer 16

Connected apps bring Salesforce orgs, third-party apps, and services together. If a connected app is created without implementing SSO, it acts like a bookmark. Users can get to the app from the App Launcher or dropdown app menu, but they sometimes have to sign in again to use it.

So to get the most out of connected apps, configure them for SSO. With SSO, admins can set security policies and have explicit control over who uses which apps. You can also use connected apps to manage authentication and policies for mobile applications.

Question 17

What is Multi-Factor Authentication?

Answer 17

Multi-factor authentication (MFA) is a Salesforce Identity feature that is required for all users who log in directly to Salesforce.

Question 18

What is My Domain Identity feature?

Answer 18

You can customize your Salesforce URL to include your company or brand name.

Question 19

Salesforce requires you to have a My Domain in place to:

Answer 19

-Work in multiple Salesforce orgs in the same browser
-Set up single sign-on (SSO) with external identity vendors
-Set up authentication providers, such as Google and Facebook, so that your users can log in to your Salesforce org with their social account credentials

Question 20

Which are 3 Identity Standards and Protocols Salesforce uses?

Answer 20

SAML
OAuth 2.0
OpenID Connect

Question 21

What is SAML Protocol?

Answer 21

When you want users to move seamlessly between Salesforce orgs and applications without logging in repeatedly, you set up single sign-on (SSO).

Question 22

Which protocol makes the SAML work?

Answer 22

Security Assertion Markup Language (SAML)

Question 23

What is SAML and XML?

Answer 23

SAML is an XML-based protocol, which means that the packages of information being exchanged are written in XML. XML is supposed to be (almost) human-readable so that you can get some idea of what’s going on.

Question 24

What is OAuth 2.0 Protocol?

Answer 24

OAuth (Open Authorization) 2.0 is an open protocol used to allow secure data sharing between applications. The user works in one app but sees the data from another. For example, you’re logged in to your Salesforce mobile app and see your data from your Salesforce org.

Question 25

What is OpenID Connect Protocol?

Answer 25

The OpenID Connect protocol adds an authentication layer on top of OAuth 2.0 to enable secure exchange of user information. Like SAML, OpenID Connect sends identity information from one service to another. Unlike SAML, OpenID Connect is built for today’s world of social networks.

Question 26

What is the the advantage of the OpenID Connect protocol for users

Answer 26

they can reduce the number of separate accounts, usernames, and passwords.

Question 27

What is the difference between Service Providers and Identity Providers?

Answer 27

In the process of authenticating users, SAML exchanges identity information between the holder of the information, called an identity provider (IdP), and the desired service, called a service provider.

In the case where a user logs in to Salesforce and then accesses Gmail, Salesforce is the identity provider, and Google is the service provider.

Question 28

Can you delete an user?

Answer 28

No, you can only freeze and deactivate them.

Question 29

Steps to Restrict Login Hours on a Profile:

Answer 29

–Setup.
–Profiles.
–Click on the desired profile
–Login Hours click Edit
–set up the schedule

Question 30

Steps to restrict the Login IP Range on a Profile

Answer 30

–Setup.
–Profiles.
–Click on the desired profile
–Under Login IP Ranges
–New

Question 31

Steps to set Log in as Any User:

Answer 31

–Setup
–Login Access Policies
–Select the Enabled checkbox next to Administrators Can Log in as Any User.
–Save.

Question 32

Field history tracking data is available for how many months?

Answer 32

18

Question 33

Password Policies can be applied to which 2 levels of security?

Answer 33

Organization
Profile

Question 34

T/F
Profile Password settings override the Org-Wide password policies for the specific user

Answer 34

True