Configuration and setup III (20%)

Question 1

How do you create a new user in salesforce. And then what happens when you create one?

Answer 1

setup>users>new

1. account verification link will be sent via email
2. a password is created
3. a security question is created

Question 2

Why are user licenses required and what’s the difference b/w feature and user licenses to grant access to features

Answer 2

user licenses are required because you have to determine the level of access to the org and which profiles can be selected.

feature licenses entitle users to access additional features not included with the user license.

Question 3

How can multiple users be added to salesforce.
How many can you add at once
consideration before you do it in respect to licenses and what could be a work around to that consideration

Answer 3

You can add multiple users at one time (up to 10)
setup>users>add multiple users
they all will be assigned the same license

to create more at a time you’ll need to use the data loader application.

Question 4

What is the use of login history to troubleshoot login issues

Answer 4

Login history pages provides information on past login attempts.

Examples
Login status: Indicates success or reason for failure

Question 5

Identify the options for resetting passwords and what if the administrator needs to reset multiple at once

Answer 5

It can be reset by themselves or by the administrator.

administrator can reset multiple accounts at once

Question 6

How can an administrator unlock or unfreeze and account

Answer 6

from the users detail page

Question 7

What is freezing a user

Answer 7

its what done to prevent users access to the org

Question 8

What are the considerations related to user deactivation?

Answer 8

It takes time to do so if the user is involved in a lot of processes, in the mean time they can be frozen, until that is handled.

Question 9

What is the use of delegated administration groups?

Answer 9

Can be created to help administrators spread out certain tasks.

Question 10

How can an Admin log in as another user?

Answer 10

setup>login access> “Make sure that enabled> go to any user profile

Question 11

What are some of the most common user access issues?(

Answer 11

passwords are case-sensitive, wrong username, locked due to too many failed login attempts, wrong URL, IP restrictions, outside of login hours, account not verified, sandbox url

Question 12

What are the required fields for user creation? (8)

Answer 12

Last Name, Alias, Nickname, Email, username, user license, profile

Question 13

Permission set vs permission set licenses

Answer 13

Permission set licenses, you can assign more permissions to users than their user license supports.

Permission sets extend users’ functional access without changing their profiles.

Question 14

Can a user be deleted?

Answer 14

No users are permanent, their records cannot be deleted

Question 15

what is the failed login attempts section on the user detail section mean?

Answer 15

how many failed login attempts they have, once you reach the limit you’re locked out and have to have at least one successful login the number resets to 0

Question 16

when would you freeze a user?

Answer 16

when deactivating them isn’t an immediate option

Question 17

how does freezing an account affect the license?

Answer 17

It doesn’t, for a license to be available the user must be deactivated

Question 18

what can users in a delegated group do?

Answer 18

manage users, manage permission sets, unlock and reset passwords, assign profiles, manage custom objects, create public groups

Question 19

How does Setup Audit Trail work to monitor setup changes?

Answer 19

Helps track the recent setup changes that admins have made to their org, Shows 20 most recent setup changes. Shows: date of change, who made it, and what the change was

Question 20

How do you use password policies to implement restrictions related to password requirements

Answer 20

by creating settings that govern the login and password rules for all users in your org

Question 21

What are the different types of user authentication

Answer 21

Single Sign-On

Multi-Factor Authentication

Question 22

What level can you set login hours

Answer 22

at the profile level but not at the org level

Question 23

what is device activation

Answer 23

Acts as a second form of user authentication. its triggered when a user log in from an un recognized browser or device. browser wont be asked again unless cookies have been cleared

Question 24

what is login forensics and what does it allow for

Answer 24

Allows salesforce admins to monitor login behavior and keep a sales org secure.

-Things you can monitor-

+ Suspicious login activity,
+ Who logged in more than the average number of times
+ Average number of logins per user per a specified time period
+ Who logged in during business hours,
+ Who logged in using suspicious IP ranges

Question 25

what is security health check

where do you set it up

Answer 25

Helps in identifying, and fixing potential vulnerabilities in key areas of the security settings.
setup>health check

Question 26

Where does Fields, and Page Layouts security level fall under?

Answer 26

Field level security

Question 27

What are some of the password policies

Answer 27

Password can’t contain a user’s username, and can’t match a users first or last name.

Password must contain at least eight characters including one alphabetic character and one number.

Security Question answer can’t contain the user’s password.

When users change their password, they cannot reuse their last three passwords

Question 28

at what level can passwords policies be set at?

and what overrides what

Answer 28

organization or profile level

Profile password policies override the Organization-wide password policies for that profile’s users

Question 29

What are some of the password policies

Answer 29

Password can’t contain a user’s username, and can’t match a users first or last name.

Password must contain at least eight characters including one alphabetic character and one number.

Security Question answer can’t contain the user’s password.

When users change their password, they cannot reuse their last three passwords

passwords expire for all users the default is after 90 days but this can be changed

Question 30

How does single sign-on work?

Answer 30

allows users in the org to login to salesforce and other applications using single user credentials.

Question 31

What options are available for implementing single sign-on capability to simplify and standardize user authentication?

Answer 31

Federated authentication and delegated authentication

Question 32

Federated authentication

Answer 32

Allows for affiliated but unrelated web services to share authentication data.

automatically enabled for an org

Question 33

Delegated authentication

Answer 33

allows for the usage of preferred authentication provider.

stronger form of user authentication and makes the login page private and accessible only behind a corporate firewall

Question 34

org-wide session settings

Answer 34

are settings that configure the session time while your online

Question 35

session timeout

Answer 35

can be configured to log out inactive users after the specified length of time. or can force sessions time out at a specified time.

Question 36

session locking

Answer 36

sessions can be locked to the IP address for which they originated or the domain in which they were first used. This helps prevent unauthorized hijacking of a live session

Question 37

Session Security Levels

Answer 37

access to certain types of resources can be restricted based on the security level (standard or high assurance)

Question 38

High assurance sessions

Answer 38

Are meant for operations that require a higher level of security for sensitive data. Policies can be set to require high assurance security level reports, dashboards, and connected apps

Question 39

What is IP restrictions and where can it be specified at

Answer 39

Is a way to control access to salesforce organization. It can be set at the profile level and the organization level

Question 40

what must be true in order for a use to login without verifying identity?

Answer 40

If inside trusted IP for org and profile, and Within login hours,

Question 41

Verification is done via the highest priority verification method available list them from highest to lowest

Answer 41

salesforce authenticator mobile app> U2F security Key > One-Time Password Generator>SMS Text Message>Email

Question 42

what are the percentages associated with every risk level in health check?

Answer 42

Urgent: 0-33%
High Risk/Medium risk: 34%-66%
Acceptable: 67%-100%

Question 43

My Domain Capabilities

Answer 43

allows for the addition of a subdomain
allows for highlighting the brand
allows for SSO
replaces URL

Question 44

What do profiles determine?

Answer 44

Object access and permissions

Object: which objects a user can access

Permissions: what those users can do with the records of that object. can be set to; Create, Read, Edit, Delete, View All/Modify All

Question 45

OWD determines access to what?

Answer 45

to users’ data for records they do NOT own

Question 46

Considerations to take into account when decreasing or increasing OWD default access

Answer 46

when increasing access it will take effect immediately, when decreasing access it will take some time for salesforce to re-calculate use access.

Question 47

OWD sharing defaults: What does Public read/write/transfer mean?

Answer 47

users can view, edit, and change ownership ( only for leads and cases )

Question 48

OWD sharing defaults: What does Public Read/Write mean?

Answer 48

Allows users to view and edit other users records

Question 49

OWD sharing defaults: What does Public Read only mean?

Answer 49

Allows for users to view other users records but not edit

Question 50

OWD sharing defaults: What does Private mean?

Answer 50

User cannot see other users records unless it is shared or if the user above the record owner in the role hierarchy

Question 51

OWD sharing defaults: What does controlled by parent mean?

Answer 51

Users can preform an action based on if they can perform the action on the parent object. Example:

contact actions are controlled by the actions available on an account

Question 52

Campaign: Public full access

Answer 52

User can view, edit, transfer, delete and report on all campaign records

Question 53

Campaign Member: Controlled by Campaign

Answer 53

Only users who have access to the campaign are able to see the details of the campaign members related to the campaign

Question 54

Campaign Member: Controlled by Campaign Member

Answer 54

Users can only see the campaign members whose lead or contact records they already have access to.

Question 55

what is the order of record access levels from most restrictive to least

Answer 55

1. Access to objects is first defined at the object level for a user profile for records a user owns
2. OWD settings open up access to records the user does not own for specific objects
3. Role hierarchy
4. sharing rules open up record access to users whos OWD settings are set to anything more restrictive than Public Read/Write
5. Individual records can then be manually shared

Question 56

what are the record access levels from most restrictive to least

Answer 56

• Object*: Profile object permissions and permission sets
• OWD settings*: Determines access to record a user does not own
• Role hierarchies*
• Sharing Rules*: access is granted based on record owner or criteria
• Manual Sharing*: Users can manually share records with other users

Question 57

What is field level security

Answer 57

controls the visibility to data within records at the field level

Question 58

What is Role hierarchy

Answer 58

Grants access to records to users that have a role above the record owner

Question 59

What is manager group access?

Answer 59

Allows users to share records up and down their management chain

Question 60

Manual sharing

Answer 60

Allows for users to share records with other users on a one-off basis

Question 61

how do you make the sharing button visible on user detail pages

Answer 61

Sharing settings> Edit> Scroll to the bottom and check manual user record sharing

Question 62

how to you enable manual sharing button?

Answer 62

setup>sharing settings>edit>all the way down

Question 63

sharing rules

Answer 63

extend the access that have been established via OWD and role hierarchy

Question 64

what is a users access to reports and dashboards determined by?

Answer 64

combination of user permissions

Question 65

User Permissions for Reports & Dashboards: Run Reports

Answer 65

Allows users to run reports

Question 66

User Permissions for Reports & Dashboards: Schedule Reports

Answer 66

Allows users to schedule reports

Question 67

User Permissions for Reports & Dashboards: Subscribe to dashboards

Answer 67

Allows users to subscribe to dashboards

Question 68

User Permissions for Reports & Dashboards: Report Builder

Answer 68

Allows users to create, edit, and delete reports in public and private folders

Question 69

User Permissions for Reports & Dashboards: Create and customize reports

Answer 69

Allows users to create, edit, and delete reports in the ‘my personal custom reports’ folder

Question 70

User Permissions for Reports & Dashboards: Create and customize dashboards

Answer 70

Allows a user to create, edit, and delete reports in the ‘My Personal custom Dashboards’

Question 71

User Permissions for Reports & Dashboards: Manage reports in public folders

Answer 71

When this permission is assigned, a user can create, edit, and delete reports and manage their sharing in all public report folders

Question 72

User Permissions for Reports & Dashboards: Manage Dashboards in public folders

Answer 72

When this permission is assigned, a user can create, edit, and delete dashboards, and manage their sharing in all public dashboard folders

Question 73

how can reports and dashboards shared?

Answer 73

through enhanced folder sharing

Question 74

Public groups

Answer 74

can be used in an organization and may contain specific users, users in particular roles or territories

used for sharing rules, folder access sharing records etc.

Question 75

who can create public groups?

Answer 75

only admins

Question 76

How can reports and dashboards shared?

Answer 76

through enhanced folder sharing

Question 77

How do you enable manager groups?

Answer 77

setup> share settings> manager groups

Question 78

Access to reports and dashboards are determined by the access level of what?

Answer 78

the folders in which their contained in.

Question 79

What is the viewer access level for folders allow for?

Answer 79

for a user to view reports and dashboards

Question 80

What is the editor access level for folders allow for?

Answer 80

Allows a user to do what a viewer can do, but they can also save, delete, or rename a report or dashboard inside the folder

Question 81

What is the manager access level for folders allow for?

Answer 81

Allows a user to do what an editor can do, but they can also share or delete a folder, change the folders name, and change the folders sharing settings

Question 82

what is a standard profile?

Answer 82

Standard profiles are existing profiles in an org which can be assigned to users and cloned but cannot be edited

Question 83

what is a custom profile?

Answer 83

Profile that can be created by cloning an existing profile. It can be fully customized based on security requirements

Question 84

what are the two types of settings for profiles?

Answer 84

app settings: include settings that are specific to app and objects

system settings: Include settings that apply to all apps such as security settings and overall data visibility.

Question 85

what are 6 standard profiles?

Answer 85

Standard user, Contract manager, Minimum Access - Salesforce, Marketing User, Solution Manager, System Administrator

Question 86

what are the three permission categories in salesforce

Answer 86

App Permissions:
control what actions can be performed in different apps.

Custom Permissions:
must be enabled, they’re used to grant access to custom apps or processes

System Permissions:
grant access to actions that are org-wide

Question 87

What are permission sets used for?

Answer 87

to expand user privileges beyond what their profile allows

Question 88

What are permission sets used for?

Answer 88

to expand user privileges beyond what their profile allows

Question 89

Permission set group

Answer 89

groups permission sets together, so you don’t have to assign individual sets to a group one by one