DATA SECURITY Flashcards

1
Q

Where is the ““TRUSTED IP range set up at?

A

Under the company “org” settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where are log in hours and IP RANGE set up at?

A

Under profiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What determines what home page(APP) you will land on once signing in?

A

Individual role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is object access based on?

A

Profile and permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can RECORDS under an OBJECT be access if the profile dont have access to the OBJECT?

A

No, in order to access the records of an object, the profile would need access to the actual object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the MINIMUM access of an OBJECT is needed to view the RECORD of that OBJECT?

A

Read access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What key decisions that affects the security of your ORG?

A

Choosing the data set each user or group of users can see

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does assigning different data sets to different sets of users do?

A

balance security
convenience
reduce the risk of stolen or misused data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How many levels can you control data access ?

A

4 levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the four levels you can control data access?

A

whole org,
a specific object,
a specific field,
or an individual record.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can you control data access within your ORG?

A

Create and maintain a list of authorized users
set password policies
limit logins to certain hours and locations (iP address)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How can you control data access with OBJECTS?

A

object-level data is the simplest to control.
Three ways to control object-level access:
1)Set permissions on an object to prevent a group of users from creating, viewing, editing, or deleting any records of that object

2) use profiles to manage the objects that users can access and the permissions they have for each object.
3) use permission sets and permission set groups to extend access and permissions without modifying users’ profiles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can you control data access with FIELDS?

A

By restricting access to certain fields, even if a user has access to the object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can you control data access with a RECORD?

A

Manage record-level access in these four ways:

1) Organization-wide
2) Role hierarchies
3) Sharing rules
4) Manual sharing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can you control data access with a RECORD ORG WIDE?

A

Use org-wide sharing settings to lock down your data to the most restrictive level

Then use the other record-level security and sharing tools to selectively give access to other users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you control data access with a RECORD WITH ROLE HIERARCHIES?

A

Users higher in the hierarchy have access to all records owned by users below them in the hierarchy.

role hierarchies don’t have to match your org chart yet should represent a level of data access that a user or group of users needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How can you control data access with a RECORD WITH SHARING RULES?

A

are automatic exceptions to organization-wide defaults for particular groups of users, so they can get to records they don’t own or can’t normally see. Sharing rules, like role hierarchies, are only used to give additional users access to records. They can’t be stricter than your organization-wide default settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

How can you control data access with a RECORD WITH MANUAL SHARING?

A

allows owners of particular records to share them with other users. Although manual sharing isn’t automated like org-wide sharing settings, role hierarchies, or sharing rules, it can be useful in some situations, in the absence of record owner

19
Q

When should an Audit System use be done?

A

Regularly to detect potential abuse and unexpected changes or patterns of use.

20
Q

What is Login History

A

review a list of successful and failed login attempts for the past six months

21
Q

What is Field History Tracking

A

Auditing automatically track changes in the values of individual fields. Although field-level auditing is available for all custom objects and SOME standard objects.

22
Q

How do you as SF ADM Control Access to the Organization(ORG)

A

by managing authorized users,
setting password policies,
limiting when and where users can log in.

23
Q

What does every Salesforce user has?

A

username,
password,
a single profile

24
Q

What does the profile determine for an user?

A

what tasks users can perform,

what data they see, what they can do with the data.

25
Q

What happens after an user is create in SF?

A

Salesforce auto-generates a password and notifies new users immediately via email

26
Q

Can user be deleted from SF?

A

No, they can only be deactivated and froze.

27
Q

Can deactivate users log in?

A

No, Deactivated users lose access to ALL records. However, you can still transfer this data to other users and view the names on the Users page.

28
Q

What are the ways an ADM can configure users’ passwords to ensure they are strong and secure?

A

Password policies
User password expiration
User password resets
Login attempts and lockout periods

29
Q

What can ADM do with Password policies

A

Specify amount of time before all users’ passwords expire

Set level of complexity required for passwords.

30
Q

User password expiration does?

A

Expire the passwords for all the users in your org, except for users with “Password Never Expires” permission.

31
Q

User password resets

A

Reset the password for specified users.

32
Q

Login attempts and lockout periods are

A

If a user is locked out due to too many failed login attempts, you can unlock the person’s access.

33
Q

What can you access the password policies settings

A

SETUP>QF “Password Policies>FILL IN PROMPTS (DECIDE WHAT YOUR WANT THE PASSWORD TO BE)

34
Q

When IP address is cached in your browser?

A

The first time you log in to Salesforce

35
Q

To bypass verifying your identity when signing in SF thru multiple IP address you can?

A

By Specifying Trusted IP Ranges for the Org

36
Q

How do you Specify Trusted IP Ranges for the Org?

A

Setup> Quick Find box>Network Access>New

Enter the start and end point of the range of trusted IP addresses, and click Save.

37
Q

Can user log in outside the TRUSTED IP range?

A

Yes, by verifying your identity by entering a verification code.

38
Q

What happens if you do not set up TRUSTED IP for ORG?

A

By default, Salesforce doesn’t restrict locations for login access. If you do nothing, users can log in from any IP address.

39
Q

How to Restrict Login Access by IP Address Using Profiles

A
Setup, >
Quick Find box, >
Profiles,>
Select a profile and click its name>
Click Login IP Ranges. If you don't have Enhanced Profile Interface enabled, scroll down to the Login IP Range related list.
Click New.
40
Q

Can an user log in if their PROFILE restricted IP range?

A

Profiles who are outside the trusted range can’t log in. When using profile IP ranges, there are no verification codes to worry about - a user is either in or out.

41
Q

Can an user log in if their PROFILE restricted hours?

A

If users are logged in when their login hours end, they can continue to view their current page, but they can’t take any further action.

42
Q

How to Restrict Login Access by Time?

A
Setup>
Quick Find box, enter Profiles>
Click the profile you want to change.>
Under Login Hours, click Edit.
Set the days and hours when users with this profile can log in to the organization.
43
Q

how to do allow users to log in at any times?

A

To allow users to log in at any time, click Clear all times.

under setup-profiles

44
Q

How do you prohibit users from using the system on a specific day?

A

set the start and end times to the same value.( under setup-profiles)