Data Security

Question 1

____—provide the bluntest way to control data access. You can prevent a user from seeing, creating, editing, or deleting any instance of a particular object type, such as a lead or opportunity, by using ______. You can hide tabs and objects from selected users, so that they don’t even know that type of data exists.

Answer 1

Object-level security—or object permissions

object permissions

Question 2

____ are collections of settings and permissions that determine what a user can do in the application

Answer 2

Permission sets and profiles

Question 3

____ are defined by a user’s job function, such as Salesforce admin or sales representative. You can assign one _____ to many users, but you can assign only one _____ per user.

(same word all 3)

Answer 3

profiles

Question 4

You can use ______ to grant more ____ and access settings to users. Now it’s easier to manage users’ _____ and access because you can assign multiple ______ to a single user.

Answer 4

permission sets

permissions

Question 5

control whether a user can see, edit, and delete the value for a particular field on an object. You can protect sensitive fields without hiding the entire object.

Answer 5

Field-level security—or field permissions

Question 6

____ control the visibility of fields in any part of the app, including related lists, list views, reports, and search results.

Answer 6

Field permissions

Question 7

____ lets you give users access to some object records, but not others.

Answer 7

Record-level security

Question 8

In a hierarchy, users higher in the hierarchy always have the same access to users below them in the hierarchy. T/F

Answer 8

T

Question 9

To specify record-level security, set your organization-wide sharing settings, define a hierarchy, and create sharing rules

Answer 9

Organization-wide

Role hierarchy

Sharing rules

Manual sharing

User sharing

Apex managed sharing

Restriction rules

Scoping rules

Question 10

With ____ rules you can set criteria to help your users see only records that are relevant to them. ____ rules don’t restrict the record access that your users already have. They ____ the records that your users see. Your users can still open and report on all records that they have access to per your sharing settings.

Answer 10

scoping

Question 11

When a ____ rule is applied to a user, the data that they had read access to via your sharing settings is further scoped to only records matching the record criteria that you set. This behavior is similar to how you can filter results in a list view or report, except that it’s permanent

Answer 11

restriction

Question 12

If sharing rules and manual sharing don’t provide the required control, you can use ____ ____ ____. ____ allows developers to programmatically share custom objects. When you use ____ on a custom object, only users with the Modify All Data permission can add or change the sharing on the custom object’s record. The sharing access is maintained across record owner changes.

Answer 12

Apex managed sharing

Question 13

With _____, you can show or hide an internal or external user from another user in your organization. ______ rules are based on membership to a public group, role, or territory, so you must create the appropriate public groups, roles, or territories before creating ______. Each _____ shares members of a source group with members of the target group. Users inherit the same access as users below them in the role hierarchy.

Answer 13

User sharing

Question 14

Sometimes it’s impossible to define a consistent group of users who need access to a particular set of records. Record owners can use _____ to give read and edit permissions to users who don’t have access any other way. _____ isn’t automated like organization-wide sharing settings, role hierarchies, or sharing rules. But it gives record owners the flexibility to share records with users that must see them.

Answer 14

Manual sharing

Question 15

With _____ you can make automatic exceptions to organization-wide sharing settings for sets of users. Use _____ to give these users access to records they don’t own or can’t normally see. _____, like role hierarchies, are only used to give more users access to records—they can’t be stricter than your organization-wide default settings.

Answer 15

sharing rules

Question 16

After you specify organization-wide sharing settings, the first way to give wider access to records is with a ______. Similar to an organization chart, a _______ is the level of data access that a user or group of users needs. The _______ ensures that users higher in the hierarchy can always access the same data as users who are lower, regardless of the organization-wide default settings. Each role in the hierarchy can represent a level of data access that a user or group of users needs rather than matching your organization chart

Answer 16

role hierarchy

Question 17

The first step in record-level security is to determine the _____ for each object. ______ specify the default level of access that users have to each others’ records.

Answer 17

Organization-wide sharing settings

Question 18

You use ____ to lock your data to the most restrictive level. Use the other record-level security and sharing tools to selectively give access to other users.

Answer 18

organization-wide sharing settings

For example, users have object-level permissions to read and edit opportunities, and the organization-wide sharing setting is Read-Only. By default, those users can read all opportunity records, but can’t edit any unless they own the record or are granted other permissions.

Question 19

_____ lets you give the right people the right access to the right resources at the right time.

Answer 19

Salesforce Identity

Question 20

_____ lets users access all authorized resources without logging in separately to each one—and without having to create (and remember) different user credentials for each app

Answer 20

Single sign-on (SSO)

Question 21

And what are those “authorized resources” that your signed-on users have access to?

Answer 21

connected apps

Question 22

With ______ users log in to a Salesforce org with their username and password from an external authentication provider, like Facebook, Twitter, LinkedIn, or Google. You can set up any of these providers with a few clicks. With a little bit of work, you can set up other providers, like PayPal and Amazon.

Answer 22

social sign-on

Question 23

Social sign-on is especially useful when you want customers to be able to log in to an _____ site without having to create (and remember) a new username and password. Customers can log in to an ______ site using their Facebook or LinkedIn account

same word

Answer 23

Experience Cloud

Question 24

users have to provide two or more pieces of evidence—or factors—when they log in. One factor is the user’s username and password combination. The requirement for additional factors is satisfied through the use of a verification method that the user has in their possession, such as an authenticator app or a Universal Second Factor (U2F) security key.

Answer 24

multi-factor authentication

Question 25

authentication helps ensure that even if an attacker acquires a user’s password, the attacker can’t log in and do harm.

Answer 25

multi-factor authentication

Question 26

With the _____, you can customize your Salesforce URL to include your company or brand name. With the ______ feature, you can customize your login page to reflect your company’s design scheme and messaging—your brand.

Answer 26

My Domain Identity feature

Question 27

____ user account management means that admins can manage all their user account tasks in one place. Administrators can easily grant users access to other apps and revoke or freeze access when they have to.

Answer 27

Centralized

Question 28

_____ provides greater control over security, helps reduce access-related risk, and makes life easier for end users.

Answer 28

centralized management

Question 29

Many people with Salesforce accounts also have accounts in other clouds, such as Google Apps, Office365, Concur, or Box. ____ ______ provides a single location where admins can create, update, delete, and manage those user accounts.

Answer 29

Salesforce user provisioning

Question 30

The ______ presents tiles for all the standard apps, custom apps, and connected apps in your Salesforce org

Answer 30

App Launcher

Question 31

How do admins and businesses benefit from Salesforce Identity?

Answer 31

Convenient one-click access to all apps so users can be more productive

Question 32

What’s the difference between single sign-on (SSO) and social sign-on?

Answer 32

With Single Sign On (SSO) users can access services without logging in to each one. With social sign on users can access a service using their social account credentials

Question 33

And if you’re up for a bit of coding, you can create a custom authentication provider plug-in to authenticate users with any provider that uses ____.

Answer 33

OAuth

Question 34

Identity solutions benefit only employees

Answer 34

My Domain

Identity Connect

User Provisioning

Question 35

Identity solutions benefit only customers

Answer 35

Communities

Self-Registration

Question 36

Identity solutions benefit both customers and employees

Answer 36

Connected Apps

App Launcher

Single Sign On

Profiles and permission sets

Two factor Authentication

Auth Providers (Social Sign on)

Question 37

How do users benefit from Salesforce Identity?

Answer 37

They can use one username and password to access everything they need.

Question 38

Which of the following is a benefit for customers and partners but not employees

Answer 38

Communities & Self-Registration

Question 39

What is important to consider when customizing user registration for your org or site?

Answer 39

Launching other business processes to support registration

Question 40

_____ provides important information for diagnosing potential security issues or dealing with real ones. Someone in your organization should _____ regularly to detect potential abuse

Answer 40

Auditing, audit

Question 41

All objects include fields to store the name of the user who created the record and who last modified the record. This provides some basic auditing information.

Answer 41

Record Modification Fields

Question 42

You can review a list of successful and failed login attempts for the past six months

Answer 42

Login History

Question 43

You can turn on auditing to automatically track changes in the values of individual fields.

Answer 43

Field History Tracking

Although field-level auditing is available for all custom objects, only some standard objects allow it

Question 44

_____ logs when modifications are made to your organization’s configuration.

Answer 44

Setup Audit Trail

Question 45

What are the methods for controlling record-level access

Answer 45

Organization-wide
Role hierarchies
Sharing rules
Manual sharing

Question 46

You can configure access to data at all of the following levels

Answer 46

Organization, Objects & Records

Question 47

Each user is assigned one ___. Users can be assigned one or more ____ sets.

Answer 47

one profile

permission sets

Question 48

A user’s ____ determines the objects they can access and the things they can do with any object record (such as create, read, edit, or delete).

Answer 48

profile

Question 49

_____ sets grant additional permissions and access settings to a user.

Answer 49

Permission

Question 50

The ____ in a user’s profile determine whether the user can see a particular app, tab, field, or record type.
The permissions in a user’s ____ determine whether the user can create or edit records of a given type, run reports, and customize the app

Answer 50

settings

profile

Question 51

There are permissions in a profile and then there are other permissions that give extra access. Profiles are the lowest of access while permissions give extra access to certain things T/F

Answer 51

T

Question 52

____ User can create and edit records

Answer 52

Standard

Question 53

_____ Access - Salesforce user can view records, but not create or edit them

Answer 53

Minimum

Question 54

The ______ profile has the widest access to data and the greatest ability to configure and customize Salesforce.

Answer 54

System Administrator

Question 55

The System Administrator profile also includes two special permissions:
____

_____

Answer 55

View All Data

Modify All Data