E10 - Database Security (WBT) Flashcards
True or false: Eloqua allows you to manage security settings at the database level for the whole organization.
true
When are security settings configured?
At the time of Eloqua installation.
How do you access security settings?
Settings: Setup: Administration: Security
What should you do before modifying security settings?
Consult Eloqua
What are your options for password requirements?
Use a pre-built password policy or create a new one.
What is the default security complexity setting?
Eloqua Security Complexity
Can you change Password complexity settings if you are using the Eloqua Security Complexity setting?
No.
When using Eloqua Security Complexity setting, the password values are _____ and hidden from view.
hard-coded
When using Eloqua Security Complexity setting, the password values are hard-coded and ____.
hidden from view
What is the difference between Eloqua Security Complexity and Windows Security Complexity?
Windows Security Complexity is stricter.
If changes are required to Eloqua Security Complexity or Windows Security Complexity, what must you use?
Custom Security Complexity
When are the settings active under the Password complexity settings section?
Only if you have chosen Custom security complexity.
What determines the password expiration timeframe?
User passwords expire in
What are the maximum and minimum values for password expiration?
365 days and 0 days
What is the value for password expiration in Eloqua security complexity?
120 days
What is the value for password expiration in Windows security complexity?
42 days
What is the value for password expiration in Custom security complexity?
120 days
If you set the value for password expiration to zero, what does this mean?
The password will never expire.
What setting determines how long a user must wait before reusing a previous password?
Number of days in which a password cannot be reused.
The value in the “Number of days in which a password cannot be reused” is also driven by the setting in the ___ field.
Enforce password history
What is the value for Number of days in which a password cannot be reused in the Eloqua security complexity?
0 days
What is the value for Number of days in which a password cannot be reused in the Windows security complexity?
2 days
What is the value for Number of days in which a password cannot be reused in the Custom security complexity?
0 days
What setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused?
Enforce password history
To maintain the effectiveness of the password history, what should you do?
Do not allow passwords to be changed right after they were changed.
How do you prevent passwords from being changed after they were just changed?
By setting the Number of days in which a password cannot be reused security policy setting to 1.
What setting determines the minimum characters in the password?
Minimum password length.
What is the minimum value for password length?
5
What is the minimum password length for Eloqua security complexity?
6 characters
What is the minimum password length for Windows security complexity?
8 characters
What is the minimum password length for Custom security complexity?
5 characters
True or false: “Require at least one uppercase character” is enabled for all complexity levels.
True
True or false: “Require at least one lowercase character” is enabled for all complexity levels.
True
“Require at least one digit” is enabled for which complexity levels?
All
True or false: “Require at least one punctuation character” is enabled by default for all complexity levels.
False. It is disabled by default for all complexity levels.
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Eloqua security complexity?
Disabled
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Windows security complexity?
Enabled
“Password cannot contain more than 2 characters from the user name” - enabled or disabled for Custom security complexity?
Enabled
“Password cannot contain user’s account name” - enabled or disabled for Eloqua security complexity?
Disabled
“Password cannot contain user’s account name” - enabled or disabled for Windows security complexity?
Enabled
“Password cannot contain user’s account name” - enabled or disabled for Custom security complexity?
Enabled
“Require the first character to be alphanumeric” mandates that the first character of a user’s password must be ____ and cannot be a ___
alphanumeric and cannot be a special or Unicode character.
True or false: “Require the first character to be alphanumeric” is enabled for all complexity levels.
False - it is disabled
True or false: “Require the first character to be alphanumeric” is disabled by default for all complexity levels.
True
True or false: Eloqua offers a “Restrict login by IP address” option.
True
True or false: Eloqua provides you with options for configuring “Restrict Login By IP”
True.
What are the three options for configuring “Restrict Login by IP Address”?
By IP Range, Specific IP Block, By Network Mask.
What kind of environments would you be most likely to restrict login by IP address to a specific IP block?
Where IP addresses are not dynamically assigned.
How do you enter the “By Network Mask” option?
Enter the beginning IP address of the IP range you wish to add, followed by the network mask in slash notation.
Use the ____ section to define the timeframe and number of attempts after which a user must have their password reset.
Account Lockout Policy.
The Account Lockout Policy contains settings for: ____, Lockout effective period, Reset invalid login count after…
Maximum invalid login attempts
The default value for Maximum invalid login attempts is:
10
The default value for Lockout effective period is
5 minutes
If you set Lockout effective period to 0, what happens?
Account will be locked until an admin manually unlocks it.
The __ setting determines the number of minutes that must pass before the lockout threshold is reset.
Reset invalid login count after…
If Reset invalid login count after… is set to zero, what happens?
An admin must manually reset the account.
The Account Lockout Policy contains settings for: Maximum invalid login attempts, _____, Reset invalid login count after…
Lockout effective period
The Account Lockout Policy contains settings for: Maximum invalid login attempts, Lockout effective period, ______
Reset invalid login count after…
______ determines the duration after which a current session will expire in case of abandonment.
Session timeout value in minutes
The ____ includes Session Timeout value and Forgotten password reset time
Session Timeout Policy.
What is the default Session Timeout value?
120 minutes
The ___ determines the duration after which a user can get a new Forgot Password email.
Forgot password reset time
The default value for the Forgot password reset time in minutes is…
720 minutes (12 hours)
___ allows users to log into one product to access all their services.
SSO - Single Sign-on
Benefits of SSO: (1) ____ (2) productivity (3) easy policy implementation (4) reduced admin overhead
security
Benefits of SSO: (1) security (2) ____ (3) easy policy implementation (4) reduced admin overhead
productivity
Benefits of SSO: (1) security (2) productivity (3) ____ (4) reduced admin overhead
easy policy implementation
Benefits of SSO: (1) security (2) productivity (3) easy policy implementation (4) ____
reduced admin overhead
Why does SSO provide additional security?
Users will create a stronger password
3 steps to configuring SSO, in short
(1) Upload Metadata (2) Map the usernames (3) Download the Certificate
To access the SSO configuration page
Settings: Setup: Administration: Users
To upload Identity Provider Metadata
Single Sign-On down arrow: Identify Provider Settings
Where do you find the ACS and the Service Provider Entity URL?
On the Identity Provider Details page.
You will need the ACS and the Service Provider Entity URL when you…
Configure the SSO product
To map the usernames…
Identity Provider Details screen: Edit
What should you type in the “The name of the attribute that contains the user identity” field?
In mapping the usernames, under ____, select “The user identity is located in an assertion attribute value”
User Identity Location
Where do you download the certificate?
Single Sign-On down arrow: Certificate Setup
When you download the certificate, you should save it…
locally.
When a contact is uploaded to Eloqua, who has access to the contact?
All users.
3 examples of needing to control user access to contacts:
(1) Restricting access by business division or geography (3) Restricted access for Sales (4) Sharing access by business division or geography
__ indicate how you separate access to contacts
Categories
To restrict access based on Business Division and Geography, create what categories?
Business Division and Geography
Labels reside inside ___
categories
__ indicate the subdivisions under each category.
Labels
An example of labels is to create APAC, EMEA, and AMER labels under the _____
Region category.
The second step in Contact Security is to create __
security groups
You need to create ____ corresponding to each label to define the users that will have access to various contacts.
security groups
The third step in Contact Security is to map ____ to __
map security groups to labels
The fourth step in Contact Security is to assign ___ to __
assign labels to contacts.
To assign labels to contacts, you need to create a ___ that will evaluate the information in the Contact Records and assign a label.
program
If no label is assigned to a Contact Record, what happens?
The record will be available to all users.
What happens if a user is in multiple access security groups?
Then the user will be able to see all contacts for each security group.
What is recommended when configuring contact security?
Work with an Eloqua representative
where to find categories and labels?
Settings: Setup: Administration: Users: Contact Security down arrow: Manage Labels
The __ page is where you define categories and labels
Manage Labels
3 options to create security groups
(1) new (2) copy and repurpose (3) use out-of-the-box
The _____ security group does not have any actions or interface permissions.
standard Everyone
The ____ security group is strictly used for determining a user’s __
contact access - not feature or function access.
True or false: You create a name and an acronym for security groups.
True.
The last step in creating security groups is…
add users to each security group.
Where do you assign labels?
Contact Security drop-down: Assign Labels
The program to examine Contact Records and assign labels is created using the _____ or _____ model.
shared or unique model
In the program to assign labels, what type of action should you choose for “Remove Labels”?
Ownership
7 types of actions under Program Builder are (1) ___ (2) Data Tools (3) Groups (4) Integration (5) Marketing Actions (6) Ownership (7) Program Maintenance
All
7 types of actions under Program Builder are (1) all (2) ___ (3) Groups (4) Integration (5) Marketing Actions (6) Ownership (7) Program Maintenance
Data Tools
7 types of actions under Program Builder are (1) all (2) Data Tools (3) _____ (4) Integration (5) Marketing Actions (6) Ownership (7) Program Maintenance
Groups
7 types of actions under Program Builder are (1) all (2) Data Tools (3) Groups (4) ____ (5) Marketing Actions (6) Ownership (7) Program Maintenance
Integration
7 types of actions under Program Builder are (1) all (2) Data Tools (3) Groups (4) Integration (5) _____ (6) Ownership (7) Program Maintenance
Marketing Actions
7 types of actions under Program Builder are (1) all (2) Data Tools (3) Groups (4) Integration (5) Marketing Actions (6) ___ (7) Program Maintenance
Ownership
7 types of actions under Program Builder are (1) all (2) Data Tools (3) Groups (4) Integration (5) Marketing Actions (6) Ownership (7) ____
Program Maintenance
What Action do you enter in Program Builder to remove labels?
Remove Contact Security Labels
How can you open a menu for editing decision steps?
Click the down arrow on the decision step.
In Program Builder, can you restrict the time actions run?
Yes.
True or false: you can allow Custom Objects in a program step.
True.
Because a contact will always remain in one geographic region, use the ____ Model to create a program to assign labels to contact records.
Unique
True or false: You can configure asset-level security in Eloqua.
True
____ allow you to control levels of access to assets, features, and interfaces.
Security groups
Access security groups from the User Management page:
Groups: All Groups … displays Security Group Overview interface
Security Group overview: The ____ section allows you to define the products that users in the group can access
Licensing
Access to use the core platform requires the __ license.
Eloqua Marketing Platform
The ___ section controls the features and areas of the application that are visible to users in this group.
Interface Access
The Interface Access tree is organized…
in a hierarchy that matches the hierarchy of how you navigate the platform.
In Interface Access, if you are looking at a new security group or the Everyone security group, what is true?
No areas of the application are selected.
In Interface Access, there are default selections made for the ____ or _____ security groups.
System or Default
True or false: Access to assets set in Interface Access allow users to create, modify or delete the assets.
False. This is set in the Asset Creation section.
The ____ section of security group overview controls the actions that can be performed on a particular interface by users in this group.
Action Permissions section
The Action Permissions section is closely linked with the ____ section of the Security Group overview.
Interface Access
Security Group Overview 6 sections: (1) _____ (2) Interface Access (3) Action Permissions (4) Asset Creation (5) Default Asset Permissions (6) Business Unit Membership
Licensing
Security Group Overview 6 sections: (1) Licensing (2) ____ (3) Action Permissions (4) Asset Creation (5) Default Asset Permissions (6) Business Unit Membership
Interface Access
Security Group Overview 6 sections: (1) Licensing (2) Interface Access (3) _____ (4) Asset Creation (5) Default Asset Permissions (6) Business Unit Membership
Action Permissions
Security Group Overview 6 sections: (1) Licensing (2) Interface Access (3) Action Permissions (4) _____ (5) Default Asset Permissions (6) Business Unit Membership
Asset Creation
Security Group Overview 6 sections: (1) Licensing (2) Interface Access (3) Action Permissions (4) Asset Creation (5) ______ (6) Business Unit Membership
Default Asset Permissions
Security Group Overview 6 sections: (1) Licensing (2) Interface Access (3) Action Permissions (4) Asset Creation (5) Default Asset Permissions (6) _____
Business Unit Membership
The __ section of the Security Group Overview controls the actions that can be performed on a particular interface by users in this group.
Action Permissions
The _____ section identifies the types of assets that users of this group have the ability to create.
Asset Creation
The _____ section controls the default permissions applied to an asset.
Default Asset Permissions
If you want to only allow the user who created an asset to edit or delete it, what section of the Security Group Overview would you use?
Default Asset Permissions
The ____ section of the Security Group Overview can select which business unit users will be members of.
Business Unit Membership
The Business Unit Membership is only applicable if…
Categories have been configured for business units.
When a user creates a new asset, there are a default set of permissions on that asset. True or false?
True.
What are the four levels of security that users or security groups can have over an asset?
View, Edit, Delete, Security
In the ____ level of asset permissions, users can change the asset permissions.
Security
From the Security Group Overview, where do you assign permissions?
Click Default Asset Permissions, and click edit.
The __ allows you to secure the entire email template so it cannot be modified, or only mark certain sections as edited.
Email Template Manager
Where is email template manager:
Assets: Emails: Template Manager icon
Create an email template as you would create…
any email.
After saving as a template, what do you do to mark some of the template as protected?
Gear menu: Enable Protected Mode
How do you mark some sections as editable?
Right-click on the component and select Mark as Editable.
True or false: When you mark a component as editable you can allow it to be deleted.
True.
How are editable sections marked in a template?
With a blue line around them.
What feature of the Email Template allows you to lock an entire email asset or mark certain sections as editable?
Protected Mode
Configuring __ security insures information confidentiality and system integrity.
User Security
Configuring __ leads to effective resource utilization.
SSO
Configuring ____ allows you to implement cost effective guardrails to prevent against unauthorized access and disclosure.
Contact Security
Configuring ___ allows you to define permissions for each asset type against unauthorized deletion or modification.
Asset Security
