Security & Access (13%) Flashcards

1
Q

Only the users who have been assigned to the “Accounts Receivable” profile should be able to view and access the “Credit Status” field on the Account object via the detail page, reports, and the API. What is the best way for the admin to accomplish this? Choose 1

A.) Create two page layouts, one with the credit status field, the other without. Assign the first to the “Accounts Receivable” profile and the second to the other profiles.
B.) It is not possible to display a field for the only one profile.
C.) Use field-level security to set the “Visible” setting to not visible for all profiles except Accounts Receivable
D.) Set the Credit Status field to be not visible on the page layout for all profiles except Accounts Receivable

A

C.) Use field-level security to set the “Visible” setting to not visible for all profiles except Accounts Receivable

Field-level security can be used to set whether a field is visible or read-only by profile. It also allows defining field accessibility in places other than the detail page, i.e., whether users should be able to access a particular field via the detail page layouts and make the field visible on one and not on another, however when the requirement is related to field visibility for different types of users, using field-level security is more appropriate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An admin wants to insert records using Data Loader, but he does not have access to his email where the security token has been sent. How can he proceed? Choose 1

A.) Raise a case to SFDC support
B.) Ensure that the IP address is not within the restricted IP range
C.) Add the IP address to the trusted IP range
D.) Uncheck “Use Security Token” in Data Loader settings

A

C.) Add the IP address to the trusted IP range

If the IP address has been added to the trusted IP range (Security Controls-> Network Access) then the security token is not required when using Data Loader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

All users in an SFDC org have been assigned a profile that allows them to read, create, edit and delete records of most of the standard objects. The admin needs to provide access to a group of external users but would like to ensure that they have read-only access to all the major standard objects. What is the best way to accomplish this? Choose 1

A.) Assign the Read-Only standard profile and create a permission set to remove delete permission on all the objects
B.) Assign the Standard User profile but deselect the “Delete All” permission on the user records of external users
C.) Clone the Standard User profile to create a new custom profile which does not grant the delete permission
D.) Clone the standard “Read-Only” profile and assign it to the external users

A

D.) Clone the standard “Read-Only” profile and assign it to the external users

SFDC includes a number of standard profiles that can be readily used including a “Read-Only” profile which allows users to view but not edit the records of most of the standard objects. SFDC recommends cloning a standard profile and assigning users to the cloned profile as a best practice. This way, further modifications to access and permissions that are needed in the future can be made easy.

External users that are required to have read-only access can be assigned to the cloned Read-Only profile. On the other hand, a permission set can only be used to grant additional permissions to specific users and not remove or restrict access. Also, there is no “Delete All” permission on the user object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

All users have the Standard User profile assigned. The admin would now like all users to be able to read, create and edit contacts but only allow managers to delete contacts. What is the best way to handle this? Choose 1

A.) Add “Delete All” permission to the user records
B.) Create a new profile for managers and enable delete permission for contacts
C.) Modify the standard profile to remove delete permission on contacts and create a new profile for managers with delete permission
D.) Clone the standard profile and assign to all users. Remove delete permission on contacts in the cloned profile. Create a permission set that includes permission to delete contacts, and assign the permission set to manager

A

D.) Clone the standard profile and assign to all users. Remove delete permission on contacts in the cloned profile. Create a permission set that includes permission to delete contacts, and assign the permission set to manager

Standard profiles cannot be modified. Permission sets can be used to provide additional permissions to users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An Account Executive is regularly working with a number of colleagues on opportunities. One of the colleagues should be able to view but not update the opportunities. What is the best way to give the other people he is working with the required access to the opportunities and track their role on the opportunity? Choose 1

A.) Create a sharing rule
B.) Create an Opportunity Team and set access for each user
C.) Use manual sharing to add the users to each opportunity
D.) Add the user to the role hierarchy below the account executive

A

B.) Create an Opportunity Team and set access for each user

Manual sharing can be used to add individual users and access but the role cannot be specified. Opportunity teams allows the role and access to be specified for each team member.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The Account object has two record types named “Prospect” and “Customer”. A user would like that when he clicks on the “New” button on the account page, the “Prospect” record type is selected automatically for creating the account record. What can be used to enable this? Choose 2 answers.

A.) Record type preference in User Settings
B.) Default record type settings in the user’s profile
C.) Default record type settings on the Account object
D.) Default record type settings in a permission set

A

A.) Record type preference in User Settings
B.) Default record type settings in the user’s profile

A default record type is set at the profile level. The option to automatically use the default record type is set in user settings. It is not possible to specify a default record type using a permission set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A Company would not like their employees to access SFDC from home. How can this be achieved? Choose 1

A.) Enable “Trusted Login Only” setting
B.) Define Login IP Ranges for all profiles
C.) Define permission sets
D.) Define Trusted Login IP ranges

A

B.) Define Login IP Ranges for all profiles

Trusted IP ranges define a list of IP addresses from which users can log in without receiving a login challenge for verification but do not restrict logins from IP addresses outside the range. Login IP Ranges can be defined at the profile level. Users outside of the Login IP Range set on a profile will not be able to gain access to SFDC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

John needs a number of colleagues to have visibility and collaborate on a case related to an account he owns. What is the best way to allow them to have access to the case record? Choose 1

A.) Add the users to the case team
B.) Create a sharing rule
C.) Use manual sharing to grant access to each other
D.) Set the organization-wide sharing default to “Public Read-Only”

A

A.) Add the users to the case team

In this scenario, users require access to a single case record for collaboration. Creating a sharing rule to grant access to one record is not a good solution, regardless of whether it is possible to define the criteria for the sharing rule. A sharing rule is typically used to share multiple records with users in public groups, roles, or territories. A case team can be used to allow a group of users to work together on a case record. Access levels can be set to “read-only” or “read/write”. If the organization has set up predefined case teams, these case teams can be added the case instead of individual users. Setting the visibility to “Public Read-Only” will provide view access to all users, which would not meet the requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An admin can define a sharing rule to share records with a public group. Which of the following can be included in a public group? Choose 3

A.) Users assigned to specific territories
B.) Profiles
C.) Roles
D.) Permission Sets
E.) Other public groups
A

A.) Users assigned to specific territories
C.) Roles
E.) Other public groups

Public groups can contain a combination of users, roles, users assigned to specific territories, other public groups and roles, and subordinates in the hierarchy. Profiles and permission sets cannot be included in a public group definition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

There is a request for the sales director to have certain records of the “Delivery” custom object shared with four of the nine sales managers. Only records that have the “Pending” value on the “Status” field should be shared with these sales managers. The org-wide default setting of the custom object is set to “Private” and the “Grant Access using Hierarchies” checkbox is deselected. No other user in the org should have access to these records if they do not already have access. How can this be achieved? Choose 1

A.) Create a sharing rule for the Delivery object to share records with a “Pending” status with the role associated with sales managers
B.) Enable “Grant Access Using hierarchies” For the Delivery Object.
C.) Create a sharing rule for the Delivery object to share the records with a “Pending” status with a public group that contains the sales managers who should have access.
D.) Update the org-wide default settings of the Delivery object to “Public Read Only”

A

C.) Create a sharing rule for the Delivery object to share the records with a “Pending” status with a public group that contains the sales managers who should have access.

Since the sharing rule required in this scenario is user-specific, and sharing rules cannot be created to share records with specific users, a public group containing the users must be created. Because only certain records need to be shared, the sharing rule should be based on criteria specified by the sales director. Granting access through org-wide default to the role hierarchy would open up access to more than just one user. Since more than a few users can be assigned to a role, a role should not be used in the sharing rule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The admin needs to set up org-wide default settings for all the standard and custom objects. Which of the following is true regarding org-wide default settings? Choose 1

A.) “Public Read/Write/Transfer” setting is only available for Cases and Leads
B.) “Private” setting is only available for custom objects
C.) “Controlled by Parent” setting is only available for custom objects.
D.) “Public Read Only” is only available for standard objects

A

A.) “Public Read/Write/Transfer” setting is only available for Cases and Leads

Only Cases and Leads have org-wide default sharing options of “Public Read/Write/Transfer”. Custom objects can have “Private”, “Public Read Only”, “Public Read/Write”, and “Controlled by Parent”. Contacts and Orders also have the “Controlled by Parent” option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SFDC has provided a number of auditing features, which can be useful in diagnosing potential or real security issues. Which of the following auditing features are available in SFDC? Choose 3

A.) Login History
B.) eDiscovery logs
C.) Debug logs
D.) Field History Tracking
E.) Setup Audit Trail
A

A.) Login History
D.) Field History Tracking
E.) Setup Audit Trail

Debug log is not an auditing tool; it is used by devs to check the running of code

There is no feature called eDiscovery logs in SFDC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In ABC Corp, different sales teams should not be able to have access or visibility to PriceBooks of other teams when adding them to opportunities. How can this be configured? choose 1

A.) Set the org-wide default sharing settings for Price Book to “Use”
B.) Set the org-wide default sharing setting for Price Book to “Private”
C.) Price Book access is controlled by Product sharing settings
D.) Set the org-wide default sharing settings for Price Book to “No Access” and add sharing to grant access to users that should have visibility to each Price Book.

A

D.) Set the org-wide default sharing settings for Price Book to “No Access” and add sharing to grant access to users that should have visibility to each Price Book.

The sharing settings available on Price Book are “Use”, “View Only”, and “No Access”. “Use” means any user can view and add the Price Book to an opportunity. “No Access” means that users cannot see PriceBooks or add them to opportunities unless sharing rules are used to give visibility.

Access wider than the default access can be granted to users by adding sharing form the Price Book detail page.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which features can an admin use to control record sharing? Choose 3

A.) Profiles 
B.) Permission Sets
C.) Role Hierarchy
D.) Org wide default settings
E.) Sharing rules
A

C.) Role Hierarchy
D.) Org wide default settings
E.) Sharing rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The sales team of Cosmic Logistics uses Sales Cloud to manage team activities and support the operations of the global HR department. A custom HR application has been created in SFDC. The CTO of the company does not want the sales team to access the HR application and the tabs created for the HR application. Which security controls measures should the admin use for the requirement? Choose 2

A.) The sales team profile should not have object-level and field-level access for the objects in the HR application
B.) The “Visible” checkbox should be unchecked for the HR application in the sales team profile.
C.) The sharing settings for the objects in the HR application should be set to “Private” for the sales team profile.
D.) The HR application should be set to “Hidden” for the sales team profile

A

A.) The sales team profile should not have object-level and field-level access for the objects in the HR application
B.) The “Visible” checkbox should be unchecked for the HR application in the sales team profile.

The visibility of the HR application should be removed for the sales team profile by deselecting the “Visible” checkbox, which will ensure that the application is not visible and cannot be made visible in the app menu. To ensure that there is no access via any means such as reporting, the object-level and field-level access should also be removed.

There is not “hidden” setting in a profile that can be used to remove access to a custom application. Setting the sharing settings to “Private” would not prevent access to the application and tabs, as it controls access to records that are not owned by the users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A user has reported that they do not see the “Contact Type” field on the contact detail page. What would the admin check first? Choose 1

A.) The contact page layout displayed for the profile assigned to the user
B.) The contact page layout assigned to the user
C.) The role assigned to the user
D.) Field level security assigned to the user

A

A.) The contact page layout displayed for the profile assigned to the user

Page layouts determine which fields are visible. Field level security determine which fields are visible on a page layout however it is configured at the profile level, not the user level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

In a private sharing model, will a manager be able to edit account records owned below them in the role hierarchy? Choose 1

A.) No, users in higher roles are only able to view records owned by users below them in the role hierarchy
B.) Yes, access is granted by default to users in a higher role for standard objects.
C.) Only if a sharing rule has been created
D.) Only if “Grant Access using Hierarchies” setting is checked

A

B.) Yes, access is granted by default to users in a higher role for standard objects.

Grant access using hierarchies is always checked for standard objects such as account and cannot be changed. Users in higher roles will inherit the record permissions of the users below them in the role hierarchy. Users at any role level can view, edit, and report on all data that’s owned by or shared with users below them in the role hierarchy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

An admin would like to absolutely deny login access to the company’s SFDC org if users are logging in outside the specified login hours and IP range. What are the different options that can be used? Choose 2

A.) Profile based IP restrictions
B.) Org-wide IP restrictions
C.) Profile-based login hour restrictions
D.) org-based login hour restrictions

A

A.) Profile based IP restrictions
C.) Profile-based login hour restrictions

Login hours and IP addresses can be restricted by profile, not organization.

Trusted IP ranges are defined at the organization level (network access). If users try to login from outside this range, they are sent an activation code; it does not absolutely restrict login access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following are default password policy settings or requirements imposed by SFDC when a password is set? Choose3

A.) A password must contain at least 8 characters
B.) A password cannot contain the user’s username
C.) The last three passwords are stored and cannot be reused when users are changing the password
D.) Default password set by SFDC is Useralias123$

A

A.) A password must contain at least 8 characters
B.) A password cannot contain the user’s username
C.) The last three passwords are stored and cannot e reused when users are changing the password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

If a user is assigned a profile that has read object access to accounts, what records will the user be able to see? Choose 2

A.) Only records owned by the user
B.) All account records
C.) Depends on the user’s role
D.) Depends on the sharing model

A

C.) Depends on the user’s role
D.) Depends on the sharing model

The question is referring to the account object, and the “Grant Access Using Hierarchies” cannot be disabled on standard objects, so access also depends on the user’s role as well as the sharing model.

Here are the possibilities:

Private -> Can only access records owned by the user
Public Read Only -> Can view all records in the system, regardless of ownership
Public Read/Write -> Can view and edit records in the system, regardless of ownership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Bob and Patrick are sales users and share the same custom sales profile. The sales profile allows create and edit of contacts but not delete. The sales manger would like Patrick to be able to create and edit contact records, however, Bob should also be able to delete contacts. How can the admin configure this most efficiently? Choose 1

A.) Set up the role hierarchy to meet this requirement
B.) Create a permission set and assign it to the users accordingly
C.) Create a new custom profile for Bob
D.) Two sales users cannot have different permissions on the Contact object

A

B.) Create a permission set and assign it to the users accordingly

Although two profiles could be created with different permissions to the Contact object, it is more efficient to create a permission set to give Bob the extra permissions and use one profile for sales users. Permission sets can grant object and field level permissions and extend profile permissions and access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Sia is helping Jobelle on an opportunity and needs to view and update the details of the account, account contacts, and the opportunity record. The sharing settings on accounts and opportunities is set to Private. How should the admin meet this requirement? Choose 1

A.) Ask Jobelle to add Sia to the Opportunity Team
B.) Ask Jobelle to add Sia to the Account Team
C.) Create a sharing rule to give access to Sia
D.) Add Sia to the role hierarchy above Jobelle to give her visibility

A

B.) Ask Jobelle to add Sia to the Account Team

Account Team members can be given read or read/write access to an account as well as the related contacts. Access to opportunities and cases can be set to private, read, or read/write.

Opportunity team members can be given read or read/write access to an opportunity, but will only get read-only access to the related account and account contacts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

How can an admin ensure the security of the data sent and returned from their SFDC community site? Choose 1

A.) Use a third-party security technology to secure the community site and notify you when there is suspicious activity
B.) SFDC automatically ensures security for all community sites
C.) Manually monitor all site traffic going to the community site
D.) Require secure connections for the community site to redirect traffic from HTTP to HTTPS

A

D.) Require secure connections for the community site to redirect traffic from HTTP to HTTPS

Require secure connections for an SFDC Community site, which redirects all traffic from HHTP to HTTPS, ensures the confidentiality and integrity of the data going in and out of that site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Flex Corp has offices in the US, Europe, and Asia. A Sales Director should have access to the German, French, and UK accounts which are all under the European region. The Global Sales Director should have access to the HQ accounts, US accounts, and Asia accounts but not the European accounts. How can this be set up? Choose 1

A.) Deselect “Grant Access Using hierarchies” option for the account object in sharing settings
B.) Create the role hierarchy so the Global Sales Director is not at the top of the hierarchy
C.) Create a sharing rule on Accounts
D.) Change the sharing setting of Accounts to “Private”

A

B.) Create the role hierarchy so the Global Sales Director is not at the top of the hierarchy

It would be possible to create multiple criteria-based sharing rules (eg - one for each region), however, using the role hierarchy as described is a simpler solution and uses the standard role hierarchy features to provide access to the required accounts.

“Grant Access Using Hierarchies” will grant record access to users above the record owner in the hierarchy. Since it cannot be disabled for standard objects such as Accounts, the hierarchy will have to be set up in such a way that the Global Sales Director role is not at the top of the hierarchy, otherwise, the Global Sales Director will have visibility into all accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

For any customer centric organization, the opportunity or deal record data are sensitive. A sales manager has requested the admin to monitor some of the important fields that are getting changed by multiple teams from time to time during the sales lifecycle. Which security option can the admin choose to achieve this? Choose 1

A.) Enable field history tracking for the opportunity object and create a report
B.) Provide the “View All Data” permission to the sales manager to allow seeing all changes
C.) Enable org-wide default sharing settings for the opportunity object to set it to sales manager level
D.0 Provide the “View All” permission to the sales manager to allow seeing all changes.

A

A.) Enable field history tracking for the opportunity object and create a report

The admin can select certain fields to track and display the field history in the History related list of an object.

The Opportunity field history report can be used to view information about the change history of the opportunity fields that are tracked, including old and new values and the dates edits were made.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following are organizational-level security access controls? Choose 3

A.) Multi-Factor Authentication
B.) Permission sets
C.) Platform encryption 
D.) Password policies 
E.) Trusted IP ranges
A

A.) Multi-Factor Authentication
D.) Password policies
E.) Trusted IP ranges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

An organization has a read-only opportunity sharing model. It also users Enterprise Territory Management and has an active territory model with the following territories: Japan, United States, France, and Argentina. The VP of Sales would like the reps in Japan and France to have read/write access to the opportunities owned by reps in the United States. How can the SFDC admin configure the system to meet this requirement? Choose 1

A.) Create a sharing rule that shares the opportunities owned by US reps with a public group consisting of members in the Japan and France territories.
B.) Create two sharing rules based on users assigned to territories
C.) Change the org-wide default setting of opportunities to “Public Read/Write”
D.) Ask United States reps to manually share their opportunities with reps in Japan and France.

A

A.) Create a sharing rule that shares the opportunities owned by US reps with a public group consisting of members in the Japan and France territories.

Changing the org-wide default setting to “Public Read/Write” is not a viable option since all users who have access to opportunities will be able to modify all of them. Asking the reps to manually share records is not practical as it will consume too much time for each rep to do so. Although two sharing rules based on users assigned to territories would work, the most efficient solution is to first create a public group and add the japan and France territories to it. Doing so will make the reps in the Japan and France territories members of the group. A sharing rule can then be configured that shares the US-owned opportunities with the public group (consisting of members in the Japan and France territory)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Cosmic Solutions has recently set up “My Domain” for their SFDC org. What are some of the things that an admin can do to make sure that its deployment is successful? Choose 3

A.) Update all applicable URLs
B.) Communicate the change of the subdomain only after deployment
C.) Test tabs and links to see if they display the new subdomain
D.) Deploy the new subdomain when there is high traffic to make sure everyone can access the new subdomain
E.) Log in using the My Domain subdomain name

A

A.) Update all applicable URLs
C.) Test tabs and links to see if they display the new subdomain
E.) Log in using the My Domain subdomain name

The My Domain feature allows the use of a subdomain for a SFDC org to better manage login and authentication. The company name can be included in the URL, for example, https://companyname.my.salesforce.com

Before deploying a new My Domain subdomain, it needs to be tested for login problems by using the new subdomain name to log in. Tabs and links within the SFDC org also need to be checked. Application URL and hard-coded references need to be updated before deployment. The upcoming change should be announced much earlier than the date of deployment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Harold is being moved from a service support role to a sales role in the same company. What changes would an admin do to ensure Harold’s user account would have the necessary permissions and would be able to view the information required for his new role in his new department? Choose 2

A.) Create a new user record for Harold
B.) Use an old sales user record and replace the details with Harold’s information
C.) Change the role in the User settings
D.) Change the profile in the User settings

A

C.) Change the role in the User settings
D.) Change the profile in the User settings

The admin could change the user’s role and profile details, thereby changing the permissions and record visibility for the user. It is not a good practice to reuse or recycle user records as this would impact the data integrity of the system audit fields and record ownership.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

An admin wishes to delegate the responsibility of resetting passwords and creating new users to her assistant. The admin does not wish to give her assistant full admin rights. What is the most appropriate solution in this case? Choose 1

A.) Assign the user to a delegated group that has selected user admin permission
B.) Create a custom profile and give only limited access to create users and reset passwords
C.) Create a custom profile and give admin permission to it
D.) Open a case with SFDC for this type of profile creation

A

A.) Assign the user to a delegated group that has selected user admin permission

Users in delegated group can be assigned permissions to create users at a certain level of the role hierarchy, assign certain profiles, assign certain permission sets, and administer certain custom objects. Assigning users to a delegated admin group can be done by the organization’s system admin alone. Creating and assigning a custom profile for a single person which could possibly be for a temporary purpose is not a best practice for extending permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What options does an admin have regarding setting the page displayed after a user logs out of SFDC? Choose 3

A.) Display the “Home” page of a custom appication in SFDC
B.) Display the standard SFDC login page
C.) Display a custom single sign-on page
D.) Display a custom logout page
E.) Display the ‘Setup” page for the SFDC org.

A

B.) Display the standard SFDC login page
C.) Display a custom single sign-on page
D.) Display a custom logout page

An admin can set the page displayed after a user logs out of SFDC. A custom logout page URL is set in Setup by navigating to “Session Settings” under “Security Controls”. if none is provided, the default is “htts://login.salesforce.com” unless My Domain is enabled. If My Domain is enabled, the default is “https://customdomain.my.salesforce.com”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A user has reported that they are not able to view information on the Health Check page. What could be the problem? Choose 2

A.) The user does not have “Customize Application” permission
B.) The user does not have “View Setup and Configuration” permission
C.) The user does not have “Manage Login Access Policies” and “Manage Password Policies” permissions
D.) The user does not have “View Health Check” permission

A

B.) The user does not have “View Setup and Configuration” permission
D.) The user does not have “View Health Check” permission

To view the Health Check page, only the “View Health Check” and “View Setup and Configuration” permissions are required. Enabling the “View Health Check” permission automatically enables the “View Setup and Configuration” permission if it isn’t already enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An admin wants to give another user the ability to assign one type of permission set designated for certain roles. How can this be accomplished? Choose 1

A.) Make the user a delegated admin and enable the delegated admin to assign the designated permission set
B.) Change the user’s profile to admin so that they have the ability to assign permission sets
C.) Change the permission set settings on the object in question.
D.) Create a new profile and assign permission sets to it

A

A.) Make the user a delegated admin and enable the delegated admin to assign the designated permission set

Permission sets may be specified that delegated admins can assign to users in specified roles and all subordinate roles.

34
Q

A user is assigned a profile that allows for Leads has been set to private. A role hierarchy has been set up and the user has been assigned a role that has subordinate roles below it in the hierarchy. What will the user’s access be to leads owned by other users? Choose 1

A.) The profile setting will not override the sharing setting and the user will always only have read access to leads owned by other users
B.) The profile setting will override the sharing setting and the user will be able to edit leads owned by other users.
C.) The user will not be able to read, edit, or delete leads owned by other users.
D.) The user will have access to leads owned by other users granted via the role hierarchy.

A

D.) The user will have access to leads owned by other users granted via the role hierarchy.

Profiles do not override sharing settings or the role hierarchy to grant access to records. In a private sharing model, the user will have access to their own records and access to any records owned by users below them in the role hierarchy.

35
Q

The Marketing Director of Cosmic Supermart would like all their SFDC users to see only the campaign members whose lead or contact records they can access in SFDC. What can an admin do to fulfill this requirement?

A.) Use a criteria-based sharing rule defined on the Campaign object to grant access to campaign members.
B.) Modify the org-wide sharing default setting for the Campaign object.
C.) Modify the org-wide sharing default setting for the Campaign Member object.
D.) Use a criteria-based sharing rule defined on the Campaign Member object to grant access to campaign members.

A

C.) Modify the org-wide sharing default setting for the Campaign Member object.

For this requirement, the org-wide sharing default setting for the Campaign Member object can be set to ‘Controlled by Lead or Contact”. This would ensure that users see only the campaign members whose lead or contacts records they have access to. A sharing rule defined on the Campaign object could be used to define access to Campaign Member records if the organization-wide sharing default setting is set to “Controlled by Campaign”, but it is used to increase access to records rather than define the baseline access. In this case, since access needs to be defined for all Salesforce users, the org-wide sharing default setting should be modified.

36
Q

An organization has a Security Health Check score of 55%. The admin of the organization needs to identify and fix potential vulnerabilities in security settings which are at high risk in order to remediate them. If the default SFDC baseline Standard is used for the health check, which of the following are high risk security settings? Choose 2

A.) Minimum password length
B.) Maximum invalid login attempts
C.) Number of expired certificates
D.) Days until certificate expiration

A

B.) Maximum invalid login attempts
C.) Number of expired certificates

“Number of expired certificates” and “maximum invalid login attempts” are high risk security settings. “Minimum password length” is a medium risk security setting. “Days until certificate expiration” is an information security setting.

37
Q

The admin of Cosmic Service Solutions has set the org-wide defaults sharing setting of the Account object to “private”. The company uses Enterprise Territory Management and has an active territory model with the following territories: Canada, Northeast, Southwest and California. Account records that are owned by users who are assigned to the California territory need to be shared with all the users in the Northeast territory. They should have “Read” access to the account records. What solution should be used to accomplish this? choose 1

A.) A sharing rule based on record ownership should be created to share the account records.
B.) The default access level of account records should be set in the “California” territory
C.) A sharing rule based on criteria should be created to share the account records.
D.) A permission set should be created to grant record access to users in Northeast territory

A

A.) A sharing rule based on record ownership should be created to share the account records.

A sharing rule based on record ownership can be created to share the accounts that are owned by the members of the California territory with the users who are assigned to the Northeast territory. A criteria-based sharing rule would not meet the requirement. A permission set cannot be used to share records. Setting the default access level of account records in a particular territory would not give record access to users who are assigned to a different territory.

38
Q

What options are available to set the length of time after which the system logs out inactive users? Choose 2

A.) Session timeout can be set using a permission set
B.) Session timeout can be set at the profile level
C.) Session timeout can be set at the organization level
D.) Session timeout can be set by individual user

A

B.) Session timeout can be set at the profile level
C.) Session timeout can be set at the organization level

The session time limit can be manged at the organization level in session settings or by profile by editing the “Session Settings” in the Profile. It cannot be changed for individual users or controlled using a permissions set

39
Q

Global Containers has created a Performance Review App and would like to ensure that only the manager of a staff member and managers further up the chain in the same department have visibility to the review of a staff member. The role hierarchy does not follow the organization structure. How can this be configured? Choose 3

A.) Ensure that the “Grant Access using hierarchies” checkbox is selected
B.) Ensure that the “grant Access Using Hierarchies” checkbox is deselected
C.) Ensure that the “Manager Groups”settings is selected on the Sharing Settings page
D.) Create a sharing rule to share Performance Reviews with the user’s manager group
E.) Ensure that the rile hierarchy reflects the reporting hierarchy

A

B.) Ensure that the “grant Access Using Hierarchies” checkbox is deselected
C.) Ensure that the “Manager Groups”settings is selected on the Sharing Settings page
D.) Create a sharing rule to share Performance Reviews with the user’s manager group

A user from the same department who is not necessarily another user’s manager could have a higher role in the role hierarchy. If “Grant Access Using Hierarchies” checkbox is selected, that user with the higher role in the role hierarchy would be able to see the performance review if he is not that person’s manager.

Manager group sharing needs to be enabled on the Sharing Settings page. Once selected, it can be used in manual sharing, sharing rules, and apex manged sharing. The “grant Access Using Hierarchies” checkbox should be deselected to ensure that the records are not shared throughout the role hierarchy.

40
Q

The CIO of a technology company has directed the admin to enable the single sing-on with delegated authentication for the org. Which of the following are the benefits of a delegated authentication? Choose 2

A.) It allows the sending of authentication and authorization data between affiliated but unrelated web services
B.) It makes the login page private and accessible only behind a corporate firewall
C.) It applies to all users once enabled
D.) It can be configured to use a stronger form of user authentication, such as integration with a security identity provider

A

B.) It makes the login page private and accessible only behind a corporate firewall
D.) It can be configured to use a stronger form of user authentication, such as integration with a security identity provider

Delegated authentication SSO integrates SFDC with a chosen authentication method, such as corporate LDAP server. This authentication method is configured at the permission level, so it can be turned on or off for individual users. the method also allows the configuration that makes the login page accessible only inside a corporate firewall. Sending authentication data between affiliated but unrelated web services is a feature of Federated Authentication, not Delegated Authentication.

41
Q

Which of the following can be stored and accessed in folders? Choose 3

A.) Reports
B.) Email Templates
C.) Dashboard 
D.) Mail Merge Templates
E.) Entitlement Templates
A

A.) Reports
B.) Email Templates
C.) Dashboard

42
Q

Cosmic Smart Solutions has a group of support users who require access to SFDC. All these users need access to Chatter features and activities. A few of these users also require the ability to view and edit cases and records of a custom object called ‘Product Issue”. None of the users should be able to view or edit the records of any other object. Which solution should be utilized to ensure that these users have the required permissions? Choose 1

A.) Assign the “Minimum Access - Salesforce” profile to all the users and assign a permission set to the users who require additional access.
B.) Assign the ‘Read Only” profile to all the users and assign a permission set to the users who require additional access.
C.) Assign the “Standard Platform User” profile to all the users and assign a permission set to the users who require additional access.
D.) Assign the “Standard User” profile to all the users and assign a permission set to the users who require additional access.

A

A.) Assign the “Minimum Access - Salesforce” profile to all the users and assign a permission set to the users who require additional access.

The “Minimum Access - Salesforce” profile is a least-privilege profile that includes “Access Activities”, “Chatter internal user”, “Lightning Console User” and “View Help Link” permissions. To meet the requirement, this profile can be assigned to all the users who need to access Chatter features and activities. A permission set can be created and assigned to the subset of users who also need to view and edit cases and record of a custom object.

The “Read Only” profile would grant the ability to view the records of other objects. The “Standard Platform User” profile would give access to core platform functionality such as accounts and contacts, which is not required in this case.

43
Q

A user has left their phone at home which is usually used for multi-factor authentication. What can the admin do? Choose 1

A.) Reset the password for the user
B.) Generate a temporary verification code
C.) Remove multi-factor authentication
D.) Generate a temporary username

A

B.) Generate a temporary verification code

The admin can generate and give the user a temporary verification code that can be used in place of the code that they would usually get from the mobile authentication app.

44
Q

The Salesforce org of Cosmic Sporting Goods has a Security Health Check score of 75%. Based on the Salesforce Baseline Standard, which grade does this score correspond to in SFDC? Choose 1

A.) Fair
B.) Acceptable
C.) Good
D.) Satisfactory

A

C.) Good

90 and above = Excellent
80-89% = Very Good
70-79% = Good
55-69% = Poor 
54% and below = Very Poor
45
Q

The “Description” field on the Account object should be read-only for users that are assigned to specific profiles. How can this be achieved? Choose 2

A.) Set field-level security for the users’ profiles
B.) Assign the users to the read-only profile
C.) Modify the page layout assigned to the profiles of the users
D.) Create and assign a permission set to the users’ profile

A

A.) Set field-level security for the users’ profiles
C.) Modify the page layout assigned to the profiles of the users

Permission sets can be assigned to individuals but not through profiles

46
Q

The CTO if Global Media Corporation would like to refine their security policies. He wants all of the SFDC users in his org to change their password after 60 days. The password should have a minimum password length of 12 characters, and the maximum invalid login attempts should be 3. What should the admin consider when configuring this? Choose 2

A.) “Password Policies” settings can be maintained on the user detail page
B.) A request to SFDC is required to change the password policy
C.) “Password Policies” settings can be maintained for each profile
D.) “Password Policies” can be maintained at the organization level

A

C.) “Password Policies” settings can be maintained for each profile
D.) “Password Policies” can be maintained at the organization level

47
Q

Cosmic Enterprises has launched a new product, and the admin of the company needs to ensure that the after-sales support for this new product follows a specific life-cycle and can be managed efficiently. How can he ensure that cases that are opened for the new product are only visible and routed to a certain group of support engineers? Choose 1

A.) Use a new support process, record type, page layout, and queue
B.) Use a new record type, page layout and queue
C.) Use a new support process, record type and page layout
D.) use a new page layout only

A

A.) Use a new support process, record type, page layout, and queue

A new support process can be used to define the case status values for the new product and define the specific lifecycle of the case. It can be assigned to a record type and associated to a new page layout for the product. A queue can be used to assign the cases only to a specific support group.

48
Q

An admin often deals with record-level security. Which of the following are correct regarding record-level security? Choose 2

A.) Sharing rules can never be stricter than the org-wide sharing defaults
B.) Roles are used to open up the record access among user groups (i.e., horizontally)
C.) Org-wide sharing defaults are always used for opening record access to the user
D.) Roles are used to create a sharing hierarchy among users

A

A.) Sharing rules can never be stricter than the org-wide sharing defaults
D.) Roles are used to create a sharing hierarchy among users

49
Q

Robin is an admin. He has been asked to explain what can be controlled in profiles. Which of the following can be controlled through profiles? Choose 3

A.) License Types
B.) Page Layouts
C.) Object Permissions
D.) Field Level Security
E.) Roles
A

B.) Page Layouts
C.) Object Permissions
D.) Field Level Security

50
Q

In a private sharing model, if the admin needs to make some exceptions to give access to records, what features can you use? Choose 3

A.) Account Teams
B.) Sharing Exception Rules
C.) Manual Sharing
D.) Sharing Rules

A

A.) Account Teams
C.) Manual Sharing
D.) Sharing Rules

51
Q

The users with the Sales profile should no longer have access to several fields on a custom object. The admin employs field-level security for these fields. What should the admin consider before changing the page layout and field-level security settings? Choose 2

A.) Fields can be set as hidden in the page layout but users will still be able to access the fields in reports, search and list views
B.) If a field is set to read-only using field-level security for a user’s profile but the user has edit access to the object, the user is able to update the field
C.) If a field is hidden using field-level security, it does not appear in page layouts, search results, related lists, and list views but it will appear in reports
D.) If a field is hidden using field-level security, it does not appear in page layouts, search results, related lists, list views or reports

A

A.) Fields can be set as hidden in the page layout but users will still be able to access the fields in reports, search and list views
D.) If a field is hidden using field-level security, it does not appear in page layouts, search results, related lists, list views or reports

Field-level security allows fields to be hidden or made read-only by profile. If field-level security is enabled, the field will not be visible in page layouts, search results, list views, related lists, or reports. On the other hand, if the admin removes the field from the page layouts, all users that use the page layouts will not be able to view the field in the record detail and edit pages. In addition, the users will still be able to see fields via reports, search results, list views, and the API.

52
Q

SGS Global is a dynamic org with more than 500 users across the globe. Which best practices should the admin of the organization follow in order to manage changes to permissions for different groups of users more effectively by reducing the overhead of customization? Choose 2

A.) The admin should use permission sets to extend permissions for individuals or small groups of users as required.
B.) The admin should always assign standard profiles to users and create permission sets as required
C.) The admin should customize the standard profiles as they are provided by SFDC
D.) The admin should not create a custom profile every time a user requires additional access or permission

A

A.) The admin should use permission sets to extend permissions for individuals or small groups of users as required.
D.) The admin should not create a custom profile every time a user requires additional access or permission

Standard profiles are included with SFDC. Object-level and user permissions cannot be changed on these profiles. Standard profiles should not be used if permissions need to be changed. A standard profile can be cloned to create a custom profile instead, which would allow making changes as required. Custom profiles are created by an admin and can be fully customized.

53
Q

United Technologies often needs several sales reps working on the same opportunities and requests the admin to reflect this in the SFDC org. What is true regarding Opportunity Teams? Choose 1

A.) The owner of the opportunity or users above the owner in the role hierarchy can manage opportunity team members
B.) Opportunity teams are enabled by default
C.) Only admins can define default opportunity teams
D.) Custom fields cannot be added to the Opportunity Team Member object

A

A.) The owner of the opportunity or users above the owner in the role hierarchy can manage opportunity team members

Opportunity team members can be added by the admin, the opportunity owner, and users above the opportunity owner in the role hierarchy. Opportunity Teams must be enabled in Setup. The admin or users can create default teams. Custom fields can e added to the Opportunity Team Member object.

54
Q

The admin has been asked by the CTO to list the types of record-level sharing available in SFDC. Which of the following is related to record-level sharing? Choose 3

A.) Sharing Rules 
B.) Profiles
C.) Organization Wide-Defaults
D.) Roles
E.) Permission Sets
A

A.) Sharing Rules
C.) Organization Wide-Defaults
D.) Roles

55
Q

The admin wants to make the org more secure with network-based security. When should network-based security be used? Choose 3

A.) When she wants to limit when people can login
B.) When she wants to limit where people can login
C.) When she wants to limit who can login
D.) When she wants to make it difficult to use stolen credentials
E.) When she wants to specify user authentication protocols

A

A.) When she wants to limit when people can login
B.) When she wants to limit where people can login
D.) When she wants to make it difficult to use stolen credentials

Network-based security allows limits to be set on where users can long in from and at what times, whereas user authentication determines who can log in. Network-based security covers IP range restrictions, profile-based IP restrictions, and login hours. Since the IP where users can log in from and the time when the users can log in are limited, it can make it more difficult to use stolen credentials to log in to SFDC.

56
Q

Global Inc. has developed a new recruitment application in SFDC for support their global recruitment team. The admin wants to give access to this new application to the users from the HR and recruitment team who have not used SFDC before and do not need access to any other apps in SFDC. What is the best option? Choose 1

A.) Use an existing profile and add a permission set for the users to access the app
B.) Modify an existing profile and make the app visible
C.) Create a new profile by cloning an existing profile and modify it to only include permissions to the app
D.) Clone the “Marketing User” profile and assign it to the users.

A

C.) Create a new profile by cloning an existing profile and modify it to only include permissions to the app

As the scenario mentions the new users should not have access to any existing apps, the best option is to create a new profile by cloning an existing profile and modify to only include permissions for the new app.

57
Q

In a private sharing model, how can users at the same level of the role hierarchy have access to each other’s data? Choose 1

A.) Permission sets can be added to allow access
B.) Sharing rules can be added to grant access
C.) Users at the same level in the role hierarchy will have access to other users data at the same level by default
D.) A sharing group can be set up to grant access

A

B.) Sharing rules can be added to grant access

The role hierarchy grants access to data according to the hierarchy and does not work across levels. Sharing rules can be added to grant access to users at the same level. The sharing rule would be based on the record owner and share records owned by one role with users of another role.

58
Q

Which of the following can profiles be used for? Choose 3

A.) Controlling which Apex classes and Visualforce pages users can access
B.) Making certain fields of an object read only for users
C.) Controlling whether users assigned to a particular role can view certain records
D.) Allowing users to manually share the records of an object
E.) Ensuring that a record type is available to users

A

A.) Controlling which Apex classes and Visualforce pages users can access
B.) Making certain fields of an object read only for users
E.) Ensuring that a record type is available to users

Profiles can be used to define object-level and field-level security settings and control access to Apex classes, Visualforce pages, record types, etc. But they do not allow controlling whether users who are assigned to a particular role can view certain records.

59
Q

An admin is setting up a new org for a company with over 300 employees that will require setup of several roles and profiles. Which statement regarding profiles and roles is correct? Choose 1

A.) A role determines what parts of the application the user can access
B.) The profile hierarchy determines record access in a read only sharing model
C.) A profile controls what records a user can see in the application
D.) The role hierarchy determines record access in a private data sharing model

A

D.) The role hierarchy determines record access in a private data sharing model

Profiles determine what parts of the application a user can see and the permissions on objects. The role hierarchy determines record access.

60
Q

A user has reported that they do not have visibility to the Contacts tab. What should the admin check first? Choose 1

A.) The user record
B.) Account settings
C.) The profile assigned to the user
D.) The role assigned to the user

A

C.) The profile assigned to the user

Profiles determine what users can see and what they can do in an application

61
Q

In an SFDC org used by Cosmic Solutions, only the activity owner or users above the owner in the role hierarchy should be able to edit and delete the activity. However, those who are able to view the parent record related to the activity should be able to view and report on the activity. Which organization-wide default sharing setting should be sued for the “Activity” object for this requirement? Choose 1

A.) Public Read only
B.) View Only
C.) Full Access
D.) Private

A

D.) Private

The org-wide default sharing setting for the “Activity” object can be either “Controlled by Parent” or “Private”. Private means that only the owner and users above the owner in the role hierarchy can edit and delete the activity; users with read access to the record to which the activity is associated with can view and report on the activity.

“Controlled by Parent” means that a user can perform an action (such as view, edit, transfer and delete) on an activity based on whether they can perform that same action on the records associated with the activity. For example, if a task is related to an account that can be edited by a user, then the user can also edit the task, even if they are not the owner of the task.

“Full Access” and “View Only” are not available as org-wide default sharing settings for the “activity” object.

62
Q

Cosmic marketing Solutions is a marketing firm that uses a custom object called “Digital marketing Contract” to store customers’ contracts related to services like search engine optimization, newsletter campaigns, online promotion, etc. A custom profile called “marketing Team” has been created in SFDC for users in the marketing team. The custom profile allows these users to view, edit, and create digital marketing contracts in SFDC. however, only two senior marketing users should be able to delete the contracts. What should the company’s admin do to meet this requirement? Choose 1

A.) Assign one of the standard profiles to the two senior users
B.) Create a new custom profile by cloning the “marketing team” profile, and assign it to the two senior users
C.) Create a new custom profile by cloning a standard profile, and assign it to the two senior users.
D.) Assign the “Marketing Team” profile to the two senior users, and create a permission set the grant the “Delete” permission

A

D.) Assign the “Marketing Team” profile to the two senior users, and create a permission set the grant the “Delete” permission

A custom profile could be created, but as there are only two users who require the “delete’ permission on the object, it would e more efficient to assign an existing profile and create a permission set to grant the additional permission. Assigning one of the standard profiles is not a good solution since the two senior users most likely also require access to other objects and permissions that other marketing users are able to access.

63
Q

The Sales manager asked the admin how she can share dashboards and reports with select users. What is true regarding the sharing of Reports & Dashboards? Choose 1

A.) The owner of the report or dashboard needs to manually add users to an access list to view a report or dashboard
B.) All users have access to reports and dashboards i all folders
C.) For a user to view a report or dashboard, it needs to be shared with the user
D.) For a user to view a report or dashboard, the folder needs to be shared with the user

A

D.) For a user to view a report or dashboard, the folder needs to be shared with the user

64
Q

An admin is tasked with security the company’s SFDC org. What features should the admin start with that can be used to identify and fix vulnerabilities in the org? Choose 1

A.) Health Overview
B.) Health Check
C.) Health Fix
D.) System Monitor

A

B.) Health Check

Health Check can be used to identify and fix security vulnerabilities in security settings from a single page. A summary score shows how the org measure against the SFDC-recommended baseline.

65
Q

What is true regarding Security Health Check? Choose 2

A.) Values are compared against the SFDC baseline standard
B.) Settings are grouped into High Risk, Medium Risk, Low Risk and Informational
C.) All settings contribute equally to the score
D.) A high score means there are many high risk settings

A

A.) Values are compared against the SFDC baseline standard

B.) Settings are grouped into High Risk, Medium Risk, Low Risk and Informational

66
Q

The Sales Team of JW Computing is comprised of the Sales Manager, Sales Team Leads, Sales Executives, and Sales Reps. All of them are assigned to the custom profile “Sales Team”. The Sales Manager requested that he should be able to see all the Account and Opportunity data of his team. The organization is using a private sharing model. How can the admin achieve this? Choose 1

A.) By assigning a perm set to “View All Team’s Data”
B.) The admin should open a new case with SFDC support to achieve this
C.) By assigning “View All Data” permission to the Sales Manager
D.) By assigning a role to the Sales Manager that is higher in the role hierarchy than his team

A

D.) By assigning a role to the Sales Manager that is higher in the role hierarchy than his team

In a private sharing model, if the Sales Manager is assigned a rile higher than this team in the role hierarchy, he will see all of their Account and Opportunity data. The setting that is important here is “Grant Access Using Hierarchies”. This is a sharing setting, not a profile setting. It is enabled by default and cannot be changed for standard objects. It can be disabled for custom objects. Account and Opportunity are standard objects, so the “Grant Access Using Hierarchies” setting will be enabled by default and users will see the data of records owned by those lower in the role hierarchy.

67
Q

An admin is told to look through the login forensics to spot any suspicious attempts to gain access to the org. Which of the following can login forensics provide? Choose 3

A.) The average number of logins per user per a specified time period
B.) Who logged in during non-business hours
C.) Who logged in more than the average number of times
D.) The number of logins per profile
E.) The number of logins per role and profile

A

A.) The average number of logins per user per a specified time period
B.) Who logged in during non-business hours
C.) Who logged in more than the average number of times

Login forensics provides information on the average number of logins per user in a specified time period, who logged in more than the average number of times, who logged in during non-business hours, and who logged in using suspicious IP ranges. It does not provide information on the number of logins that each role or profile has made.

68
Q

Universal Containers uses Lightning. The company has a Sales & Marketing email template folder, which contains the Sales & Marketing email template subfolders. Each of these subfolders stores email templates that were created by the Marketing Manager. If the Marketing department hires a new intern that needs to modify all the email templates in both subfolders, what’s the most efficient action that the admin can take to share these templates with the intern? Choose 1

A.) Grant Manage access to the Sales & Marketing email template folder
B.) Grant edit access to the Sales & Marketing email template folder
C.) Grant Edit access to the Sales & Marketing email template subfolder
D.) Grant edit access to each email template in the Sales & Marketing subfolders

A

B.) Grant edit access to the Sales & Marketing email template folder

69
Q

United Technologies is looking to customize their internal SFDC URL to their branding, planning on leveraging SSO as well as developing custom Lightning components. Which of the following should be enabled in order to utilize these features? Choose 1

A.) My Domain
B.) Public Sites
C.) Custom Sites Domain
D.) Custom URL

A

A.) My Domain

My Domain allows admins to define a subdomain for their org URL. The defined subdomain replaces the instance pod in all URLs within the org. My Domain is required for certain features such as SSO and certain custom Lightning components, as well as for certain managed packages

70
Q

What is true regarding using subfolders to organize reports and dashboards in Lightning? Choose 2

A.) Subfolders can be created in the Public folder
B.) A hierarchy of subfolders can be created to represent a logical structure
C.) Folder sharing is at the root level
D.) Sharing can be set at the subfolder level
E.) Subfolders can be deleted but not renamed

A

B.) A hierarchy of subfolders can be created to represent a logical structure
C.) Folder sharing is at the root level

In lightning, subfolders can be used to organize reports & dash into a logical structure. Folder sharing is at the root level, not subfolder level. Subfolders can be created in user created folders, but not in the Public or Private folder. Folders can be renamed or deleted (if the folder doesn’t contain any reports or dahes)

71
Q

Which of the following is true about sharing access to a file attached to a record? Choose 1

A.) Only view access can be granted
B.) Access can only be determined by the admin
C.) Access can be determined by the sharing settings of the record
D.) Access can only e determined by the record owner

A

C.) Access can be determined by the sharing settings of the record

72
Q

Which of the following is true regarding the addition of an identity verification method to a user’s account? Choose 1

A.) An email confirmation is sent to the user if a new identity verification method (e.g. mobile phone) is added
B.) SFDC calls the user to confirm that the identity verification method is valid
C.) SFDC blocks the added identity verification method until email is confirmed
D.) Only an admin can add identity verification methods for users

A

A.) An email confirmation is sent to the user if a new identity verification method (e.g. mobile phone) is added

73
Q

Charleston Small Business Products has recently expanded their business to including marketing and technology services. Consequently, the admin must set up several new profiles to limit access to new objects created. Which object settings can be controlled from a Profile? Choose 3

A.) Tab settings
B.) Object permissions but not field permissions
C.) User licenses
D.) Record types and page layout assignments
E.) Object permissions and field permissions

A

A.) Tab settings
D.) Record types and page layout assignments
E.) Object permissions and field permissions

74
Q

Users of an org require edit access to all contacts associated with accounts they own. In many cases, some of the related contact record are owned by the account owner and some are owned by other users. Which organization-wide default sharing setting can be used for the Contact object to meet his requirement? Choose 1

A.) Public read Only
B.) Private
C.) Public Read/Write
D.) Controlled by Parent

A

D.) Controlled by Parent

The “Controlled by Parent” sharing setting should e used for the Contact object since it would grant account owners edit access to all related contacts regardless of who owns the contacts. Access to contacts can be specified with an OWN sharing setting.

75
Q

Which of the following are valid identity verification methods? Choose 2

A.) using the verification code in an email that is sent to the address associated with the account
B.) Entering a mobile number every time during login to receive a verification code in a text message
C.) Using the SFDC authenticator mobile app to verify the account activity
D.) Using an API key pair that includes unique secret key to verify the account actvity.

A

A.) using the verification code in an email that is sent to the address associated with the account
C.) Using the SFDC authenticator mobile app to verify the account activity

76
Q

If a Sales Manager wants to add a Powerpoint file to a new Content Library but not make it visible to other sales until a later time, what should the Sales Manager do? Choose 1

A.) Add the file to the library but not add any library members
B.) Add the file to a library, add the sales public group as members, and set the date when the file should become visible
C.) Add the file to a library, add the sales public group as members but don’t assign any permission
D.) Disable the view permissions of the content object for the user’s profile

A

A.) Add the file to the library but not add any library members

To access a file in a library, users need to be members of the library (either individual users or part of a public group). If the sales users will need to have access to the file at a later date, the file can be added to the library and then add the sales public group as members with the appropriate permission at the later date. When users are added as members to a library, permission must be added at the same time so it is not an option to add members without assigning permissions.

77
Q

In sharing settings, which 2 objects have Public/Read/Write/Transfer options? Choose 2

A.) Accounts
B.) Leads
C.) Opportunities
D.) Cases
E.) Campaign
A

B.) Leads
D.) Cases

Public Read/Write/Transfer is available only for Cases and Leads.When Case or Leads are set to Public
Read/Write/Transfer, all users can view, edit, transfer, and report on all case or
lead records.

78
Q

What is the difference between Public Read/Write/Transfer vs. Public Read/Write? Choose 2

A.) Public Read/Write/Transfer only works for Accounts with the record type “Competitor”
B.) Public Read/Write/Transfer means any user can export data about this object from SFDC while Public Read/Write means only those who are the owner or above the owner in the role hierarchy can export the data
C.) With Public Read/Write you can edit the records if you don’t even own them, but you cannot change the owner of the record if you don’t own it.
D.) Public Read/Write/Transfer is only available option for Leads and Cases objects, other objects you can choose Public Read/Write but not Public Read/Write/Transfer

A

C.) With Public Read/Write you can edit the records if you don’t even own them, but you cannot change the owner of the record if you don’t own it.
D.) Public Read/Write/Transfer is only available option for Leads and Cases objects, other objects you can choose Public Read/Write but not Public Read/Write/Transfer

Public Read/Write/Transfer is available only for Cases and Leads.When Case or Leads are set to Public
Read/Write/Transfer, all users can view, edit, transfer, and report on all case or lead records.

For example, if Lucy is the owner of WidgetX case number 101, all other users can view, edit, transfer ownership, and report on that case. But only Lucy can delete or change the sharing on case 101.

79
Q

Sam, an admin, talked to the Sales Manger, who expressed that he would like to set up org-wide default sharing setting for Exernal Access, so Chatter External users and SFDC Community users can access certain objects in SFDC. What is the first thing Sam needs to do? Choose 1

A.) Sam can reach out to the Sales Manager to see what sharing settings to use for each object
B.) Sam can set up manual sharing rules to share certain records with external users
C.) Sam can click the “Enable External Sharing Model” button on the Sharing Settings page
D.) Sam can see if a third-party has built a way to share data from SFDC to external users

A

C.) Sam can click the “Enable External Sharing Model” button on the Sharing Settings page

This allows you to set up the Default External Sharing Settings to objects (Controlled by Parent, Public Read/Write, etc.)

80
Q

Sam, an admin, talked to the Sales Manger, who expressed that he would like to set up manual user record sharing for their SFDC instance. What are the two steps Sam needs to take to set this up? Choose 2

A.) Click the checkbox for “Manual User Record Sharing” on the Org-Wide Defaults section of the Sharing Settings page
B.) Click the checkbox for “Manual User Record Sharing” on user’s profile setup
C.) Add the “sharing” button on page layouts to the pages Sam would like users to have manual sharing access
D.) Turn on “enable manual sharing” in user settings

A

A.) Click the checkbox for “Manual User Record Sharing” on the Org-Wide Defaults section of the Sharing Settings page

To first create this, Sam needs to click the checkbox for “Manual User Record Sharing” on the Org-Wide Defaults section of the Sharing Settings page.

Next, he will need to add the “sharing” button to the page layouts that he would like to enable sharing on.

81
Q

Levi, an admin, is trying to explain how role hierarchy, sharing rules and manual sharing fit into a vertical and lateral sharing model. How can Levi explain this? Choose 1

A.) Vertical sharing is all sharing models except manual sharing
B.) Role hierarchy is setting up vertical a vertical sharing model, sharing settings is a lateral sharing model, and manual sharing can be in any direction sharing
C.) All three types of sharing can be either vertical or lateral, depending on how you structure your sharing settings and rules
D.) All three are lateral sharing models

A

B.) Role Hierarchy is setting up vertical a vertical sharing model, sharing settings is a lateral sharing model, and manual sharing can be in any direction sharing

Role Hierarchy works off of a vertical model - giving access via your role (manager can edit records of those reporting to them, etc).

Sharing settings can work laterally - giving access to teams working beside you (ex: Opportunity sharing rule that gives read access of all Opps owned by Eastern Sales team to Western sales team)

Manual sharing you can share in any direction (can share with manager, can share with other sales team, etc.)