Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

301 Technical Commercial > Security, Admin and Integrations > Flashcards

Security, Admin and Integrations Flashcards

1
Q

Salesforce Security Model

Security and “x” in nCino are set up in 4 layers:

  • The “x”
  • The “x”
  • The “x”
  • The “x”
A

Salesforce Security Model

Security and “data access” in nCino are set up in 4 layers:

  • The “org”
  • The “object”
  • The “record”
  • The “field”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Salesforce Security Model: Layer 1

Broad rules are set, to establish when & from which “x” a user can “x” the system.

  • Users can be restricted to “x” only from office premises.
  • “x” can be set up at the company or profile level.
  • “x” can be set to specify when a user can and cannot “x” the system.
A

Salesforce Security Model: Layer 1

Broad rules are set, to establish when & from which “access points” a user can “access” the system.

  • Users can be restricted to “log in” only from office premises.
  • “IP Ranges” can be set up at the company or profile level.
  • “Login hours” can be set to specify when a user can and cannot “access” the system.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Salesforce Security Model: Layer 2

Object level security determines the actions (“x”) a user can perform on data. This is controlled by “x” and “x”.

“x”

  • Control the “x” that can be accessed.
  • Control the “x” and “x” that can be seen.
A

Salesforce Security Model: Layer 2

Object level security determines the actions (“CRED”) a user can perform on data. This is controlled by “profiles” and “permission sets”.

“Profiles”

  • Control the “objects” that can be accessed.
  • Control the “page layouts” and “tabs” that can be seen.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Salesforce Security Model: Layer 3

“x” security goes deeper to define exactly which existing “x” can be viewed or edited.

  • User doesn’t have “x” access, system won’t grant them “x” access, regardless of having the “x”.
  • Users can be granted limited “x” access to the “x” they don’t own.
  • Additional access can be granted/controlled through various “x”.
A

Salesforce Security Model: Layer 3

“Record level” security goes deeper to define exactly which existing “records” can be viewed or edited.

  • User doesn’t have “object” access, system won’t grant them “record” access, regardless of having the “record access”.
  • Users can be granted limited “record-level” access to the “records” they don’t own.
  • Additional access can be granted/controlled through various “sharing options”.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Salesforce Security Model: Layer 3 (Cont’d)

The “x” of a “x” has full access to the “x”. Beyond that, “x” sharing among different sets of users is controlled by four pillars:

  • Manual “x”
  • “x” rules
  • “x”
  • “x”
A

Salesforce Security Model: Layer 3 (Cont’d)

The “owner” of a “record” has full access to the “record”. Beyond that, “record-level” sharing among different sets of users is controlled by four pillars:

  • Manual “sharing”
  • “Sharing” rules
  • “Role hierarchy”
  • “Org Wide Defaults”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Salesforce Security Model: Layer 4

“x” security is the most detailed level of security and is used to determine the “x” a user can view and edit on the records of an object.

A user must be able to “x” the record in order to “x” any fields on the record. Same for “x”.

“x” have two settings, visible and read only. They can only “x”, not “x”.

A

Salesforce Security Model: Layer 4

“Field level” security is the most detailed level of security and is used to determine the “fields” a user can view and edit on the records of an object.

A user must be able to “view” the record in order to “view” any fields on the record. Same for “editing”.

“Field level permissions” have two settings, visible and read only. They can only “restrict access”, not “grant it”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Session Management helps with the following

  • View “x”
  • View “x” details for the “x”
  • Create “x” of the data
  • View “x” about a user associated with a “x”
  • End “x”
A

Session Management helps with the following

  • View “active sessions”
  • View “session” details for the “org”
  • Create “different views” of the data
  • View “details” about a user associated with a “specific session”
  • End “suspicious sessions”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

nCino Security Gold Standards: User Provisioning

System admins should define a “x” and “x” process to provide “x” over user records on a system.

“x”
- User records are created by an admin who’s logged into the production system.

“x”
- User records are created from an external software system through an API.

“x”
- User records are automatically created based on information provided on the initial request by a trusted source (SAML JIT Provisioning). This method does not enable background synchronisation of user attributes or de-provisioning/deactivation of user accounts.

A

nCino Security Gold Standards: User Provisioning

System admins should define a “provisioning” and “de-provisioning” process to provide “clear control” over user records on a system.

“Manual”
- User records are created by an admin who’s logged into the production system.

“Automated (on demand)”
- User records are created from an external software system through an API.

“Just-in-time (JIT)”
- User records are automatically created based on information provided on the initial request by a trusted source (SAML JIT Provisioning). This method does not enable background synchronisation of user attributes or de-provisioning/deactivation of user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

nCino Security Gold Standards: Directory Environments

When planning an nCino implementation, consider the “x” that can be provided for “x”.

Also consider a “x” region for the “x” directory to avoid creating “x” or “x” accounts in “x”.

A

nCino Security Gold Standards: Directory Environments

When planning an nCino implementation, consider the “directory environments” that can be provided for “testing”.

Also consider a “lower testing” region for the “user/employee” directory to avoid creating “developer” or “test” accounts in “production regions”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Authentication: SSO

Enables a seamless and secure “x” for users, without a username or password.

This allows a bank to control “x” to the nCino “x” through an established means of trust between the “x” and the “x”.

Users cannot be “x” without the explicit permission of the “x”.

A

Authentication: SSO

Enables a seamless and secure “authentication” for users, without a username or password.

This allows a bank to control “access” to the nCino “application” through an established means of trust between the “application” and the “enterprise directory”.

Users cannot be “authenticated” without the explicit permission of the “identity-provider”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Authentication: Two Factor Authentication

SF platform has the standard ability to configure a 2FA.

Login flows allow the ability to declaratively customise the login process to add a custom “x” or two-factor authentication to result in a “x” session.

A

Authentication: Two Factor Authentication

SF platform has the standard ability to configure a 2FA.

Login flows allow the ability to declaratively customise the login process to add a custom “step-up” or two-factor authentication to result in a “high assurance” session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Authentication: nCino/Salesforce API Authentication

Specific “x” can be created and “x” to “x” access.

Leveraging the security model, these accounts can be limited to access required by “x” as an additional control to “x” to the system in the event any “x” are “x”.

These “x” can also be restricted to “x” configuration data only. This reduces the risk of “x”.

A

Authentication: nCino/Salesforce API Authentication

Specific “user accounts” can be created and “restricted” to “API-only” access.

Leveraging the security model, these accounts can be limited to access required by “downstream systems” as an additional control to “limit access” to the system in the event any “credentials” are “compromised”.

These “profiles” can also be restricted to “read/write” configuration data only. This reduces the risk of “migrating nCino record-based configuration”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authentication: Off-Platform API Authentication

If a “x” or “x” invocation requires the platform to call “x” at the FI’s network, “x” to that network is often achieved with “x” or “x”.

For “x”, in addition to “x”, the Salesforce platform has a feature called “x”.

This feature allows an admin to configure an “x” with a set of “x”. Once this “x” is configured, the platform allows a “x” to this “x” without additional configuration through a “x”.

A

Authentication: Off-Platform API Authentication

If a “call-out” or “remote process” invocation requires the platform to call “API hosted” at the FI’s network, “authentication” to that network is often achieved with “mutual” or “two-way SSL”.

For “external API call-outs”, in addition to “certificates”, the Salesforce platform has a feature called “Named Credentials”.

This feature allows an admin to configure an “end point” with a set of “protected credentials”. Once this “end point” is configured, the platform allows a “call-out” to this “endpoint” without additional configuration through a “remote site setting”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Encryption: Data Security (Encryption)

This is a security feature typically applied to “x”. This is any piece of information that can uniquely identify an individual or provide confidential information such as zip code.

These are mostly common sets of “x” on customer, financial or other asset records.

A

Encryption: Data Security (Encryption)

This is a security feature typically applied to “PII”. This is any piece of information that can uniquely identify an individual or provide confidential information such as zip code.

These are mostly common sets of “fields” on customer, financial or other asset records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Encryption: Platform Encryption (Shield)

This provides “x”, “x”, “x” and enables banks to control the security of their information in the Salesforce multi-tenant environment.

As platform encryption is “x” compared to “x”, it’s able to seamlessly operate within the “x” with minimal impact to “x” and “x”. This is a paid add-on feature.

A

Encryption: Platform Encryption (Shield)

This provides “embedded”, “robust”, “enterprise-grade capabilities” and enables banks to control the security of their information in the Salesforce multi-tenant environment.

As platform encryption is “native” compared to “gateway options”, it’s able to seamlessly operate within the “data access layer” with minimal impact to “functionality” and “operational support”. This is a paid add-on feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Expanded Platform Capabilities: Field Audit Trail

Expands on “x”, this feature of platform encryption allows more “x” policies to be set at the field level.

This enables banks to track more “x” over time, and when necessary, comply with record “x” to “x”.

A

Expanded Platform Capabilities: Field Audit Trail

Expands on “field history tracking”, this feature of platform encryption allows more “granular retention” policies to be set at the field level.

This enables banks to track more “information” over time, and when necessary, comply with record “retention policies” to “reduce risk”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Expanded Platform Capabilities: Event Monitoring

This feature allows for intricate instrumentation of platform activities for “x” or “x”, or through the use of the included “x” wave application.

A number of different “x” and “x” can be configured for monitoring through this tool.

It also includes the ability to configure “x” to intercept real-time events.

A

Expanded Platform Capabilities: Event Monitoring

This feature allows for intricate instrumentation of platform activities for “logging” or “log analysis tools”, or through the use of the included “event monitoring” wave application.

A number of different “metrics” and “dashboards” can be configured for monitoring through this tool.

It also includes the ability to configure “transaction security policies” to intercept real-time events.

18
Q

Loss Prevention and Compliance: Chatter

As an open and user-centric collaboration tool, Chatter can have additional “x” or “x”.

This may include using a “x” or “x” vendor to meet “x” or other “x”.

Chatter is a core part of the nCino product and cannot be “x”

A

Loss Prevention and Compliance: Chatter

As an open and user-centric collaboration tool, Chatter can have additional “security” or “compliance requirements”.

This may include using a “third-party” or “AppExchange” vendor to meet “data archive” or other “compliance requirements”.

Chatter is a core part of the nCino product and cannot be “completely turned off.”

19
Q

Loss Prevention and Compliance: Data Loss Protection/Prevention (DLP)

Similar to the concept described as “x”, some institutions employ “x” to monitor “x” and mitigate “x”.

The Salesforce “x” add-on component is an “x” which can be used for this capability.

A

Loss Prevention and Compliance: Data Loss Protection/Prevention (DLP)

Similar to the concept described as “event logs”, some institutions employ “Security Operations Centers (SOCs)” to monitor “security risks” and mitigate “information loss”.

The Salesforce “event monitoring” add-on component is an “integrated solution” which can be used for this capability.

20
Q

nCino recommends each FI has a dedicated admin - why?

  • Increased “x”
  • Continued “x” & “x”
  • “x” and “x”
  • Overall “x”
A

nCino recommends each FI has a dedicated admin - why?

  • Increased “adoption”
  • Continued “expansion” & “growth”
  • “Visibility” and “change management”
  • Overall “improved efficiency”
21
Q

Implementing Retail after Commercial: Second Phase Implementation

  • All “x” for previous implementations may be specific for business lending and not relevant for “x”
  • Validation is specific to “x” and not the “x”.
  • Some VF pages are reused for “x” and changes could be “x”.
A

Implementing Retail after Commercial: Second Phase Implementation

  • All “workflow” for previous implementations may be specific for business lending and not relevant for “consumers”
  • Validation is specific to “business” and not the “consumer”.
  • Some VF pages are reused for “retail” and changes could be “org-wide”.
22
Q

Implementing Retail after Commercial: Retail Workflow

  • Retail Workflow doesn’t have to be used.
  • Implementation can be done for retail loans around “x”.
  • Missing out on the “x” is not recommended. Should only happen in extreme “x”.
A

Implementing Retail after Commercial: Retail Workflow

  • Retail Workflow doesn’t have to be used.
  • Implementation can be done for retail loans around “standard configuration”.
  • Missing out on the “streamlined workflow” is not recommended. Should only happen in extreme “pushback situations”.
23
Q

nCino License Types: Standard

  • Provides “x” to nCino’s functionality that is specific to “x” & “x” around “x”, “x”, “x”, “x” and “x”.
A

nCino License Types: Standard

  • Provides “full access” to nCino’s functionality that is specific to “business processes” & “workflow” around “loan origination”, “credit analysis”, “deposit account opening”, “fulfilment” and “customer relationship management”.
24
Q

nCino License Types: Lite

  • Provides “x” access to nCino functionality with full use of nCino’s “x” object functionality.
  • This license provides users who aren’t normally involved in “x”, “x” and “x” limited access to nCino’s system to complement the nCino “x” and “x” license users.
A

nCino License Types: Lite

  • Provides “read-only” access to nCino functionality with full use of nCino’s “referral” object functionality.
  • This license provides users who aren’t normally involved in “origination”, “fulfilment” and “onboarding processes” limited access to nCino’s system to complement the nCino “Standard” and “Premium” license users.
25
Q

nCino License Types: Premium

  • Provides a completely “x” license with full access to Salesforce’s CRM, “x”, “x”, “x”, coupled with nCino’s functionality specific to “x” and “x” around “x”, “x”, “x” and “x”.
A

nCino License Types: Premium

  • Provides a completely “integrated” license with full access to Salesforce’s CRM, “lead generation”, “campaigns”, “marketing data analytics”, coupled with nCino’s functionality specific to “business process” and “workflow” around “loan origination”, “credit analysis”, “fulfilment” and “treasury management onboarding”.
26
Q

nCino License Types: Customer Portal

  • Enables FI’s to meet customer expectations by provided a “x”, “x” and transparent “x”.
  • The FI’s customers can use nCino’s customer portal to “x” required “x”, “x” with their FI and check on the “x” of their “x” and other financial products.
A

nCino License Types: Customer Portal

  • Enables FI’s to meet customer expectations by provided a “seamless”, “modern” and transparent “digital experience”.
  • The FI’s customers can use nCino’s customer portal to “upload” required “documents”, “communicate” with their FI and check on the “status” of their “loans” and other financial products.
27
Q

nCino License Types: Partner Community

  • Provides “x” with limited secure access to nCino functionality.
A

nCino License Types: Partner Community

  • Provides “third parties” with limited secure access to nCino functionality.
28
Q

nCino License Mapping to Salesforce Licenses

Each nCino license is associated with a corresponding SF license.

nCino Standard & Lite = “x”
nCino Premium = “x”
nCino Customer Portal = “x”
nCino Partner Community = “x”

A

nCino License Mapping to Salesforce Licenses

Each nCino license is associated with a corresponding SF license.

nCino Standard & Lite = “Salesforce Platform License”
nCino Premium = “Salesforce License”
nCino Customer Portal = “Salesforce Customer Community Plus License”
nCino Partner Community = “Salesforce Partner Community License”

29
Q

Benefits of the Integration Platform

  • “x”
  • “x”
  • “x”
  • “x”
  • “x”
  • “x”
A

Benefits of the Integration Platform

  • “Consistency”
  • “Flexibility”
  • “Transparency”
  • “Multiple Vendors”
  • “Micro-services”
  • “Speed”
30
Q

Integration Solution Types

Two types of integrations used by nCino: “x” and “x”.

Nearly every FI requires “x” to run nCino.

A

Integration Solution Types

Two types of integrations used by nCino: “Batch Integrations/ETL Integrations” and “Process Integrations”.

Nearly every FI requires “integrations” to run nCino.

31
Q

Integration Solution Types: Batch/ETL

Batch Integrations or ETL (“x”) Integrations typically include large segments of “x” moved from a “x” to a “x” at a regularly scheduled time (often nightly).

A

Integration Solution Types: Batch/ETL

Batch Integrations or ETL (“Extract-Transform-Load”) Integrations typically include large segments of “data” moved from a “source system” to a “target system” at a regularly scheduled time (often nightly).

32
Q

Integration Solution Types: Process Integration

  • These are triggered on an “x” basis determined by the bank’s “x”.
  • Example: the “x” integration is only initiated upon the user clicking “x”
A

Integration Solution Types: Process Integration

  • These are triggered on an “ad-hoc” basis determined by the bank’s “business process”.
  • Example: the “credit pull” integration is only initiated upon the user clicking “pull credit”
33
Q

Batch Integrations (ETL)

Each bank will have a “x” accounting system, that is used to maintain “x” and “x” balances for the banks customers.

The fully leverage the features within nCino, the banks “x” must be “x” and subsequently “x”, with data created in nCino at regular intervals.

A

Batch Integrations (ETL)

Each bank will have a “core” accounting system, that is used to maintain “loan” and “deposit” balances for the banks customers.

The fully leverage the features within nCino, the banks “core data” must be “migrated” and subsequently “synchronised’, with data created in nCino at regular intervals.

34
Q

Batch Integration Option 1: ICS as the ELT Tool

nCino managed services for batch integration use “x” as the ETL tool. If a customer chooses this option, they build “x” from the “x” and provide “x” in the format that is expected in nCino.

The load of data into nCino is handled by the nCino “x”.

ICS stands for “x”.

A

Batch Integration Option 1: ICS as the ELT Tool

nCino managed services for batch integration use “Informatica ICS” as the ETL tool. If a customer chooses this option, they build “extracts” from the “core” and provide “data” in the format that is expected in nCino.

The load of data into nCino is handled by the nCino “data services team”.

ICS stands for “Intelligent Cloud Services”.

35
Q

Batch Integration Option 1: Use ETL tool other than ICS

If the customer chooses to use their own ETL tool to build the “x”.

Then it becomes the customers responsibility to “x” and “x” the integration.

nCino provides “x”.

A

Batch Integration Option 1: Use ETL tool other than ICS

If the customer chooses to use their own ETL tool to build the “batch integration”.

Then it becomes the customers responsibility to “build” and “support” the integration.

nCino provides “advisory services”.

36
Q

Process Integrations: Productised Integrations

These are built into the nCino “x” and are tied to “x”.

This includes integrations such as CBC Innovis, DNBi, Experian, Equifax and others.

nCino’s “x” to “x”

A

Process Integrations: Productised Integrations

These are built into the nCino “managed package” and are tied to “third party data providers”.

This includes integrations such as CBC Innovis, DNBi, Experian, Equifax and others.

nCino’s “responsibility” to “maintain”

37
Q

Process Integrations: Custom Integration

Allows a full range of “x” and “x” of the nCino “x”

It is the customers “x” to “x”

A

Process Integrations: Custom Integration

Allows a full range of “customisation” and “extension” of the nCino “integration solutions”

It is the customers “responsibility” to “maintain”

38
Q

Process Integrations Note

Some banks prefer to use a different “x” platform solution.

Provided the “x” platform supports a connection to Salesforce “x” and / or “x”.

“x” can be built & managed on the “x” to work with nCino.

A

Process Integrations Note

Some banks prefer to use a different “middleware” platform solution.

Provided the “middleware” platform supports a connection to Salesforce “web services API’s” and / or “REST API’s”.

“Custom Integrations” can be built & managed on the “middleware” to work with nCino.

39
Q

What is an nCino Productised Integration

It includes:

  • Visual “x”
  • “x” extension
  • Data “x”
  • “x”
  • “x”
  • “x”
  • “x”
  • “x”

Not just a data connector!

A

What is an nCino Productised Integration

It includes:

  • Visual “UI components”
  • “Data model” extension
  • Data “validation rules”
  • “Field Mapping”
  • “Workflow”
  • “Orchestration”
  • “API’s and messaging”
  • “Documentation”

Not just a data connector!

40
Q

nCino Integration Platform: nCino Data

The nCino platform “x” by taking any data source, transforming the data and loading it into nCino platform using the “x” “x” set.

A

nCino Integration Platform: nCino Data

The nCino platform “loads data” by taking any data source, transforming the data and loading it into nCino platform using the “Force.com” “API” set.

301 Technical Commercial (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions