Security and Access (13%)

Question 1

What checks are done when users try to access a Salesforce organization?

Answer 1

Profile Level Login Hours, Profile Level IP Ranges, Company Level Trusted IP Ranges, Activation Code Validation

Question 2

What are examples of Standard Profiles?

Answer 2

Standard User, Solution Manager, Marketing User, Contract Manager, Read Only, System Administrator

Question 3

Why and how are Custom Profiles created?

Answer 3

There are restrictions on what can be changed on a standard profile. Custom profiles are created by cloning a standard profile to be able to customize profile settings.

Question 4

How is object access controlled?

Answer 4

Object access is controlled at the profile-level, including permission sets and visibility to the tab.

Question 5

What are permission sets?

Answer 5

A group of permissions and settings that can be assigned to one or more users that grant additional privileges beyond the profile

Question 6

What do profile permissions grant?

Answer 6

Permissions to app-specific actions, customized actions built, or system-wide actions

Question 7

How is the role hierarchy related to record access?

Answer 7

Users will have access to other users’ records if they have a role above the record owner in the role hierarchy and grant access through hierarchies is enabled.

Question 8

What do organization-wide default settings do?

Answer 8

Determine access to records the user does not own and sets base record access for the org.

Question 9

How do Sharing Rules work?

Answer 9

Rules can be created to grant access to groups of users for certain records based on record owner or criteria.

Question 10

What does field-level security control?

Answer 10

Controls if a field is visible or read-only at the profile level

Question 11

What should be considered when changing OWD settings?

Answer 11

If increasing default access, changes will take effect immediately. If decreasing, changes may take significant time depending on data volumes.

Question 12

What is Manual Sharing?

Answer 12

Manual sharing allows a user to use the ‘Sharing’ button to grant access to a specific record to other users, roles, roles & subordinates, territories, territories & subordinates, and public groups.

Question 13

How does the Security Health Check work?

Answer 13

Security Health Check measures setting values in Password Policies, Network Access Config and Session Settings against baseline values and calculates a percentage score to indicate risk. 100% means all settings meet or exceed the standard.

Question 14

What is the purpose of a public group?

Answer 14

It’s a way of grouping users, roles, and territories so that sharing settings and permissions can be granted efficiently.

Question 15

When is identity verification invoked?

Answer 15

When a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range

Question 16

What can be enabled that helps the administrator spot suspicious login activity?

Answer 16

Login Forensics

Question 17

How can folder access be controlled?

Answer 17

Folders can be private or shared. Permissions and visibility can be set for users, roles, territories, or public groups.

Question 18

What are folders used for?

Answer 18

To store and organize reports, documents, dashboards and email templates

Question 19

What are two methods to find a folder quickly in the Salesforce org?

Answer 19

Folders can be favorited or searched for in Global Search.

Question 20

What are the different access levels that can be granted to a folder?

Answer 20

Viewer, Editor (edit, move, save and delete) or Manager (share and rename folder)

Question 21

How can reports and dashboards be organized in Lightning Experience?

Answer 21

A subfolder hierarchy can be created to organize reports and dashboards in a logical structure.

Question 22

What are the different risk categories associated with a Security Health Check in Salesforce?

Answer 22

High, Medium, Low, and Informational

Question 23

Which sharing setting allows a user to manually share their own user record with other users of an organization?

Answer 23

‘Manual User Record Sharing’ checkbox on the ‘Sharing Settings’ page in Setup

Question 24

Which organization-wide default sharing setting can be used for the Campaign Member object to allow all users to see only the campaign members associated with the campaigns they have access to?

Answer 24

Controlled by Campaign

Question 25

What password requirements can an administrator set?

Answer 25

Minimum password length, complexity, password history enforcement, expiration period, minimum password lifetime