(Security and Access 13%) Explain various organization security controls Flashcards
Describe how to use various password policies to implement restrictions related to password requirements Identify the ways of controlling where and when users can log in to Salesforce Identify different ways of confirming the identity of users through a second form of authentication Explain the usage of login forensics and security health check
Four levels of security in order
Organization security controls > Objects>Object Record>Fields on a Record
What are some examples for every security level
Organization Security Controls: Login Hours, IP restrictions, Password Policies
Objects: Profiles, Permission sets
Object record: Org-wide defaults, Role Hierarchy, Sharing rules, Teams
Fields on a record: Field Level Security, Page Layouts
What can an administrator configure to ensure that users passwords are strong and secure
Password policies, Password Expiration, Password resets, Login attempts and lockout periods
Where can password policies be set at?
the profile and organization level
What are the default password requirements
at least 8 characters including one alpha one num, security question cant contain users password, if user changes their password they cannot reuse last three passwords
Password expiration defaults
expire for all users, except for those who have passwords never expires permission, default is 90 days but can be changed
when happens to access if your inside or outside a trusted IP range
if outside: most be verified/challenged
if inside: allowed to login without verification
what all must be true to login with no verification
must be within login time, users IP is within range defined in profile, users IP must be within range defined by org
where can login hours be set at org, profile or both?
profile level only
what are the methods of verification in order of highest priority to least
Salesforce Authenticator App>U2F Security Key>One-Time Password Generator>SMS Text Message>Email
what are the ranges for high risk, medium risk, and low risk in health check categories
High:0-33%
Medium:34%-66%
Low:67%-100%
My domain capabilities
- Adding a subdomain
- Highlighting company brand for better security
- better management of login and authentication
- Replaces default URL
- Required for SSO
What is Single Sign On (SSO)
removes the need to login in to every single application every time.
What is federated Authentication?
affiliated but unrelated web services to share authentication data. this is a default.
what is delegated authentication
allows usage of preferred authentication provider, stronger user authentication that is private and only accessible behind a corporate fire wall.
