(Security and Access 13%) Review

Question 1

What checks are done when users try to access a salesforce organization?

Answer 1

Profile level login hours, Profile Level IP ranges, Company Level Trusted IP Ranges, Activation Code Validation

Question 2

What are examples of standard profiles?

Answer 2

Standard user, Solution Manager, Marketing user, Contract Manger, Read Only, System Administrator

Question 3

Why and how are custom profiles created?

Answer 3

There’s restrictions on what can be changed in a standard profile. Custom Profiles are created by cloning a standard profile to be able to customize profile settings.

Question 4

How is object access controlled?

Answer 4

Object access is controlled at the profile-level, including permission sets and visibility to the tab

Question 5

What are permission sets?

Answer 5

A group of permissions and settings that can be assigned to one or more users that grant additional privileges beyond the profile

Question 6

What do profile permissions grant?

Answer 6

Permissions to app-specific actions customized actions built, or system- wide actions

Question 7

How is the role hierarchy related to record access?

Answer 7

Users will have access to other users’ records if they have a role above the record owner in the role hierarchy and grant access through hierarchies is enabled

Question 8

What do organization-wide defaults settings do?

Answer 8

Determine access to records the user does not own and sets base record access for the org

Question 9

How do sharing rules work?

Answer 9

Rules can be created to grant access to groups of users for certain records based on record owner criteria

Question 10

What does field-level security control?

Answer 10

Controls if a field is visible or read only at the profile level

Question 11

What should be considered when changing OWD settings?

Answer 11

If increasing default access, changes will take effect immediately if decreasing, changes may take significant time depending on data volumes.

Question 12

What is Manual Sharing?

Answer 12

Manual sharing allows a user to use ‘Sharing’ button to grant access to a specific record to other users, roles, roles & subordinates, territories, territories & subordinates, and public groups

Question 13

How does the security health check work?

Answer 13

measures setting values in password policies, Network Access config and session settings against baseline values and calculates a percentage score to indicate risk. 100% means all settings meet or exceed the standard

Question 14

what is the purpose of a public group?

Answer 14

It’s a way of grouping users, roles, and territories so that sharing settings and permissions can be granted efficiently

Question 15

When is identity verification invoked?

Answer 15

when a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range

Question 16

what can be enabled that helps the administrator spot suspicious login activity

Answer 16

login forensics

Question 17

How can folder access be controlled

Answer 17

Folder can be private or shared. Permissions and visibility can be set for users, roles, territories, or public groups

Question 18

What are folders used for?

Answer 18

To store and organize reports documents, dashboards and email templates

Question 19

What are two methods to find a folder quickly in the salesforce org?

Answer 19

folders can be favorited or searched for in global search

Question 20

what are the different access levels that can be granted to a folder?

Answer 20

viewer, editor(edit, move, save and delete) or Manager (share and rename folder)

Question 21

How can reports and dashboards be organized in lightning experience?

Answer 21

A subfolder hierarchy can be created to organize reports and dashboards in a logical structure.

Question 22

What are the different risk categories associated with a security health check in salesforce?

Answer 22

High, Medium, Low, and Informational

Question 23

Which sharing setting allows a user to manually share their own user record with other users of an organization?

Answer 23

‘Manual user record sharing’ checkbox on the ‘sharing settings’ page in setup

Question 24

Which organization-wide default sharing setting can be used for the campaign member object to allow all users to see only the campaign members associated with the campaigns they have access to?

Answer 24

controlled by campaign

Question 25

what password requirements can an administrator set?

Answer 25

Minimum password length, complexity, password history enforcement, expiration period, minimum password lifetime

Question 26

which profile can be used to grant least-privilege access to a group of users?

Answer 26

Minimum Access -Salesforce

Question 27

what are the ways you can secure your org at the org level?

Answer 27

1. Managing password policies
2. Restrict IP ranges
3. Restrict by time
4. Restrict user email domain

Question 28

what is managing password policies mean in org security

Answer 28

Level of complexity the password must have. Min length, what is the password required to have inside it, when will it expire, what is the lock out period

Question 29

what does restricting IP ranges mean in org security

Answer 29

Restricts access to your org to certain locations. Can be set at org level or profile level.
org level: If user tries to log in they’ll have to be verified by OTP.
profile level: users cannot access the org outside the IP range at all.

Question 30

What is something that is very important to have before you IP restrict you users?

Answer 30

ISP is providing you a static IP! Without it, if you set IP restrictions at the profile level even the admin wont be able to login!

Question 31

What does restricting you org by time mean?

Answer 31

Your users will only be able to log in within a certain time frame. If they are still logged in they’ll be logged out if they’re there after the time.

Question 32

What does restricting you org my email domain mean?

Answer 32

restrict user email domain, they’ll only be able to login using the companies domain email and can’t be changed to a person email address.

Question 33

What tool in salesforce will analyze your orgs health and compares it salesforce industry standards and gives you a detailed list of how it can be more secure

Answer 33

health check

Question 34

What is Object level Security responsible for?

Answer 34

preventing users or groups of users from creating, viewing, editing, or deleting records of an object by setting permissions on the object.

Question 35

what are the two ways of setting object permissions

Answer 35

profiles and permission sets

Question 36

what do profiles do

Answer 36

they control what user can do and see through settings and permissions

Question 37

what are the different standard profiles?

Answer 37

standard user, read only, marketing user, solution manager, contract manager: view, read, edit are the permission for most of standard profiles unless otherwise restricted like read only

Question 38

why are custom profiles need to be created?

Answer 38

because object permissions cannot be edited on a standard profile. They are predefined.

Question 39

what do permission sets do?

Answer 39

collection of settings and permissions that determine which data and features user will have access to. They grant additional access to users without having to modify the existing profile. They are only additive cannot restrict access only give.

Question 40

field level security

Answer 40

controls whether a user can see and edit the value for a particular field on an object

Question 41

field level security vs just changing page layout

Answer 41

field level security secures the visibility of fields in any part of the app page layouts only controls the detail and related pages of that record.

Question 42

is it possible to disable role hierarchy on a standard object?

Answer 42

no!

Question 43

What objects should you only assign sharing rules to?

Answer 43

public read only or private because you can open more access with these. write/edit has all the access they need

Question 44

two types of sharing rules

Answer 44

owner based and criteria based

Question 45

what is owner based sharing rules?

Answer 45

share particular records for a particular user or group of users

Question 46

what are criteria based sharing rules?

Answer 46

share records that match a certain criteria

Question 47

what three questions should you ask before you share a record?

Answer 47

1. Share what records?
2. With whom the records need to be shared?
3. What kind of access do you want to give these records?

Question 48

when should you use manual rules over sharing rules

Answer 48

When it is not possible to define a consistent group of users who need access or its not possible to share the record use manual sharing.

Question 49

when will the manual sharing button available for a record

Answer 49

when the OWD is set to read only or private. You can restrict access!