Security and access

Question 1

What checks are done when users try to access a salesforce organization?

Answer 1

Profile level: 
-Login hours, 
- IP ranges, 
Company level:
-Trusted IP ranges, 
Activation code validation

Question 2

What are examples of standard profiles?

Answer 2

Standard user,
marketing user, 
solution manager, contract manager, 
read only, 
system administrator

Question 3

Why and how are custom profiles created?

Answer 3

There are restrictions on what can be changed on a standard profile. Custom profiles are created by cloning a standard profile to be able to customize profile settings.

Question 4

How is object access controlled?

Answer 4

Object access is controlled at the profile level, including permission sets and visibility to the tab.

Question 5

What are permission sets?

Answer 5

A group of permissions and settings that can be assigned to one or more users that Grant additional privileges beyond the profile.

Question 6

What do profile permission to Grant?

Answer 6

Permissions to app specific actions, customized actions built, or system wide actions

Question 7

How is the role Hierarchy related to record access?

Answer 7

Users will have access to other users records if they have a role above the record Owner in the role hierarchy and “Grant access through hierarchies” is enabled.

Question 8

What should be considered when changing organization wide default (OWD) settings?

Answer 8

If increasing default access, changes will take affect immediately.

If decreasing default access, changes may take significant time depending on data volumes.

Question 9

How do sharing rules work?

Answer 9

Rules can be created to grant access to groups of users for certain records based on record owner or criteria.

Question 10

What does field level security control?

Answer 10

Controls if the field is visible or read only at the profile level

Question 11

What is manual sharing?

Answer 11

Manual sharing allows the user to use the sharing button to grant access to a specific record to other users, roles, roles & subordinates, territories and public groups.

Question 12

What is the purpose of a public group?

Answer 12

It’s a way of grouping users, roles and territories so that sharing settings and permissions can be granted effectively.

Question 13

When is identity verification invoked?

Answer 13

When a user logs in from an unrecognized (based on cookies) browser or device, and outside the trusted IP range

Question 14

What can be in abled that helps the administrator spot suspicious login activity?

Answer 14

Login forensics

Question 15

How can folder access be controlled?

Answer 15

Folders can be private or shared.

Permissions and visibility can be set for users, roles, territories and/or public groups.

Question 16

What are two methods to find a folder quickly in the salesforce org?

Answer 16

Folders can be favorited (push pin icon) or searched for in global search

Question 17

What are the different access levels that can be granted to a folder?

Answer 17

Viewer,
Editor (edit, move, save and delete)
Manager (Share and rename folder)

Question 18

Which sharing setting allows the user to manually share their own user record with other users of an organization?

Answer 18

Manual user record sharing - checkbox on the “sharing settings” page in Setup

Question 19

What password requirements can an administrator set?

Answer 19

Minimum password length, 
Complexity, 
Password history enforcement, 
Expiration period, 
Minimum password lifetime

Question 20

What are folders used for?

Answer 20

To store and organize reports, documents, dashboard and email templates.

Question 20

How can reports and dashboards be organized in lightning experience?

Answer 20

A subfolder hierarchy can be created to organize reports and dashboards in a logical structure.

Question 21

What are the different risk categories associated with a security health check in Salesforce?

Answer 21

High
medium
low and
informational

Question 22

Which organization by default (0WD) sharing settings can be used for the campaign member object to allow all users to see only the campaign members associated with the campaigns they have access to?

Answer 22

Controlled by campaign setting