Setup (38%) - Configuring Business Units, User and Permissions, Security and Passwords 1/4 Flashcards
What Tenant types are available in Marketing Cloud?
Enterprise 2.0
Enterprise 1.0
Core
Agency
What is the tenant in an Enterprise 2.0 account?
A tenant is the top-level account and includes all associated business units
What is the tenant in an Enterprise 1.0 account?
A tenant is the top-level account and includes all associated On-Your-Behalf and Lock & Publish business units
What is the tenant in a Core account?
A tenant is a single account
What is the tenant in an Agency account?
Each top-level account and each associated client account is a separate tenant.
What is a MID?
A unique member identification code assigned to every account and any associated child accounts.
Depending on your MC edition, tenants can include single or multiple MIDs.
How many MIDs does an Enterprise 2.0 tenant include?
Multiple MIDs for Enterprise-edition accounts.
The Top-Level Account and all Child Accounts each have their own MID
How many MIDs does an Enterprise tenant include?
Multiple MIDs.
The Top-Level Account and all Child Accounts each have their own MID
How many MIDs does an Core tenant include?
A single top-level account with one MID
How many MIDs does an Agency tenant include?
Only the top-level account. Each associated client account unit is a separate tenant.
How can you locate the Account Name and MID?
Account name is left of username. Hover over account name to see MID
Under username, navigate to Setup
Use Quick Find to navigate to Account Settings to find the Account Name and MID.
NOTE: The MID is listed as ‘Account ID’
What is the best practise recommendation for Security Settings: Session Timeout?
20 minutes
Controls how long the application remains open in a browser before the system automatically logs out and makes it hard for unauthorised users to access your account.
What is the best practise recommendation for Security Settings: Login Expires After Inactivity?
90 days or fewer
This helps prevent unauthorised users from exploiting old accounts.
What is the best practise recommendation for Security Settings: Invalid Logins Before Lockout?
3
Determines how many chances to enter the correct password for a username. Too many incorrect attempts require user to reset the password.
Helps prevent unauthorised users from repeatedly guessing a password.
What is the best practise recommendation for Security Settings: Count Invalid Logins Across Sessions?
Yes
What is the best practise recommendation for Security Settings: Minimum Username Length?
8 characters
A longer username makes guessing the value more difficult.
What is the best practise recommendation for Security Settings: Minimum Password Length?
8 characters or more
A longer password makes guessing the value more difficult due to an increased number of possibilities.
Tip: Ask users to create a passphrase with multiple words - easy to remember and longer password created.
What is the best practise recommendation for Security Settings: Enforce Password History?
8 passwords remembered
Determines how frequently a user can reuse a password. Enforcing a longer history reduces authorised access to the account. But frequent password changes can cause users to compromise passwords by simply adding a number.
What is the best practise recommendation for Security Settings: User Password Expires In?
90 days
Setting a shorter password expiration period can encourage problematic behaviour (adding numbers / writing down password) and setting too long a period can increase risk of compromise.
What is the best practise recommendation for Security Settings: Send Password Change Confirmation Email?
Enable
This email helps alert a user to suspicious activity on their account.
What is the best practise recommendation for Security Settings: Enable Audit Logging Data Collection?
Enable
What is the best practise recommendation for Security Settings: Enable Audit Logging Data Collection?
Enable
What is the best practise recommendation for Security Settings: Login Expires After Inactivity for API users?
API users aren’t exempt from login inactivity expiration. To avoid login expiration for API users, we don’t recommend this setting for API users. Otherwise, API users are required log in via the UI to avoid login expiration
What happens when the Invalid Logins Before Lockout threshold is reached?
The application locks a users account - the users can’t access their account or request an activation code until the administrator unlocks that account.
Something about Multi Factor Authentication. (tbc)