Salesforce ADM 201- Security and Access

CTO of a company wants to refine his company's security policies. What should the Salesforce Administrator consider when configuring this?

'Password policies" settings can be maintained for each profile and "password policies" can be maintained at the organization level

Which are the default password policy settings or requirements imposed by Salesforce when a password is set?

A password cannot contain the user's username, a password must contain at least 8 characters, the last 3 passwords are stored and cannot be reused when users are changing the password

What is true about sharing access to a file attached to a record?

Access can be determined by the sharing settings of the record

A Salesforce Admin wants to insert records using Data Loader but doesn't have access to his email where the security token has been sent. How can he proceed?

Add the IP address to the trusted IP ranges.

If a Sales manager wants to add a PPT file to a new content library but not make it visible to other sales users until a later point in time, what should the sales manager do?

Add the file to the library but not add any library members

John needs a number of colleagues to have visibility and collaborate on a case related to an account he owns. What is the best way to allow them to have access to the case record?

Add the users to a case team.

Arthur is helping Zaina on an opportunity and needs to view and update the details of the account, account contacts, and the opportunity record. The sharing setting on accounts and opportunities is set to private. How should the administrator meet this requirement?

Ask Zaina to add Arthur to the account team

All users in a Salesforce org have been assigned to a standard profile that allow them to read, create, edit, and delete records of most of the standard objects. The administrator needs to provide access to a group of external users but would like to ensure that they have read only access to all the major standard objects. What is the best way to accomplish this?

Assign the standard 'read only' profile to the external users.

Harold is being moved from a support to a sales role in the same company. What changes would a Salesforce administrator have to make to ensure his user account would have the necessary permissions and would be able to view the information required for his new role?

Change the role in user settings and change the profile in user settings

All users have Standard Profile but administrator wants all users to read/create/edit but not delete and only managers to be able to delete. What should he do?

Clone standard profile and assign to all users, remove delete permission in cloned profile and create permission set that includes permission to delete contacts and assign to managers.

What organization-wide default sharing setting can be used for the contact object to meet the requirement that users can edit all contacts associated with accounts they own?

Controlled by parent

Global Inc. developed new recruitment application for supporting global recruiting team and administrator wants to give access to this new application to users from the HR and recruitment team that have not used Salesforce before and don't need access to other Salesforce apps. What is the best option?

Create a new profile by cloning an existing profile and modify it to only include permissions to the app.

How can an administrator configure two sales users with the same custom sales profile but one has the ability to create and edit and one can create, edit, and delete?

Create a permission set and assign it to the users accordingly.

Michelle is a sales associate who is required to share certain records of a custom object "Delivery" with 4 sales managers and only the records with the "Status" field of "Pending" should be shared with the sales managers. The organization-wide default setting of the custom object is set to "private" and the "grant access using hierarchies" checkbox is deselected and no other user in the organization should have access to these records if they don't already have access. How can this be achieved?

Create a sharing rule for the Delivery object to share the records with a public group that contains the sales managers who should have access.

An account executive is regularly working with a number of colleagues on opportunities. One of the colleagues should be able to view but not update the opportunities. What is the best way to give the other people he is working with view and update access to the opportunities and track their role on the opportunity?

Create the opportunity team and set access for each user.

A company would not like their employees to access Salesforce from home. How can this be achieved?

Define Login IP ranges for all profiles

If a user is assigned to a profile that has read object access to accounts, which records will the user be able to see?

Depends on the user's role and depends on the sharing model

What options does an administrator have regarding the page displayed after a user logs out of Salesforce?

Display the standard Salesforce login page, display a custom single sign-on page, and display a custom logout page.

Which can be stored and accessed in folders via tabs in Salesforce Classic?

Documents, reports, and dashboards

What auditing features are available in Salesforce?

Field history tracking, setup audit trail, and login history.

What's true regarding using subfolders to organize reports and dashboards in lightning experience?

Folder sharing is at the root level and a hierarchy of subfolders can be created to represent a logical structure

What is true regarding the sharing of reports and dashboards?

For a user to view a report or dashboard, the folder needs to be shared with the user.

User has left their phone at home which is usually used for a two-factor authentication. What can an administrator do?

Generate a temporary verification code.

Salesforce org has Security Health Check of 75%, what grade does this score correspond to according to Salesforce Baseline Standard?

Good

A company has a Sales & Marketing email template folder with Sales & Marketing subfolders. Each of these subfolders stores email templates that were created by the Marketing Manager. If the Marketing department hires a new intern that needs to modify all the email templates in both subfolders, what's the most efficient action the administrator can take to share these templates with the intern?

Grant edit access to the Sales & Marketing folder

If marketing department hires a new intern to modify all the email templates in both Sales and Marketing subfolders, what's the most efficient action that the Salesforce administrator can take to share these templates with the intern?

Grant edit access to the sales & marketing folder

Salesforce administrator is tasked with securing the org by the company leadership. What feature should the administrator start with that can be used to identify and fix security vulnerabilities in the org?

Health check

What is true regarding field level security?

If a field is hidden using field level security, it doesn't appear in page layouts, search results, related lists, list views or reports and fields can be set to read-only by profile

An administrator wants to give another user the ability to assign one type of permission set designated for certain roles. How can this be accomplished?

Make the user a delegated administrator and enable the delegated administrator to assign the designated permission set.

In a private sharing model, if the administrator needs to make some exceptions to give access to records, what features can you use?

Manual sharing, sharing rules, and account teams.

If an organization has a Security Health Check score of 55%, what are high risk security settings?

Maximum invalid login attempts and number of expired certificates

The Marketing Director of Cosmic Supermart wants Salesforce Users to see only the campaign managers whose lead or contact records they can access in Salesforce. What can administrator do to fulfill this requirement?

Modify the organization-wide sharing default setting for the Campaign Member object.

United Technologies often needs several sales reps working on the same opportunities and requests the administrator to reflect this in the Salesforce org. What is true regarding Opportunity Teams?

Only the owner of the opportunity or users above the owner in the role hierarchy can manage opportunity team members

Which features can a Salesforce Administrator use to control record sharing?

Organization wide default settings, role hierarchy, sharing roles

What can be controlled through profiles?

Page layouts, object permissions, and field level security

What are 3 organizational level security access controls?

Password policies, trusted IP ranges, two-factor authentication

Which are organizational level security access controls?

Password policies, two factor authentication, and trusted IP ranges

In a Salesforce org, only activity owner or users above it in the role hierarchy should be able to edit or delete the activity but those who are able to view the parent record related to the activity should be able to view and report on the activity. What organization-wide default sharing setting should be used for the "activity" object for this requirement?

Private

What are the different options to control login access to organization's Salesforce org?

Profile based IP restrictions and profile based login restrictions

What is true about roles and profiles?

Profiles determine what parts of an application a user can see and the permissions on objects while the role hierarchy determines record access

Account object has 2 record types "Prospect" and "Customer." A user would like that when he clicks on the New button on the account page, the "Prospect" record type is selected automatically for creating the account record. What can be used to enable this?

Record type preference in user settings and default record type in the user's profile

What can be controlled from a profile?

Record types and page layout assignments, tab settings, object and field permissions

How can an administrator ensure the security of the data sent to and returned from the Salesforce community site?

Require secure connections for the community site to redirect traffic from HTTP to HTTPS

What is true with record-level security?

Roles are used to create a sharing hierarchy among user groups (i.e. horizontally) and sharing rules can never be stricter than organization-wide sharing defaults.

What is related to record-level sharing?

Roles, sharing rules, and organization-wide defaults

What options are available to set the length of time after which the system logs out inactive users?

Session timeout can be set at the organization or profile level.

The "Description" field on the Account object should be read only for users that are assigned to specific profiles. How can this be achieved?

Set field-level security for the users' profiles or modify the page layout assigned to the profiles of the users

In a private sharing model, how can users at the same level of the role hierarchy have access to each other's data?

Sharing rules can be added to grant access

SGS Global is a dynamic organization with more than 5000 users across the globe. Which best practices should the administrator of the organization follow in order to manage changes to permissions for different groups of users more effectively by reducing the overhead of customization?

The administrator should use permission sets to extend the permissions for individuals or small groups of users as intended and the administrator shouldn't create a custom profile every time a user requires additional access or permission

What best practices should the administrator of an organization follow in order to manage changes to permissions for different groups of users most effectively by reducing the overhead of customization?

The administrator shouldn't create a custom profile every time a user requires additional access or permission and the administrator should use permission sets to extend permissions for individuals or small groups of users as required

A user has reported they do not see the "contact type" field on the contact detail page. What would the administrator check first?

The contact page layout displayed for the profile assigned to the user

User has reported that they don't see the "Contact type" field on the contact detail page. What would the administrator check first?

The contact page layout displayed for the profile assigned to the user

A user has reported that they do not have visibility to the Contacts tab. What would you check?

The profile assigned to the user.

The sales team of Cosmic Logistics uses Sales Cloud to manage team activities and support the operations of the global HR department. A custom HR application has been created in Salesforce and the CTO of the company doesn't want the sales team to access the HR application and the tabs created for the HR application. Which security control measures should the administrator use for the requirement?

The sales team profile shouldn't have object and field level access for the objects in the HR application and the "Visible" checkbox should be unchecked for the HR application in the sales team profile.

A user has reported that they aren't able to view information on the Health Check Page, what is the problem?

They don't have the View Health check permission

Cosmic Enterprises launched a new product and Salesforce administrator needs to ensure that after-sales support for this new product follows a specific life-cycle and can be managed efficiently. How can he ensure that cases that are opened for the new product are only visible and routed to a certain group of support engineers?

Use a new support process, record type, page layout, and queue

A company uses Salesforce Classic and has a read-only account sharing model. A sales rep in California wants to share his accounts (read/write access) on a case-by-case basis with Northeast and Southwest territories. What can he do to accomplish this?

Use the Sharing button on the account record and share as needed with the Northeast and Southwest territories

An administrator can define a sharing rule to share records with a public group. Which can be included in a public group?

Users, other public groups, roles.

What are valid identity verification methods?

Using the verification code in an email sent to the address associated with the account and using the Salesforce authenticator mobile app to verify the account activity

What is true regarding the Security Health Check?

Values are compared against the Salesforce baseline standard and settings are grouped into high risk/medium risk/low risk/informational.

Julie the administrator wants to make the org more secure with network-based security. When should she use network-based security?

When she wants to limit when people can login, when she wants to limit where people can login, when she wants to make it difficult to use stolen credentials.

What do profile control access to?

Which fields are read only, which Apex classes and Visualforce pages users can access, and which record types are available to users

An admin is asked to look through login forensics to spot any suspicious attempts to gain access to the org. What can login forensics tell us?

Who logged in more than the average number of times, the average number of logins per a specified time period, and who logged in during non-business hours