12) Security Basics

List the built-in security features you can leverage in products built on the Salesforce platform now. Security Basics

- Multitenancy - MFA - Restrict the IP Addresses User can Log In From - Deactivate Former Users - Limit What Users Can Do - See What They've Already Done - Encrypt Your Data - Trigger Automatic Actions on Security Events - Monitor Events in Your Org

What are some of the common human behaviors that cybercriminals exploit? A.Morality, envy, and trust B.Boredom, curiosity, and fear C.Fear, hatred, envy, and jealousy D.Conformity, trust, and curiosity Security Basics -- Understand Security Risk

Conformity, trust, and curiosity

Intruders Exploit Human Behaviors Security Basics

Fear: "If you don't give me the information, I will report you to your manager." Trust: "Your bank account has just been closed. Click here to reactivate." Morality: "Can you hold that office door open for me? My arm's broken, and this package is heavy." Reward: "My company is considering investing in your products. Can you answer a few questions about your organization first?" Conformity: "Bill Stevens from Finance always gives me updates about Q2 earnings, but I can't get a hold of him. Can you help me with the report?" Curiosity: "Wow... Check out this video of a giant snake eating a zookeeper!"

Health Check Security Basics

If you run a Salesforce environment with multiple orgs, you can use the power of Health Check across all of your orgs with Salesforce's Security Center. This tool is an add-on and not available out of the box like Health Check, but has a deeper level of capabilities that span multiple orgs. Security Center also provides important insights for admins like how many users are logging in with multi-factor authentication (MFA) and which users have admin-level permissions. Salesforce Optimizer also includes some of these capabilities, and is available at no cost in products built on the Salesforce platform.

What is malware? A.Malicious software often delivered through phishing emails B.Employees inadvertently leaking information C.Methods that tailgaters use to gain unauthorized access to a space D.Copyright infringement by competitors Security Basics -- Understand Security Risk

Malicious software often delivered through phishing emails

Which of these security features is built-in to Salesforce? A.Biometric login B.Multi-factor authentication C.Home alarm system D.Automatic password generation Security Basics -- Choose the Right Salesforce Security Settings

Multi-factor authentication

What does multitenancy mean? A.You work with other organizations to establish volume discounts for hardware, software, and office supplies. B.Your company shares a floor in a building with another company. C.Multiple organizations use the same Salesforce data infrastructure, but cannot access each other's data. D.You have an open floor plan where employees share desks to optimize space and work shifts. Check the Quiz to Earn 100 Points Security Basics -- Choose the Right Salesforce Security Settings

Multiple organizations use the same Salesforce data infrastructure, but cannot access each other's data.

What are the Basic Attack Methods? Security Basics

Phishing: Attempting to acquire sensitive information, such as usernames and passwords (otherwise known as user credentials), credit card details, and banking information by masquerading as a trustworthy entity. There are several types of phishing. Some of the most commonly used methods are email phishing, phishing via phone (called vishing), phishing via text message or SMS (smishing), and targeted phishing directed at a person with a high level of access (spear phishing). Malware: Tricking users into downloading malicious software (malware) intended to access, damage, or control a device or network — and often delivered via a link or attachment in a phishing email. Social Engineering: Manipulating people into taking action or revealing confidential information. Exploiting Public Information: Using information that is publicly available on the internet (for example, a social media platform) to help design a social engineering attack, crack a password, or create a targeted phishing email. Tailgating: Gaining access to a secured area, either by following a legitimate badge holder in or by persuading someone to let them in. Eavesdropping: Secretly listening in on private conversations. Dumpster Diving: Collecting sensitive information from the recycling or trash that was not appropriately destroyed. Installing Rogue Devices: Gaining access to a secure network by installing a wireless router or USB thumb drive containing malicious software.

What is a security threat to be aware of when working from home? A.People tailgating at my front door B.An intruder stealing my WiFi router C.Receiving a phishing email D.Duplicate logins to my online digital TV subscriptions Security Basics -- Secure Your Remote Workplace

Receiving a phishing email

What are some best practices for securing your home workplace? A.Take your meetings via phone while supervising your kids at the playground. B.Secure your conference calls, reboot and patch your systems regularly, and use a virtual private network. C.Make sure you've got a dedicated corner of the kitchen counter to store your sensitive paper files. D.Turn off and unplug all devices at the end of the work day. Security Basics -- Secure Your Remote Workplace

Secure your conference calls, reboot and patch your systems regularly, and use a virtual private network.

Security Basics -- Use Health Check to Scan Your Security Configurations

See notes

What is a way that you defend against phishing emails? A.Change your email password every week. B.Train users to recognize common phishing tactics. C.Validate the sender, turn off your computer, and leave the building. D.Delete all emails from unknown senders. Security Basics -- Educate Your Users to Help Protect Your Org

Train users to recognize common phishing tactics.

What is an example of a password best practice? A.Creating short, complex passwords that are six characters or less B.Using unique passwords for every account C.Sharing passwords for nonessential accounts D.A and B E.B and C Security Basics -- Educate Your Users to Help Protect Your Org

Using unique passwords for every account