Admin Cert Prep: Security and Data Management
These are technical notes I compiled while studying using Trailhead, Salesforce's free self-learning portal.
Study Up on Security and Access
Explain the various organization security controls. Given a user request scenario, apply the appropriate security controls based on the features and capabilities of the Salesforce sharing model. Given a scenario, determine the appropriate use of a custom profile or permission set using the various profile settings and permissions. Describe how folders can be used to organize and secure communication templates, dashboards, and reports.- Passwords
- IP restrictions
- Identity confirmation
- Network settings
- Organization-wide defaults
- Roles and role hierarchy
- Manual sharing
- Sharing rules
- Public groups
- Profile settings
- Profile permissions
- Permission sets
- Communication folder settings
- Report folder settings
- Dashboard folder settings
- What is a benefit of entering Trusted IP ranges in the network access section?
- Users who log in within the network are not required to verify their identity.
- If some users' passwords expire more frequently (30 days) than the org’s password policy, admins should check the:
- users' Profiles
- How should a system admin provide visibility of a report to the executive team, only?
- Save the report in a folder shared with the executive team.
- How can a system admin discover who added a field to the account page layout?
- Use the Setup Audit Trail.
- How can a system admin set up an org has several product specialists (who have a product line) also have visibility to all cases involving their product line.
- Create a predefined case team for each group of product specialists and assign the team using Case Assignment Rules.
- Org-wide sharing default:
- Defines the default access level for an object’s records. These settings can be set separately for custom objects and many standard objects, including assets, campaigns cases, and accounts and their contacts.
- How can a system admin prevent users from selecting a certain Account record type when they create new account records?
- Remove that record type as an Assigned record type in the user’s proviles and permission sets.
- A system admin cannot share a report folder. What is a possible reason?
- The folder is private.
- Sharing Rules:
- Give chosen users greater access by making automatic exceptions to org-wide sharing settings. These are used to extend sharing access to users in public groups, roles, or territories.
- Role hierarchy:
- User’s role and place in the hierarchy determines the level of access they have to the org’s data.
Review Data Management
Describe the considerations when importing, updating, transferring, and mass deleting data. Given a scenario, identify tools and use cases for managing data. Describe the capabilities and implications of data validation tools. Describe the different ways to back up data.- CSV files
- Data quality
- Field mapping
- Record IDs
- External IDs
- Duplicate records
- Data Loader
- Data Import Wizard
- Data export service
- Exports
- A company regularly imports accounts from an external order system that has its own ID field for each record. What should a system admin do to prevent duplicates during these imports?
- Create a unique external ID field on accounts in Salesforce for matching.
- A sales ops team needs to import and export accounts, contacts, opportunities, and orders. What profile permissions does the sales ops team need to be able to perform this task?
- API Enabled
- Modify All for those objects
- What feature allows an admin to require a value in a certain field when an Opportunity stage changes to Closed?
- Validation Rule
- What best practices are recommended prior to mass-deleting records?
- Schedule a weekly data export and download the backup zip files.
- Run and export a report to archive data before deletion.
- How long is data stored in the Recycle Bin?
- Up to 15 days.
- A system admin has been asked to convert the standard country fields on 20,000 existing accounts to ISO codes. What method should the system admin use?
- Mass update addresses
- Which set of Salesforce records is exported by choosing the Export All option instead of Export in Data Loader?
- Records for a specified object including records in the recycle bin.
- A system admin uses the Import Wizard to update existing Account records. Which two values can the Import Wizard use to find matching records?
- Account Name
- Site fields
- Which configuration options shows sales reps the fields they must fill in before they can save an opportunity?
- Page Layout required fields
- Lookup Filter:
- Admin settings that restrict the valid values and lookup dialog results for lookup, master-detail, and hierarchical relationship fields. For example, restricting the Account Name field on opportunities to allow only active accounts.
- Data Import Wizard:
- Too to import data for many standard Salesforce objects, including accounts, contacts, leads, solutions, campaign members, person accounts. Data for custom objects is possible as well. Up to 50,000 records can be imported at a time.
- Validation Rules:
- Verify that the data a user enters into a record meet the specified standards before the user can save the record.
- Data Loader v Import Wizard:
- Data Loader: > 50,000 records (up to 5M), regular data loads, export data for backup
- Import Wizard: < 50,000 records, prevent duplicates by uploading records according to account name and site, contact email address, lead email address
- CSV file:
- Plain text file that contains a list of data.