Close Menu
SalesforceCodex
    Facebook X (Twitter) Instagram
    Trending
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    • Top 10 PMD Issues Salesforce Developers Should Focus on in Apex
    • How to Use Graph API for Outlook-Salesforce Connection
    • Enhancing Performance with File Compression in Apex
    Facebook X (Twitter) Instagram
    SalesforceCodex
    Subscribe
    Tuesday, May 20
    • Home
    • Architecture
    • Salesforce
      • News
      • Apex
      • Integration
      • Books Testimonial
    • Questions
    • Certification
      • How to Prepare for Salesforce Integration Architect Exam
      • Certification Coupons
    • Integration Posts
    • Downloads
    • About Us
      • Privacy Policy
    SalesforceCodex
    Home»Question»Salesforce Interview Question – Security

    Salesforce Interview Question – Security

    Dhanik Lal SahniBy Dhanik Lal SahniFebruary 7, 2020Updated:February 11, 20203 Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Salesforce Interview Question – Security
    Share
    Facebook Twitter LinkedIn Pinterest Email

    This post is related to top 20 questions related to Salesforce security implementation. We have another post related to interview questions for salesforce integration and asynchronous apex.

    1. What is Phishing?
    Ans. Phishing is a social engineering technique that attempts to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishers often direct users to enter details at a fake website whose URL and look-and-feel are almost identical to the legitimate one.

    2. What is Malware?
    Ans. Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a general term used to cover a variety of forms of hostile, intrusive, or annoying software, and it includes computer viruses and spyware.

    3. What are Salesforce best practice to stop Phishing and Malware?
    Ans. Salesforce making lot of effort to securing application like monitoring and analyzing log, partnering with leading security system vendors, educating about security.

    Below are some guidelines which we should adhere for better security of our salesforce application
    1. Restrict your application to run in specific IP range or your corporate network
    2. Set session security restriction
    3. Consider two factor authentication
    4. Use Transaction security to monitor event
    5. Educate employee

    4. How you can check identity and fix potential vulnerabilities in your application?

    Ans. We can use Health Check to identify and resolve issue.

    5. Why Salesforce Shield called trio of security tools?

    Ans. Salesforce Shield is used to build level of trust, transparency, compliance and governance in applications.  There are three main tools in this feature- Platform Encryption, Event Monitoring, and Field Audit Trail. This is reason it is called trio of security tool.

    6. What is Platform Encryption?

    Ans. Platform Encryption encrypt sensitive data at rest across all salesforce apps. This feature helps us in protective PII (Personally identifiable information), sensitive, confidential, or proprietary data.

    7. What is Event Monitoring?

    Event Monitoring gives complete detail about security, performance and usage data of your salesforce application. Every interaction can be tracked using this like login detail, who has access business critical data etc.

    8. What is Field Audit Trail?

    Ans. Field Audit Trail help us to create a policy to retain archived field history data up to 10 years from the time the data was archived. We can use it for regulatory compliance, internal governance, audit, or customer service.

    9. How we can stop when concurrent session of any user is exceeding 2?

    Ans. Use Concurrent User Session Limit policy to limit the number of concurrent sessions per user to two. We can block or remove other session if this count is exceeding.

    10. How many sharing model available in Salesforce?

    Ans. Below are types of sharing model in Salesforce

    1. Org-wide defaults
    2. Role Hierarchy
    3. Manager Groups
    4. Sharing Rules
    5. Manual Sharing
    6. Team Access
    7. Territory Hierarchy

    11. How many types of sharing rules available in Salesforce?
    Ans. 

    1. Ownership Based Rules
    2. Criteria Based Rules

    12. What is Single Sign-On and its benefit?

    Ans. Single sign-on (SSO) help users, access authorized network resources with one login. We can validate usernames and passwords against your corporate user database or other client app (gmail, facebook etc) rather than Salesforce managing separate passwords for each resource.

    Benefits of SSO

    1. Reduced administrative costs
    2. Leverage existing investment
    3. Time savings
    4. Increased user adoption
    5. Increased security

    13. What is Connected App?

    Ans. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.

    14. Can we restrict any user profile to use salesforce application from specific IP range?

    Ans. Yes, we can restrict user profile for specific IP range.

    Setup -> Profile-> Login IP Ranges -> Specify IP Range.

    15. What is session based permission set?

    Ans. Session based permission set is temporary permission set which is assigned in some specific condition.

    Use Case: We want to restrict Interview room access only when if interview panel connect LAN interview

    16. What is connected app in salesforce?

    Ans. A connected app is an external application that integrates with Salesforce through APIs. It is used to verify external application which will connected with salesforce system.

    17. What is access token and refresh token?

    Ans. 

    Access token: Access token is value which is used by application to gain access to salesforce on behalf of the other user. The access token is a session ID for next requests.

    Refresh Token:  If access token is expired, salesforce use this token to regenerate access token. It will reduce user action for re-authentication.

    18. Can we create sharing rule when user already has public read write access?

    Ans. No, we cannot create sharing rule in this scenario. Sharing rule can only be created when OWD is set as private or public read.

    19. How many sharing rules can be created for each object?

    Ans. We can create 300 sharing rules for each object. Up to 250 sharing rules based on record owner and 50 as criteria based sharing rule and Guest user access, based on criteria.

    20. What will happen when we set 0.0.0.0 to 255.255.255.255 at your network level for IP restrictions?

    Ans. We can not set this range in IP restriction. It can be set in profile level.

    21. What if user is logged in when their login hours end?

    Ans.  User can continue to their page but they can not do any action. Like they can not create or edit operation.

    Happy interview to you……

    References:

    1. https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_about_sharing_rules.htm

    2. https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm

    salesforce salesforce question security
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleView Files in Salesforce Lightning Community Portal
    Next Article Transaction Finalizers for Salesforce Queueable Job
    Dhanik Lal Sahni
    • Website
    • Facebook
    • X (Twitter)

    With over 18 years of experience in web-based application development, I specialize in Salesforce technology and its ecosystem. My journey has equipped me with expertise in a diverse range of technologies including .NET, .NET Core, MS Dynamics CRM, Azure, Oracle, and SQL Server. I am dedicated to staying at the forefront of technological advancements and continuously researching new developments in the Salesforce realm. My focus remains on leveraging technology to create innovative solutions that drive business success.

    Related Posts

    By Dhanik Lal Sahni6 Mins Read

    Top 10 Salesforce Flow Features of Salesforce Summer ’25

    May 11, 2025
    By Dhanik Lal Sahni6 Mins Read

    Unlock the Power of Vibe Coding in Salesforce

    April 30, 2025
    By Dhanik Lal Sahni5 Mins Read

    How to Implement Dynamic Queueable Chaining in Salesforce Apex

    April 21, 2025
    View 3 Comments

    3 Comments

    1. mayank on February 12, 2020 12:52 pm

      Excellent post but want to know one thing Is penetration testing is also important for the interview?

      Reply
      • Dhanik Lal Sahni on February 13, 2020 12:29 pm

        Hello Mayank, This should not be asked for Developers. Yes, if some one say that he was involved in testing phase then probably interviewer can ask.

        Thank You,
        Dhanik

        Reply
    2. Pingback: Difference Between With and Without Security in Apex

    Leave A Reply Cancel Reply

    Ranked #1 SALESFORCE DEVELOPER BLOG BY SALESFORCEBEN.COM
    Featured on Top Salesforce Developer Blog By ApexHours
    Recent Posts
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    Ranked in Top Salesforce Blog by feedspot.com
    RSS Recent Stories
    • How to Connect Excel to Salesforce to Manage Your Data and Metadata February 9, 2025
    • Difference Between With Security and Without Security in Apex January 2, 2025
    • Top Reasons to Love Salesforce Trailhead: A Comprehensive Guide December 5, 2024
    • How to Utilize Apex Properties in Salesforce November 3, 2024
    • How to Choose Between SOQL and SOSL Queries July 31, 2024
    Archives
    Categories
    Tags
    apex (110) apex code best practice (8) apex rest (11) apex trigger best practices (4) architecture (22) Asynchronous apex (9) AWS (5) batch apex (9) batch processing (4) code optimization (8) code review tools (3) custom metadata types (5) design principle (9) einstein (3) flow (15) future method (4) google (6) google api (4) integration (19) integration architecture (6) lighting (8) lightning (64) lightning-combobox (5) lightning-datatable (10) lightning component (29) Lightning web component (61) lwc (50) named credential (8) news (4) optimize apex (3) optimize apex code (4) Permission set (4) Queueable (9) rest api (23) S3 Server (4) salesforce (140) salesforce apex (46) salesforce api (4) salesforce api integration (5) Salesforce Interview Question (4) salesforce news (5) salesforce question (5) solid (6) tooling api (5) Winter 20 (8)

    Get our newsletter

    Want the latest from our blog straight to your inbox? Chucks us your detail and get mail when new post is published.
    * indicates required

    Ranked #1 SALESFORCE DEVELOPER BLOG BY SALESFORCEBEN.COM
    Featured on Top Salesforce Developer Blog By ApexHours
    Recent Posts
    • Top 10 Salesforce Flow Features of Salesforce Summer ’25
    • Unlock the Power of Vibe Coding in Salesforce
    • How to Implement Dynamic Queueable Chaining in Salesforce Apex
    • How to Implement Basic Queueable Chaining in Salesforce Apex
    • How to Suppress PMD Warnings in Salesforce Apex
    Ranked in Top Salesforce Blog by feedspot.com
    RSS Recent Stories
    • How to Connect Excel to Salesforce to Manage Your Data and Metadata February 9, 2025
    • Difference Between With Security and Without Security in Apex January 2, 2025
    • Top Reasons to Love Salesforce Trailhead: A Comprehensive Guide December 5, 2024
    • How to Utilize Apex Properties in Salesforce November 3, 2024
    • How to Choose Between SOQL and SOSL Queries July 31, 2024
    Archives
    Categories
    Tags
    apex (110) apex code best practice (8) apex rest (11) apex trigger best practices (4) architecture (22) Asynchronous apex (9) AWS (5) batch apex (9) batch processing (4) code optimization (8) code review tools (3) custom metadata types (5) design principle (9) einstein (3) flow (15) future method (4) google (6) google api (4) integration (19) integration architecture (6) lighting (8) lightning (64) lightning-combobox (5) lightning-datatable (10) lightning component (29) Lightning web component (61) lwc (50) named credential (8) news (4) optimize apex (3) optimize apex code (4) Permission set (4) Queueable (9) rest api (23) S3 Server (4) salesforce (140) salesforce apex (46) salesforce api (4) salesforce api integration (5) Salesforce Interview Question (4) salesforce news (5) salesforce question (5) solid (6) tooling api (5) Winter 20 (8)

    Get our newsletter

    Want the latest from our blog straight to your inbox? Chucks us your detail and get mail when new post is published.
    * indicates required

    Facebook X (Twitter) Instagram Pinterest YouTube Tumblr LinkedIn Reddit Telegram
    © 2025 SalesforceCodex.com. Designed by Vagmine Cloud Solution.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.