Salesforce Interview Question – Security

This post is related to top 20 questions related to Salesforce security implementation. We have another post related to interview questions for salesforce integration and asynchronous apex.

1. What is Phishing?
Ans. Phishing is a social engineering technique that attempts to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishers often direct users to enter details at a fake website whose URL and look-and-feel are almost identical to the legitimate one.

2. What is Malware?
Ans. Malware is software designed to infiltrate or damage a computer system without the owner’s informed consent. It is a general term used to cover a variety of forms of hostile, intrusive, or annoying software, and it includes computer viruses and spyware.

3. What are Salesforce best practice to stop Phishing and Malware?
Ans. Salesforce making lot of effort to securing application like monitoring and analyzing log, partnering with leading security system vendors, educating about security.

Below are some guidelines which we should adhere for better security of our salesforce application
1. Restrict your application to run in specific IP range or your corporate network
2. Set session security restriction
3. Consider two factor authentication
4. Use Transaction security to monitor event
5. Educate employee

4. How you can check identity and fix potential vulnerabilities in your application?

Ans. We can use Health Check to identify and resolve issue.

5. Why Salesforce Shield called trio of security tools?

Ans. Salesforce Shield is used to build level of trust, transparency, compliance and governance in applications.  There are three main tools in this feature- Platform Encryption, Event Monitoring, and Field Audit Trail. This is reason it is called trio of security tool.

6. What is Platform Encryption?

Ans. Platform Encryption encrypt sensitive data at rest across all salesforce apps. This feature helps us in protective PII (Personally identifiable information), sensitive, confidential, or proprietary data.

7. What is Event Monitoring?

Event Monitoring gives complete detail about security, performance and usage data of your salesforce application. Every interaction can be tracked using this like login detail, who has access business critical data etc.

8. What is Field Audit Trail?

Ans. Field Audit Trail help us to create a policy to retain archived field history data up to 10 years from the time the data was archived. We can use it for regulatory compliance, internal governance, audit, or customer service.

9. How we can stop when concurrent session of any user is exceeding 2?

Ans. Use Concurrent User Session Limit policy to limit the number of concurrent sessions per user to two. We can block or remove other session if this count is exceeding.

10. How many sharing model available in Salesforce?

Ans. Below are types of sharing model in Salesforce

1. Org-wide defaults
2. Role Hierarchy
3. Manager Groups
4. Sharing Rules
5. Manual Sharing
6. Team Access
7. Territory Hierarchy

11. How many types of sharing rules available in Salesforce?
Ans. 

1. Ownership Based Rules
2. Criteria Based Rules

12. What is Single Sign-On and its benefit?

Ans. Single sign-on (SSO) help users, access authorized network resources with one login. We can validate usernames and passwords against your corporate user database or other client app (gmail, facebook etc) rather than Salesforce managing separate passwords for each resource.

Benefits of SSO

1. Reduced administrative costs
2. Leverage existing investment
3. Time savings
4. Increased user adoption
5. Increased security

13. What is Connected App?

Ans. A connected app is a framework that enables an external application to integrate with Salesforce using APIs and standard protocols, such as SAML, OAuth, and OpenID Connect. Connected apps use these protocols to authenticate, authorize, and provide single sign-on (SSO) for external apps.

14. Can we restrict any user profile to use salesforce application from specific IP range?

Ans. Yes, we can restrict user profile for specific IP range.

Setup -> Profile-> Login IP Ranges -> Specify IP Range.

15. What is session based permission set?

Ans. Session based permission set is temporary permission set which is assigned in some specific condition.

Use Case: We want to restrict Interview room access only when if interview panel connect LAN interview

16. What is connected app in salesforce?

Ans. A connected app is an external application that integrates with Salesforce through APIs. It is used to verify external application which will connected with salesforce system.

17. What is access token and refresh token?

Ans. 

Access token: Access token is value which is used by application to gain access to salesforce on behalf of the other user. The access token is a session ID for next requests.

Refresh Token:  If access token is expired, salesforce use this token to regenerate access token. It will reduce user action for re-authentication.

18. Can we create sharing rule when user already has public read write access?

Ans. No, we cannot create sharing rule in this scenario. Sharing rule can only be created when OWD is set as private or public read.

19. How many sharing rules can be created for each object?

Ans. We can create 300 sharing rules for each object. Up to 250 sharing rules based on record owner and 50 as criteria based sharing rule and Guest user access, based on criteria.

20. What will happen when we set 0.0.0.0 to 255.255.255.255 at your network level for IP restrictions?

Ans. We can not set this range in IP restriction. It can be set in profile level.

21. What if user is logged in when their login hours end?

Ans.  User can continue to their page but they can not do any action. Like they can not create or edit operation.

Happy interview to you……

References:

1. https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/security_about_sharing_rules.htm

2. https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/salesforce_security_guide.htm