Configuration & Setup

What are login restrictions in Salesforce?

Controls when and where users can log in

What are the two types of login restrictions?

Login IP ranges and login hours

What do login IP ranges control?

The locations from which users are allowed to log in

What do login hours control?

The times during which users are allowed to log in

Where can login IP ranges be configured?

Profiles and permission sets

Where can login hours be configured?

Profiles and permission sets

Can login restrictions be set at the user level?

No they are set on profiles or permission sets

Which login rule applies if multiple restrictions exist?

The most restrictive rule always applies

What happens if a user tries to log in outside allowed login hours?

The login is blocked

What happens if a user logs in from an unauthorized IP address?

The login is blocked

Can permission sets override profile login restrictions?

Yes if the permission set is less restrictive

Can permission sets make login access more restrictive?

Yes the most restrictive setting applies

What is the exam rule for login restrictions?

The strictest combination of login hours and IP ranges wins

When would login IP ranges commonly be used?

To restrict access to a company network or country

When would login hours commonly be used?

To restrict access to business operating hours

Do login restrictions affect API access?

Yes unless specifically exempted

Are login restrictions used for record-level security?

No they only control login access

Exam scenario a user cannot log in at night what should you check?

Login hours

Exam scenario a user cannot log in from home what should you check?

Login IP ranges

Best practice for login restrictions?

Apply them at the profile level and use permission sets carefully

Q: Where are users created and managed in Salesforce?

A: Setup → Users → Users

Q: What three things are required to create a user in Salesforce?

A: Username, profile, and user license.

Q: Does a Salesforce username have to be a real email address?

A: No, but it must be in email format and globally unique.

Q: Can two Salesforce orgs have the same username?

A: No. Usernames must be unique across all Salesforce orgs.

Q: What does a user license control?

A: Which Salesforce features and objects a user can access.

Q: What does a profile control for a user?

A: Base permissions, object access, field access, login IP ranges, and login hours.

Q: How many profiles can a user have?

A: Exactly one.

Q: How many permission sets can a user have?

A: Multiple.

Q: What is the correct way to remove Salesforce access for an employee who left the company?

A: Deactivate the user.

Q: Why are users deactivated instead of deleted?

A: To preserve data ownership, history, and reporting accuracy.

Q: What happens to a user’s records when they are deactivated?

A: The records remain in Salesforce and retain the original owner.

Q: What is the difference between freezing and deactivating a user?

A: Freezing temporarily blocks login; deactivating permanently removes access and frees the license.

Q: When would you freeze a user instead of deactivating them?

A: When access needs to be temporarily suspended (e.g., investigation or leave).

Q: What happens to a Salesforce license when a user is deactivated?

A: The license becomes available for reassignment.

Q: Can a deactivated user log in to Salesforce?

No

Q: Can a frozen user log in to Salesforce?

A: No, until they are unfrozen.

Q: Exam scenario: “A former employee’s name still appears on records.” Is this expected?

A: Yes. Deactivated users still appear as record owners.

Q: Exam scenario: “You need to immediately stop a user from logging in but may restore access later.” What do you do?

A: Freeze the user.

Q: Exam scenario: “You need to permanently remove access and free a license.” What do you do?

A: Deactivate the user.

Q: Can you deactivate a user who owns records?

A: Yes. Record ownership does not prevent deactivation.

What is auditing and security tracking in Salesforce?

Monitoring changes and activity to ensure security compliance and troubleshooting

What tool tracks setup changes in Salesforce?

Setup Audit Trail

What does Setup Audit Trail record?

Who made setup changes what was changed and when

Where is Setup Audit Trail found?

Setup

How long are setup changes visible in Setup Audit Trail?

Six months

How long are setup changes retained when downloaded?

Twenty four months

What types of actions are tracked in Setup Audit Trail?

Administrative setup changes

Does Setup Audit Trail track data record changes?

No it only tracks setup configuration changes

Who typically uses Setup Audit Trail?

System administrators and auditors

Why is Setup Audit Trail important?

Compliance security monitoring and troubleshooting

Can Setup Audit Trail be filtered?

Yes by date or user

Does Setup Audit Trail show field level value changes?

No

What is a common exam use case for Setup Audit Trail?

Identifying who changed a security or access setting

Exam scenario access changed unexpectedly what should you check?

Setup Audit Trail

Does Setup Audit Trail track login history?

No login history is tracked separately

What is the difference between Setup Audit Trail and Field History Tracking?

Audit Trail tracks setup changes field history tracks record changes

Can Setup Audit Trail be exported?

Yes it can be downloaded

Does Setup Audit Trail require additional configuration?

No it is enabled by default

Best practice for security tracking?

Regularly review Setup Audit Trail after major changes

Where do you configure fiscal year, currency, business hours, and default settings in Salesforce?

A: Company Information (Setup → Company Settings)

Q: What is the purpose of the fiscal year in Salesforce?

A: Defines how reports, forecasting, and quotas are calculated and grouped

Q: What are the two types of fiscal years in Salesforce?

A: Standard fiscal year and custom fiscal year.

Q: When would a company use a custom fiscal year?

A: When their financial reporting periods do not align with the calendar year.

Q: What happens if a company changes its fiscal year?

A: It impacts reports, forecasts, and quotas going forward (not historical data).

Q: What is single-currency management in Salesforce?

A: The org uses one currency for all records and reporting.

Q: What is multi-currency management?

A: Allows records to be stored in different currencies with exchange rate conversion.

Q: What are dated exchange rates used for?

A: To apply historical currency conversion rates based on the record date.

Q: When must multi-currency be enabled?

A: Before users start creating records (best practice).

Q: What are business hours used for in Salesforce?

A: Case escalation rules, SLAs, entitlements, and time-based automation.

Q: Do business hours affect reports or user login times?

A: No. They are used mainly for service processes, not access control.

Q: Where are business hours configured?

A: Setup → Company Settings → Business Hours

Q: What are default settings in Company Information?

A: Org-wide settings such as time zone, language, and locale.

Q: What does the org time zone affect?

A: Date/time fields, reports, and time-based automation behavior.

Q: What does locale control?

A: Formatting of dates, numbers, and currency (not language).

Q: Can individual users override org default language and locale?

A: Yes, in their personal user settings.

Q: Does Company Information apply to individual users or the entire org?

A: The entire org.

Q: Exam scenario: “Sales forecasts are grouped incorrectly.” Where do you check first?

A: Fiscal year settings in Company Information.

Q: Exam scenario: “Support cases are escalating at the wrong time.” Where do you check?

A: Business hours in Company Information.

Q: Exam scenario: “Reports show incorrect currency conversions for old records.” What feature is missing?

A: Dated exchange rates (multi-currency).

What is a profile in Salesforce?

The base level of access for a user that controls object permissions

How many profiles can a user have?

Exactly one

What is a permission set?

An additive set of permissions that extends a user’s access beyond their profile

How many permission sets can a user have?

Multiple

Do permission sets remove access?

No

When should profiles be used?

To define the minimum access a user needs to perform their job

When should permission sets be used?

To grant additional access without changing a user’s profile

What is the relationship between profiles and permission sets?

Profiles define baseline access; permission sets extend it

What is a permission set group?

A collection of permission sets bundled and assigned as a single unit

Why use permission set groups?

To simplify access management for users who need the same combination of permissions

When should a permission set group be used?

When many users require the same set of permissions

Where can login IP ranges be configured?

On profiles and permission sets

What do login IP ranges control?

The locations from which a user is allowed to log in

Where can login hours be configured?

On profiles and permission sets

What do login hours control?

The times during which a user is allowed to log in

Which login restriction applies if multiple are set?

The most restrictive login IP range or login hour always applies