The correct answers are:
A. Profile-based IP restrictions
B. Organization-wide IP restrictions
C. Profile-based login hour restrictions
Explanation:
1. Profile-based IP restrictions: Salesforce allows administrators to specify IP ranges at the profile level. Users assigned to the profile can log in only from the specified IP addresses.
2. Organization-wide IP restrictions: Salesforce can enforce IP restrictions organization-wide using trusted IP ranges. These ranges define which IP addresses are allowed to bypass login challenges (like verification codes).
3. Profile-based login hour restrictions: Administrators can restrict login hours for users at the profile level. Outside the specified hours, users cannot log in.
Incorrect Option:
• D. Organization-wide login hour restrictions: Salesforce does not provide a way to enforce login hour restrictions at the organization-wide level. This feature is only available at the profile level.
B. is a valid answer
https://developer.salesforce.com/docs/atlas.en-us.securityImplGuide.meta/securityImplGuide/login_ip_ranges.htm#:~:text=You%20can%20further%20restrict%20access,that%20have%20login%20IP%20restrictions.
To restrict IP addresses in profiles:
From Setup, in the Quick Find box, enter Profiles, and then select Profiles.
Depending on which user interface you're using, do one of the following:
In the enhanced profile user interface, click Login IP Ranges, and then click Add IP ranges.
In the original profile user interface, scroll down to the Login IP Ranges related list, and then click New.
Specify allowed IP addresses for the profile. Enter a valid IP address in the IP Start Address field and a higher-numbered IP address in the IP End Address field. To allow logins from a single IP address, enter the same address in both fields.
The IP addresses in a range must be either IPv4 or IPv6. ...
Org level:
You can further restrict access to Salesforce to only those IPs in Login IP Ranges. To enable this option, in Setup, in the Quick Find box, enter Session Settings, and then select Session Settings. Select Enforce login IP ranges on every request. This option affects all user profiles that have login IP restrictions.
By default, Salesforce doesn’t restrict the time for login access. For additional security, only administrators can restrict it.
Restricting login access by time can only be achieved at the PROFILE level.
For each profile, administrators can specify the hours when users can log in.
Org wide IP restrictions do NOT restrict access to the org. Only Profile IP restrictions, and Profile login hours do. Org wide has Trusted IP ranges that will require anyone not within the trusted range to authenticate that they are who they say they are before logging into the org. If their IP address is on the trusted list then they will never receive a login challange.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
jeet992014
1 month, 3 weeks agoBrainMelt12
10 months, 1 week agoBrainMelt12
10 months, 1 week agoalt68
2 years, 7 months agoanandheee
4 years, 1 month agoJon_C
4 years, 6 months agoJon_C
4 years, 6 months ago