Salesforce Commerce Cloud Digital Developer B2C-COMMERCE-ARCHITECT Questions & Answers

• Question 21:

  A new project for a Client will involve a few different Integrations to their middleware system resulting in four different web services. All will use the same credentials to the middleware. Each will have the same timeout, but will require a separate log file prefix.

  How should the Architect set this up with the Service framework using a minimal set of configuration?

  A. Four Service Configurations. Four Service Profiles,One Service Credential

  B. Four Service Configurations. Four Service Profiles, Four Service Credentials

  C. Four Service Configurations. One Service Profile, One Service Credential.

  D. One Service Configuration, Four Service Profiles, One Service Credential.

  Correct Answer: C

• Question 22:

  During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.

  What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?

  A. Add a customer number in the callback URL and match the customer number against the one stored on the order.

  B. Add HTTPS restriction to the controller start node.

  C. Add an order token in the callback URL and match the token against the one stored on the order.

  D. Add a session attribute and validate it on the callback.

  Correct Answer: C

• Question 23:

  The storefront integrates with a REST based Address verification service (AVS) that uses token based security. The sequence of calls in the API documentation for this AVS looks like the following

  1.

  Client authentication call, which contains the merchantId and secret in a GET request and returns a token in the response.

  2.

  Address verification call, which contains the token and the address to verify in aPOST request.

  Once the token is obtained, it is valid for hours and it is not needed to request a new one for subsequent address verification calls, the AVS charges for every request made no matter if it is client authentication call or address verification call.

  Which three strategies could be applied to allow for efficient use of the service without compromising security? Choose 3 answers

  A. Apply page caching to the client authentication controller that is used with AJAX.

  B. Obtain the token from local storage of the browser and update it once It expires.

  C. Obtain the token from a custom cache before making the client authentication call.

  D. Use HTTPService caching for the client authentication call.

  E. Use a job to store and update the token in a customobject that is used from the storefront code

  Correct Answer: ACD

• Question 24:

  During load testing, a third party service is constantly failing to respond in a timely manner on the Product Listing Page. The page is not affected at it is collecting data with the server side call, however the loading time b increasing. Which two recommendations should the developer take inorder to minimize the risk and Improve the loading time? Choose 2 answers

  A. Ask the third party to improve the reliability of the service.

  B. Decrease the service timeout.

  C. Enable the Circuit Breaker.

  D. Remove the service.

  E. Load the data asynchronously after the page is loaded

  Correct Answer: CE

• Question 25:

  The Client is creating a new Storefront and their requirements include:

  1.

  ApplePay support

  2.

  Log -n through a standard OAuth2 social media account

  3.

  One Okie checkout process

  4.

  Ay Btesting for promotions Which two items require technical documentation for customizing the Storefront Reference Architecture? Choose 2 answers

  A. One Click checkout process

  B. ApplePay support

  C. log in through a standard OAuth2 social media account

  D. A/B testing for promotions

  Correct Answer: AB

• Question 26:

  An Architect has been asked by the Business to integrate a newpayment LINK cartridge. As part of the integration, the Architect has created four new services to access various endpoints in the integration. How can the Architect move the new services to Production when the integration is ready for launch?

  A. The new services will be moved to Production with a Data Replication.

  B. The new services will be moved to production with a Site Import.

  C. The new services must be manually exported from staging and Imported into Production.

  D. The new services will be moved toProduction with a Code Replication.

  Correct Answer: C

• Question 27:

  A new version of the Page Show controller is required for implementation of Page Deserter specific look. It requires implementation of a specific, cache period for Page Designer pages, which b not currently available in the base Storefront Reference Architecture (SFRA) cache.js module

  What two steps should the Architect instruct the developer to implement? Choose 2 answers

  A. Create new Page.js controller in client s cartridge. Copy code from base and modify the Page-Show route to include the new cache middleware function.

  B. Create new ceche,js client's cartridge. Copy cache,js from app_storefront_base and add a function forthe Page Designer caching.

  C. Create new Page,js controller in client's cartridge. Extend the code from base and prepend the new cache middleware function to Page-Show route.

  D. Create new cache,js in client's cartridge. Extend cache,js from app_storefront_base and add a function for the Page Designer caching.

  Correct Answer: CD

• Question 28:

  An Architect isperforming an audit of production logs via Log Center and finds some potentially dangerous custom log output.

  

  In which two ways It this log output Improper In a production environment? Choose 2 answers

  A. The log information includes the customer s cardname as it appears along with the credit card number (PAN), which violates PCI.

  B. The log information includes the customer's card CW (card security code) and expiration date, which violates PCI.

  C. Information logs should not be used in a production environment

  D. The log information includes the order number and customer s email, which violates PCI.

  Correct Answer: AD

• Question 29:

  The client provided these business requirements:

  1.

  The B2C Commerce platform will integrate with the client's Order Management System (OMS).

  2.

  The OMS supports Integration us-no legacy RPC style SOAP services.

  3.

  The OMS is hosted on client s infrastructure.

  What is the right cartridge folder to place the WSDL provided for the OMS service?

  A. /cartridge/webreferences2

  B. /cartridge/webreferences

  C. /cartridge

  D. /cartridge/services

  Correct Answer: B

• Question 30:

  a B2C Commerce developer has Implemented a job that connects to an SFTP, loops through a specific number of .csv rtes. and Generates a generic mapping for every file. In order to keep track ofthe mappings imported, if a generic mapping is created successfully, a custom object instance w created with the .csv file name. After running the job in the Development instance, the developer checks the Custom Objects m Business Manager and notices there Isn't a Custom Object for each csv file that was on SFTP.

  What are two possible reasons that some generic mappings were not created? Choose 2 answers A. The maximum number of generic mappings was reached.

  B. The generic mappings definition need to be replicated from Staging before running the job.

  C. Invalid format in one or more of the .csv files.

  D. The job needs to run on Staging and then replicate the generic mappings and custom objects on Development

  Correct Answer: AC