Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Salesforce Exam B2C Commerce Architect Topic 1 Question 59 Discussion

Actual exam question for Salesforce's B2C Commerce Architect exam
Question #: 59
Topic #: 1
[All B2C Commerce Architect Questions]

During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.

What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?

Show Suggested Answer Hide Answer
Suggested Answer: C

In the given scenario, where the Email Marketing System (EMS) requires order data to send product recommendations based on stock availability, it is crucial that the most up-to-date and relevant data is used. Here's why the chosen data sources are appropriate:

Order and Customer Data from Production: Since order and customer interactions occur in real-time, exporting this data from the Production environment ensures that the most current information is used for the email marketing campaigns. This accuracy is vital for personalization and timeliness of the communications sent to customers.

Product and Inventory Data from Staging: Given that the staging environment is typically one step behind production and is used for testing before changes go live, it provides a stable dataset that reflects what is currently live without the risk of including any unvetted changes. This setup is suitable for inventory and product data, which are less susceptible to minute-by-minute changes compared to order data and can be pre-validated before use in marketing efforts.

This configuration helps ensure that the EMS has access to reliable data reflecting current stock levels and product details, which is essential for crafting accurate marketing messages based on product availability.


by Svetlana at Feb 12, 2025, 02:02 PM

Limited Time Offer

25%

Off

Get Premium B2C Commerce Architect Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Julieta
1 months ago
I'm with Scot on this one. HTTPS is so 2010. Let's just use a good old-fashioned secret handshake to authenticate the orders. Option C is the way to go!
upvoted 0 times
Helene
2 days ago
User 2: I disagree, we should add an order token in the callback URL and match it against the one stored on the order.
upvoted 0 times
...
Eleni
4 days ago
User 1: I think we should add a customer number in the callback URL to prevent unauthorized usage.
upvoted 0 times
...
...
Scot
2 months ago
Haha, option B with the HTTPS restriction? Might as well just send the orders to the service via carrier pigeon to keep them safe!
upvoted 0 times
Willard
1 months ago
User 3: Yeah, I agree. Option B might not be enough to prevent unauthorized usage.
upvoted 0 times
...
Glen
1 months ago
User 2: Glen is right. Option C would definitely add an extra layer of security.
upvoted 0 times
...
Emile
1 months ago
User 1: Option C sounds like a better idea. Adding an order token for validation.
upvoted 0 times
...
...
Kent
2 months ago
Wow, option D with the session attribute? That's overkill for a simple notification callback. Keep it simple with option C, folks!
upvoted 0 times
Tamekia
5 hours ago
Let's go with option C for now and see how it works.
upvoted 0 times
...
My
13 days ago
True, but option D might be too complex for this scenario.
upvoted 0 times
...
Shawnta
1 months ago
But wouldn't adding a customer number in the callback URL provide an extra layer of security?
upvoted 0 times
...
Vannessa
1 months ago
I agree, option C seems like the most straightforward solution.
upvoted 0 times
...
...
Cheryl
2 months ago
I'm not a fan of option A. Tying the customer number to the order seems like an unnecessary complication. Option C is the clear winner here.
upvoted 0 times
Veronika
1 months ago
I think option A could work too, but I see your point about it being complicated. Option C does seem more straightforward.
upvoted 0 times
...
Leana
1 months ago
I agree, option C is the best choice. Adding an order token for validation makes more sense.
upvoted 0 times
...
...
Olene
2 months ago
I think option A is also a good choice. Adding a customer number in the callback URL and matching it against the one stored on the order can also help prevent unauthorized usage. It's important to have multiple layers of security measures in place.
upvoted 0 times
...
Donette
2 months ago
I agree with Odette. Adding an order token in the callback URL is a good idea to prevent unauthorized usage of the controller. It's important to have that extra validation step.
upvoted 0 times
...
Odette
2 months ago
I think the Architect should recommend adding an order token in the callback URL and match the token against the one stored on the order. This way, it adds an extra layer of security.
upvoted 0 times
...
Deandrea
2 months ago
Option C sounds like the way to go. Adding an order token to the callback URL and verifying it against the stored token is a simple yet effective way to prevent unauthorized access.
upvoted 0 times
Twanna
1 months ago
User 4: Adding that extra layer of security is crucial in preventing unauthorized access.
upvoted 0 times
...
Margurite
1 months ago
User 3: It's important to verify the token against the stored one.
upvoted 0 times
...
Delpha
1 months ago
User 2: I agree, adding an order token is a good security measure.
upvoted 0 times
...
Chandra
2 months ago
User 1: Option C sounds like the way to go.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77