Salesforce B2C Commerce Architect Exam Practice Test Instant Access

Question 1

The Client wants to have a flashsate on a few products every day. These products are sold through B2C Commerce as well as an in store Point of Sale system that it tied to the same inventory.

An Architect analyzes the following proposed solution:

Inventory feed w*l continue to run dailybut add a web-service call to compare and update B2C Commerce inventory in real time during checkout after a flash product's inventory reaches a threshold.

Which two risks should the Architect communicate to the Client about this solution?

Choose 2 answers

AThe default rate limiter configuration for the web-service could cause the web-service to return an exception during high traffic.

BIf the externals hosted web-service is unreliable. It could be a point of failure in the site s order placement flow.

CIf the product Inventory threshold that triggers the web service calls is reached too often. It will have a negative Impact on site performance.

DBecause the job would still be configured to run daily there will be a degrade in performance during non-flash sales periods

Answer : A, B

The risks associated with the proposed real-time inventory update solution during flash sales are:

Option A (The default rate limiter configuration for the web-service could cause the web-service to return an exception during high traffic): This is a critical risk because high traffic during flash sales could exceed the rate limits set for the web-service, leading to exceptions and potentially failing to update inventory in real-time.

Option B (If the external hosted web-service is unreliable, it could be a point of failure in the site's order placement flow): Reliance on an external web-service for crucial operations like inventory updates introduces a risk of downtime or performance issues if the service is unreliable, directly impacting the ability to complete orders during peak sales periods.

Both risks could severely disrupt operations during critical sales events, suggesting a need for robust contingency plans and potentially reevaluating the solution architecture to ensure reliability.

Question 2

An integration cartridge implements communication between the B2C Commerce Storefront and a third-party service provider. The cartridge contains the localServiceRegistry code:

How does this code sample accomplish authentication to the service provider?

ABy Issuing a Basic Auth request to the service provider.

BBy performing a signed SOAP Auth request using a certificate.

CBy wrapping the authentication service call with Basic Auth.

DBy disabling Basic Auth and executing the service authentication call.

Answer : D

The code sample shows the creation of a service request to a third-party service provider, where the authentication method is explicitly set to 'NONE' using the line svc.setAuthentication('NONE');. This configuration implies that the request does not use Basic Authentication or any embedded credentials like client ID and secret in the HTTP headers for authentication purposes. Instead, it builds the authentication details into the request body, which suggests that the service expects credentials as part of the payload rather than as part of the standard authentication headers, thus effectively disabling Basic Auth for this transaction.

Question 3

A new dent is moving from their existing ecommerce platform to B2C Commerce. They have an existing service that connects to the Email Marketing System. The endpoint of the service can directly parse the data posted by the customer from the Storefront page for marketing materials subscriptions. it if required that theservice implementation on the B2C Commerce site supports authentication and encoding.

What type should the Architect document this new service as?

AHTTP

BHTTP Form

CGeneric

DSOAP

Answer : A

For a service that connects to an Email Marketing System where the endpoint can directly parse data posted by the customer from the storefront for marketing material subscriptions, documenting the service as an HTTP service is appropriate. This type of service will likely involve straightforward HTTP requests with authentication and encoding to ensure data integrity and security. The HTTP service type supports these requirements effectively, facilitating secure, reliable data transmission between the storefront and the email marketing system.

Question 4

Northern Trail Outfitters (NTO) wants to migrate its online shoo from a custom ecommerce platform to B2CCommerce. NTO needs to migrate several thousands of customer records profile information, address book). WTO can provide a B2C Commerce feed. It is currently using SHA-256 as an encryption mechanism for the customer passwords.

What approach can the Architect propose?

AImport the customer records, including the hashed password, as B2C Commerce supports SHA-2S6, and they will be able to login with their existing password.

BDo not import customer records and asks customers to create new accounts the firstfame they try to log in to the B2C Commerce storefront.

CImport the customer records, excluding the password field, and B2C Commerce will automatically require a password reset the first time a customer logs m to the storefront.

DImport the customer records, with the hashed password as a custom attribute, and during the login compare the entered password with the hashed password and save it in the password field.

Answer : C

B2C Commerce does not directly support the import of hashed passwords for use in authentication due to security protocols and the platform's password management system. The best approach is to import customer records without the password field. Upon their first login attempt on the new system, customers would be prompted to reset their password. This method ensures that password security is maintained according to B2C Commerce standards and that customer data remains secure during the transition from the old platform.

Question 5

During a review of the most recent release notes, the Architect finds that Salesforce has deprecated an API that is used throughout the site. After reviewing the deprecated API usage in Business Manager, the Architect narrows down the usage of that API to a particular LINK integration cartridge. The cartridge was integrated when the site was first launched and is heavily customized for the Client.

What is the recommended way for the Architect to remove the deprecated API so the LINK integration continues to work without interruptions, and lowest level of effort'

AThe Architect should update all the deprecated API cats in the already integrated LINK cartridge and test thoroughly.

BThe Architect does not need to do anything at this time, the API will continue to work with no issues for the foreseeable future.

CThe Architect should check to see If the LINK cartridge has been updated already, integrate It, apply the customisations, and teat thoroughly.

DThe Architect should contact the company that created the LINK cartridge to fix the issue and provide the client with updated code.

Answer : C

When facing a deprecated API that is used in a LINK integration cartridge, the recommended approach is to check for an updated version of the cartridge that may have replaced the deprecated API with a supported one. If an update is available:

Integrate the updated cartridge into the site, ensuring compatibility with the current site configuration.

Re-apply customizations that were made to the original cartridge to maintain functional consistency.

Thorough testing should be conducted to ensure that the integration works seamlessly without causing disruptions in the site's functionality.

This approach minimizes effort by leveraging updates provided by the cartridge vendor while ensuring the site remains functional and compliant with current API standards.

Question 6

There Is an Issue with the site when the domain Is opened from Google search results. After researching the problem. It turns out that the site returns * 404 page error when accessedwith a parameter in the URL.

What should the Architect recommend to fix that issue?

AAdd dynamic catch-all rule to redirect to home page.

BAdd this snippet to the aliases configuration for the domain:

CAdd this snippet to the aliases configurationfor the domain

DAdd dynamic redirect if the URL contains parameter to Home Show.Add this snippet to the aliases configuration for the domain

Answer : A

To address the issue of the site returning a 404 error when accessed with a parameter from Google search results, a dynamic catch-all rule to redirect such requests to the homepage is an effective solution (Answer A). This approach ensures that users landing from external links with appended parameters, which might not match any configured route or alias, are redirected to a valid page instead of seeing an error page. This improves the user experience and minimizes potential bounce rates caused by broken links or outdated URLs.

Question 7

The storefront integrates with a REST based Address verification service (AVS) that uses token based security. The sequence of calls in the API documentation for this AVS looks like the following

1. Client authentication call, which contains the merchantId and secret in a GET request and returns a token in the response.

2. Address verification call, which contains the token and the address to verify in a POST request.

Once the token is obtained, it is valid for hours and it is not needed to request a new one for subsequent address verification calls, the AVS charges for every request made no matter if it is client authentication call or address verificationcall.

Which three strategies could be applied to allow for efficient use of the service without compromising security? Choose 3 answers

AApply page caching to the client authentication controller that is used with AJAX.

BObtain the token from local storage of the browser and update it once It expires.

CObtain the token from a custom cache before making the client authentication call.

DUse HTTPService caching for the client authentication call.

EUse a job to store and update the token in a customobject that is used from the storefront code

Answer : C, D, E

To efficiently use the REST-based Address Verification Service (AVS) while maintaining security, it is crucial to manage token usage and refresh effectively. Using a custom cache to store the token (Answer C) prevents unnecessary authentication calls by reusing the valid token, thus reducing the number of chargeable requests. Implementing HTTPService caching for the client authentication call (Answer D) optimizes the performance by caching the response, thereby avoiding repetitive and unnecessary calls. Lastly, employing a scheduled job to regularly update and store the token in a custom object (Answer E) ensures that the token is always up-to-date and available for use without repeated authentication, thus optimizing the cost and efficiency of using the AVS.

Salesforce B2C Commerce Architect Salesforce Certified B2C Commerce Architect Exam Practice Test