B2C-Commerce-Architect Practice Test
64 Questions
The storefront integrates with a REST based Address verification service (AVS) that uses token based security. The sequence of calls in the API documentation for this AVS looks like the following
1. Client authentication call, which contains the merchantId and secret in a GET request and returns a token in the response.
2. Address verification call, which contains the token and the address to verify in a POST request.
Once the token is obtained, it is valid for hours and it is not needed to request a new one for subsequent address verification calls, the AVS charges for every request made no matter if it is client authentication call or address verification call.
Which three strategies could be applied to allow for efficient use of the service without compromising security?
(Choose 3 answers)
A. Apply page caching to the client authentication controller that is used with AJAX.
B. Obtain the token from local storage of the browser and update it once It expires.
C. Obtain the token from a custom cache before making the client authentication call.
D. Use HTTPService caching for the client authentication call.
E. Use a job to store and update the token in a custom object that is used from the storefront code
D. Use HTTPService caching for the client authentication call.
E. Use a job to store and update the token in a custom object that is used from the storefront code
Explanation:
✅ Option C: Obtain the token from a custom cache before making the client authentication call.
Reasoning:
This is an optimal strategy. By storing the token in a custom cache on the server side, the system can check the cache for an existing valid token before making the client authentication call. This avoids unnecessary requests to the AVS service, reducing cost and improving efficiency. Tokens can be cached with an expiration time, ensuring that expired tokens are updated automatically.
✅ Option D: Use HTTPService caching for the client authentication call.
Reasoning:
HTTPService caching can indeed be used to cache the token that comes from the client authentication call. This is another way of avoiding repeated requests to the AVS service, which would cost more. The token can be cached for the duration of its validity and reused across subsequent calls. It makes the process more efficient as it minimizes redundant requests to the AVS service.
✅ Option E: Use a job to store and update the token in a custom object that is used from the storefront code.
Reasoning:
A scheduled job to periodically store and update the token in a custom object is also a good strategy. This approach is helpful if you want to manage token expiry efficiently. The job can check if the token has expired and refresh it when necessary. This method is ideal for ensuring that the storefront always has access to a valid token without making redundant client authentication calls.
❌ Option A: Apply page caching to the client authentication controller that is used with AJAX.
Reasoning:
Page caching in this case is not ideal. Since the client authentication call returns a unique token per session (likely specific to each customer), caching it would result in inappropriate reuse of tokens across different users, which would compromise security. Tokens are typically sensitive and session-specific, so caching them at the page level is not secure.
❌ Option B: Obtain the token from local storage of the browser and update it once it expires.
Reasoning:
Storing the token in local storage on the client side is risky and insecure. Local storage is vulnerable to cross-site scripting (XSS) attacks, meaning a malicious user could potentially steal the token. Also, local storage doesn’t have the same security protections that server-side storage or session storage does. It’s better to manage tokens server-side where they can be better protected.
| B2C-Commerce-Architect Practice-Test - Home | Previous |
| Page 7 out of 64 Pages |