Salesforce
ARC-300 · Question #40
ARC-300 Question #40: Real Exam Question with Answer & Explanation
Sign in or unlock ARC-300 to reveal the answer and full explanation for question #40. The question stem and answer options stay visible for context.
Question
During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter. What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?
Options
- AAdd a customer number in the callback URL and match the customer number against the one
- BAdd HTTPS restriction to the controller start node.
- CAdd an order token in the callback URL and match the token against the one stored on the order.
- DAdd a session attribute and validate it on the callback.
Unlock ARC-300 to see the answer
You've previewed enough free ARC-300 questions. Unlock ARC-300 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.