During implementation, the team found that there is a notification controller exposed for an external service that marks the order as paid when notification is received. The notification URL is sent to the service together with the payment request and contains only the URL with orderlD as the parameter.
What should the Architect recommend to the team in order to prevent the unauthorized usage of the controller to mark the orders as paid?

An existing B2C Commerce site has the following aliases configuration:

Which statement related to this configuration is incorrect?

Northern Trail Outfitters uses an Order Management system (OMS), which creates an order tracking number for every order 24 hours after receiving it. The OMS provides only a web-service interface to get this tracking number. There is a job that updates this tracking number for exported orders, which were last modified yesterday.
Part of this jobs code looks like the following:
Based on the above description and code snippet, which coding best practice should the Architect enforce?

A client has a single site with multiple domains, locales, and languages. After launch, there is a need for the client to perform offline maintenance. The client would like to show the same maintenance page for each locale.
Which version of aliases,Json file below will accomplish this task?
A)

B)


D)

The Client has implemented a different category/search layout for mobile and desktop. The code uses a session attribute called deviceType to choose the corresponding layout. This attribute it populated from the browser user agent. After this implementation they have run into these problems:
* Sometimes desktop pages are being served to both desktop and mobile customers.
* Sometimes mobile pages ate being served to both desktop and mobile customers.
The page has caching implemented that depends; on promotions. SEC is very important and the site traffic is high.
Which solution should the Architect select to resolve the issue without impacting the existing requirements?