Development-Lifecycle-and-Deployment-Architect Exam Dumps - Salesforce Certified Development Lifecycle and Deployment Architect (SU24)

The product team should review the Checkmarx errors and determine if they need to fix them or not. If the errors are false positives, meaning that they do not indicate a real security issue, the product team should mark them as such and attach an explanation, then submit the security review. This will help the Salesforce security review team to understand the rationale behind the code and avoid unnecessary rejections. The product team should not leave the errors to the Salesforce security review team, as they may reject the request if they find any potential security issue. The product team should not leave a partner support case, as this is not the proper channel for resolving code issues. The product team should not fix all the errors before submitting the security review, as some of them may not be relevant or critical, and fixing them may introduce new bugs or delays.

Apex CPU limits and HTTP response size are two limitations that an architect should consider when designing a strategy for managing technical reference data, with multiple related objects. Apex CPU limits may be exceeded if the data retrieval or manipulation logic is complex or inefficient. HTTP response size may be too large if the data payload contains many related objects or fields. Circular relationships and depth of nested relationships are not limitations, but design considerations that may affect the data model and query performance.

Waterfall development methodology has some positive aspects, such as:

• Complex processes that will need to be built are thoroughly understood and documented before coding begins, which can reduce the risk of ambiguity and rework.
• Milestones, timelines and estimates tend to be more accurate and predictable due to the upfront due diligence, which can help with project management and stakeholder expectations.

Change Sets are a manual way of deploying metadata components between orgs that are affiliated with the same production org. Change Sets cannot be automated, rolled back, or reused between production Salesforce orgs. Change Sets can be validated before deployment, and they can be used for orgs affiliated with the same production org.

 Creating a release calendar, training and aligning all the teams is the best way to avoid conflicts and ensure smooth releases between major, minor, and Salesforce seasonal releases. A release calendar can help the teams plan ahead, coordinate their efforts, and avoid overlapping or conflicting changes. Training and aligning the teams can help them understand the release processes, the best practices, and the expectations for each release type. Gating all release decisions at the center of excellence, sharing the test plans, or creating a spreadsheet of metadata changes are not sufficient or scalable solutions for this problem.

To reduce deployment time, UC can use the following strategies:

• Use recent deployment validations and the quick deploy feature, which can allow them to skip the validation step in production and deploy the changes faster, if they have already validated the changes in a sandbox within the last four days.
• Specify the test to run by using RunSpecifiedTests test level, which can allow them to run only the tests that are relevant to the components being deployed, instead of running all the tests in the org.

 Cross-site scripting is the most common reason that the prospect AppExchange products fail the security review. Cross-site scripting (XSS) is a type of web application vulnerability that allows an attacker to inject malicious code into a web page that is viewed by other users. XSS can compromise the security and privacy of the users, as well as the functionality and performance of the application. Salesforce has strict security standards and policies for AppExchange products, and any product that has XSS vulnerabilities will not pass the security review. CRUD/FLS, session hacking, and SOQL injection are also security issues that can affect AppExchange products, but they are not as common or severe as XSS.

 Two options that should be considered when making production changes in a highly regulated and audited environment are: all changes including hotfixes should be reviewed against security principles, and any production change should have explicit stakeholder approval. These options can help ensure that the changes are compliant with the regulations and have the necessary authorization and documentation. No manual steps should be carried out is not a valid option, as some changes may require manual steps, such as data migration or post-deployment verification. After deployment, the development team should test and verify functionality in production is also not a valid option, as testing and verification should be done in a lower environment before deploying to production, and the responsibility of testing and verifying functionality in production should be assigned to a different team than the development team. See Application Lifecycle and Deployment for more details.