Skip to content
SF CTA Study Hub

Up In Smoke

AI-Assisted Study Note

This page brings together public scenario links and AI-assisted research notes for study use. Start with the scenario brief, make your own attempt, and open the spoiler section only when you are ready to compare.

Scenario Snapshot

FieldDetail
Start hereDiscovery index
Scenario sourceCommunity scenario (Flow Republic)
Current statusLive
First public date2021-02
Primary sourceOpen primary source
Coverage availableScenario brief + Discussion or analysis

Why This Scenario Matters

  • This entry is included because it appears in the public CTA scenario corpus and has enough public evidence to track for study use.

Only Open If You Have Attempted the Scenario

The section below contains public follow-up links, board-call material, and AI-assisted notes compiled from those public sources.

Open follow-up links, Q&A, and analysis

Board Insights & Common Pitfalls

Generalized Judge Questions

  • Age Verification Security: “You mentioned age verification. Where are you storing the customer’s ID document, and how are you ensuring compliance with GDPR/CCPA for sensitive birthdate data?”
  • Excise Tax Patterns: “Why did you choose a synchronous Request-Response pattern for the tax calculation? tobacco products have complex regional excise taxes—is Salesforce the right place for this logic?”
  • Guest User Experience: “How does your solution handle the ‘Age Gate’ for guest users before they can even browse the product catalog? How do you prevent direct URL access to products?”
  • Partner lead Silos: “How are you preventing B2B partners from seeing each other’s leads while still allowing regional managers to roll up reporting across the wholesale network?”
  • IoT Data Model: “Why did you choose to store smart vaping device sensor data in Big Objects instead of a standard custom object? How do you provide real-time alerts from this data?”

Common Mistakes

  • Storing Sensitive PII: Attempting to store actual ID photos or raw SSN/birthdate data in Salesforce. The “CTA way” is to use a 3rd-party verification token (e.g., Jumio) and store only a “Verified” flag.
  • Weak B2C UX: Failing to recommend Social Sign-On or Headless Identity for retail customers, defaulting instead to standard username/password flows.
  • Ignoring Regulatory Gates: Failing to implement the age verification as a hard gate in the checkout flow, potentially allowing non-compliant sales.
  • Underestimating Tax Complexity: Trying to calculate complex global tobacco taxes using basic formulas or standard CPQ instead of specialized external services like Avalara or Vertex.

Strong Patterns

  • Verified Tokenization: Using a 3rd-party service to handle ID verification and returning a unique token to Salesforce to minimize PII surface area.
  • LWC Age Gate: Implementing a mandatory, non-bypassable LWC on the Experience Cloud guest site that must be satisfied before the session can access product data.
  • CoE for Regulatory Compliance: Establishing a specific workstream in the Center of Excellence to manage the rapid changes in regional tobacco/vaping laws.

Strategic Insights

  • The “High-Stakes Compliance” Test: Up In Smoke tests the architect’s ability to balance a smooth B2C commerce experience with the rigid legal requirements of a controlled substance industry.
  • Headless Identity: Success often hinges on a robust identity strategy that reduces friction for high-volume retail customers.

Additional Notes

  • Global manufacturer and distributor of smoking/vaping products with heavy B2B and B2C components.
  • Strong focus on age verification, regulatory compliance, and high-volume retail transactions.

This is a personal study site for Salesforce CTA exam preparation. Built with AI assistance. Not affiliated with Salesforce.