Free PEGACPLSA23V1 Practice Test Questions and Answers (2026) | Cert Empire

[Security Design] An application has a web page where users can upload and view images. The application uses a Content Security Policy (CSP) to prevent cross-site scripting attacks by restricting the sources of scripts and images that the browser can load. The CSP has the following directives: default-src 'self'; script-src 'self'https://cdn.example.com; img-src 'self' data: blob:. What happens if a user tries to upload and view an image fromhttps://malicious.comon the web page?

[Data Modeling] As an LSA developing a Pega application for an online grocery store, you are tasked with enabling customers to navigate through various categories such as "Dairy," "Confectionery," "Frozen Food," and "Soft Drinks." Each category contains at least 10 sub-categories, with the workflow varying depending on the selected sub-category. What is the best method of populating the categories and sub-categories and retrieving the related information from the grocery store's database?

[Application Design] As a Lead System Architect, the primary objective is to adhere to the low-code application development methodology and support citizen developers. Relevant records are a feature in App Studio that can help facilitate this process. Which two of the following options outline the benefits of relevant records? (Choose Two)

[Application Design] What is the best approach for implementing limited-availability-and-concurrency design patterns?

[Work Delegation and Asynchronous Processing] Consider a scenario where an e-commerce company is using a Job Scheduler to manage various tasks. The Job Scheduler is responsible for updating inventory, processing orders, sending order confirmation emails, and generating daily sales reports. Which two of the following are typical features of a Job Scheduler? (Choose Two)

[Security Design] In the HRApp application, there are sensitive reports related to hiring and compensation. These reports must only be accessible to senior executives. What is the best possible way to achieve this requirement?

[Security Design] In the HRApp application, authorized users handle salary reviews by using the SalaryReview case type. You want to restrict access to only human resources staff and managers. What is the best possible solution to achieve this outcome?

[Performance Optimization] An online streaming service faces performance issues because of a high volume of user data stored in the database. As a Lead System Architect, what are the two best corrective actions that you suggest for enhancing application performance? (Choose Two)

[Integration] U+ Bank has a customer service application that processes customer complaints. Now, after three years in production, the operations manager needs historical reports on resolved cases. The reports should be sent in near real-time. The data warehouse has exposed a REST API to receive the data, and the reports are then generated from the data warehouse. Which two of the following options could you use to create an ideal design solution for posting the data to the data warehouse? (Choose Two)

[Reporting Design] As a Lead System Architect tasked with enhancing a hotel room booking application, your objective is to streamline the booking process by identifying high-value customers. To accomplish this, you have decided to segment customers based on the total revenue generated from their bookings, considering that customers can have multiple bookings. The revenue is calculated by summing the amounts of all bookings made by each customer. Customers will be categorized as follows: Silver: Total booking amount is less than $500. Gold: Total booking amount ranges from $500 to $2000. Platinum: Total booking amount exceeds $2000. You want to use SQL functions for efficient customer categorization. Which SQL function code correctly determines the customer categories?