Microsoft Exam DP-420 Topic 10 Question 32 Discussion

Actual exam question for Microsoft's DP-420 exam

Question #: 32
Topic #: 10

You have a database in an Azure Cosmos DB Core (SQL) API account.

You need to create an Azure function that will access the database to retrieve records based on a variable named accountnumber. The solution must protect against SQL injection attacks.

How should you define the command statement in the function?

Acmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = 'accountnumber''

Bcmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = LIKE @accountnumber'

Ccmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = @accountnumber'

Dcmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = '' + accountnumber + '''

Show Suggested Answer

Suggested Answer: A

by Nana at Feb 07, 2024, 10:12 AM

Limited Time Offer

25%

Off

Get Premium DP-420 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

23 days ago

Option C is the correct answer. Using parameterized queries is the best way to protect against SQL injection attacks.

upvoted 0 times

Wynell

1 days ago

So we should always use parameterized queries when accessing databases in Azure functions.

upvoted 0 times

...

Cammy

8 days ago

Yes, you're right. Parameterized queries help protect against SQL injection attacks.

upvoted 0 times

...

Dulce

9 days ago

I think the correct answer is C) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = @accountnumber\'

upvoted 0 times

...

Stevie

29 days ago

I agree with Minna, option C protects against SQL injection attacks.

upvoted 0 times

...

Minna

1 months ago

I think the correct answer is C.

upvoted 0 times

...