Salesforce Exam CRT-450 Topic 6 Question 61 Discussion

Actual exam question for Salesforce's CRT-450 exam

Question #: 61
Topic #: 6

A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Within the class, the developer identifies the following method as a security threat:

ist performSearch (String lastName} [

return Database.query('SELECT Id, FirstName, LastName FROM Contact WHERE LastName Like

s'+lastName+'s'")?;

What are two ways the developer can update the method to prevent a SOQL injection attack?

Choose 2 answers

AUse variable binding and replace the dynamic query with a static SOQL.

BUse the sacapeSingleQuotes method to sanitize the parameter before its use.

CUse the Readonly annotation and the with sharing keyword on the class.

DUse a regular expression on the parameter to remove special characters.

Show Suggested Answer

Suggested Answer: D

by Elmira at Sep 18, 2024, 03:00 PM

Limited Time Offer

25%

Off

Get Premium CRT-450 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Stephaine

17 days ago

I also think using the escapeSingleQuotes method is important to sanitize the parameter.

upvoted 0 times

...

Lashandra

19 days ago

I agree with Levi. Using static SOQL instead of dynamic queries is a good security practice.

upvoted 0 times

...

Levi

22 days ago

I think the developer should use variable binding to prevent SOQL injection.

upvoted 0 times

...