A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Whithin the class, the developer identifies the following method as a security threat: List<Contact> performSearch(String lastName){ return Database.query(‘Select Id, FirstName, LastName FROM Contact WHERE LastName Like %’+lastName+’%); } What are two ways the developer can update the method to prevent a SOQL injection attack? Choose 2 answers

A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Whithin the class, the developer identifies the following method as a security threat: List<Contact> performSearch(String lastName){ return Database.query(‘Select Id, FirstName, LastName FROM Contact WHERE LastName Like %’+lastName+’%); } What are two ways the developer can update the method to prevent a SOQL injection attack? Choose 2 answers
A . Use variable binding and replace the dynamic query with a static SOQ
C . Use the escapeSingleQuote method to sanitize the parameter before its use.
D . Use a regular expression on the parameter to remove special characters.
E . Use the @Readonly annotation and the with sharing keyword on the class.

Answer: A,B

Latest PDI Dumps Valid Version with 191 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
3 Comments
Inline Feedbacks
View all comments
MINKI
MINKI
2 years ago

– Use variable binding and replace the dynamic query with a static SOQL.
– Use the escapeSingleQuote method to sanitize the parameter before its use.

Andrei
Andrei
3 years ago

Correct answer is A & E

Mayank Maheshwari
Mayank Maheshwari
3 years ago

there is no B in the options