PDI · Question #54
PDI Question #54: Real Exam Question with Answer & Explanation
Sign in or unlock PDI to reveal the answer and full explanation for question #54. The question stem and answer options stay visible for context.
Question
A developer is tasked to perform a security review of the ContactSearch Apex class that exists in the system. Whithin the class, the developer identifies the following method as a security threat: List<Contact> performSearch(String lastName){ return Database.query('Select Id, FirstName, LastName FROM Contact WHERE LastName Like %'+lastName+'%); } What are two ways the developer can update the method to prevent a SOQL injection attack? Choose 2 answers
Options
- AUse variable binding and replace the dynamic query with a static SOQL.
- BUse the escapeSingleQuote method to sanitize the parameter before its use.
- CUse a regular expression on the parameter to remove special characters.
- DUse the @Readonly annotation and the with sharing keyword on the class.
Unlock PDI to see the answer
You've previewed enough free PDI questions. Unlock PDI for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.