Microsoft Exam DP-420 Topic 10 Question 32 Discussion

Actual exam question for Microsoft's DP-420 exam

Question #: 32
Topic #: 10

You have a database in an Azure Cosmos DB Core (SQL) API account.

You need to create an Azure function that will access the database to retrieve records based on a variable named accountnumber. The solution must protect against SQL injection attacks.

How should you define the command statement in the function?

Acmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = 'accountnumber''

Bcmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = LIKE @accountnumber'

Ccmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = @accountnumber'

Dcmd = 'SELECT * FROM Persons p
WHERE p.accountnumber = '' + accountnumber + '''

Show Suggested Answer

Suggested Answer: A

by Nana at Feb 07, 2024, 10:12 AM

Limited Time Offer

25%

Off

Get Premium DP-420 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Goldie

1 months ago

Hey, at least it's not as bad as Bobby Tables' dad. That guy's a real troublemaker!

upvoted 0 times

Emogene

20 hours ago

I heard about Bobby Tables' dad too, he caused quite a mess!

upvoted 0 times

...

Fernanda

2 days ago

C) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = @accountnumber\'

upvoted 0 times

...

Robt

1 months ago

A) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = 'accountnumber'

upvoted 0 times

...

Tarra

1 months ago

Wait, what's SQL injection? I thought we were just retrieving some records. Did I miss something important here?

upvoted 0 times

...

Antonio

2 months ago

I agree with Amie. Option C is the way to go to ensure the security of the database.

upvoted 0 times

Henriette

19 days ago

I agree, option C is the safest choice to protect the database from potential threats.

upvoted 0 times

...

Henriette

22 days ago

I think option C is the correct one. It uses parameterized queries to prevent SQL injection attacks.

upvoted 0 times

...

Cyndy

2 months ago

I'm not sure, but I think option D might also work.

upvoted 0 times

...

Amie

2 months ago

Option C is the correct answer. Using parameterized queries is the best way to protect against SQL injection attacks.

upvoted 0 times

Yasuko

28 days ago

Definitely, it's an important security measure to keep our data safe.

upvoted 0 times

...

Wynell

1 months ago

So we should always use parameterized queries when accessing databases in Azure functions.

upvoted 0 times

...

Cammy

1 months ago

Yes, you're right. Parameterized queries help protect against SQL injection attacks.

upvoted 0 times

...

Dulce

1 months ago

I think the correct answer is C) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = @accountnumber\'

upvoted 0 times

...

Stevie

2 months ago

I agree with Minna, option C protects against SQL injection attacks.

upvoted 0 times

...

Minna

2 months ago

I think the correct answer is C.

upvoted 0 times

...