Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft DP-420 Exam - Topic 10 Question 32 Discussion

Actual exam question for Microsoft's DP-420 exam
Question #: 32
Topic #: 10
[All DP-420 Questions]

You have a database in an Azure Cosmos DB Core (SQL) API account.

You need to create an Azure function that will access the database to retrieve records based on a variable named accountnumber. The solution must protect against SQL injection attacks.

How should you define the command statement in the function?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Nana at Feb 07, 2024, 10:12 AM

Limited Time Offer

25%

Off

Get Premium DP-420 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Polly
6 months ago
I thought A looked okay at first, but it's definitely unsafe.
upvoted 0 times
...
Youlanda
6 months ago
Totally agree with C, it's parameterized!
upvoted 0 times
...
Jesusita
6 months ago
Wait, isn't D just asking for SQL injection?
upvoted 0 times
...
Virgina
7 months ago
I think B is incorrect, you can't use LIKE that way.
upvoted 0 times
...
Lynelle
7 months ago
Option C is the way to go!
upvoted 0 times
...
Jani
7 months ago
I have a vague memory that using parameters is safer, so I’m leaning towards option C, but I hope I’m not mixing it up with another topic.
upvoted 0 times
...
Armanda
7 months ago
I practiced a similar question, and I think concatenating strings like in option D is definitely a bad idea for security.
upvoted 0 times
...
Gaynell
7 months ago
I'm not entirely sure, but I feel like using LIKE in option B is not the best approach for this scenario.
upvoted 0 times
...
Pete
8 months ago
I remember we discussed how using parameters can help prevent SQL injection, so I think option C might be the right choice.
upvoted 0 times
...
Buffy
8 months ago
I've got this! The correct approach is to use a parameterized query with the @accountnumber parameter. That's the best way to stay secure.
upvoted 0 times
...
Ariel
8 months ago
Wait, I'm a bit confused. Do I need to use the LIKE operator or just the equals sign?
upvoted 0 times
...
Cecily
8 months ago
Hmm, this looks like a tricky one. I'll need to be careful to avoid SQL injection vulnerabilities.
upvoted 0 times
...
Jamal
8 months ago
Okay, I think I know the answer here. Using a parameterized query is the way to go to protect against SQL injection.
upvoted 0 times
...
Zona
8 months ago
This seems like a straightforward question. I'd probably go with creating an Order Guide to make it easy for managers to order the required items for new employees.
upvoted 0 times
...
Yoko
8 months ago
Ah, I see the logic here. As processes mature, there are more checkpoints and reviews to catch defects early. I'll mark True.
upvoted 0 times
...
Lina
8 months ago
This is a tricky one, but I'm leaning towards it being a preventive control. The system is preventing further login attempts after detecting an issue.
upvoted 0 times
...
Goldie
1 year ago
Hey, at least it's not as bad as Bobby Tables' dad. That guy's a real troublemaker!
upvoted 0 times
Theron
12 months ago
D) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = '\' + accountnumber + \''\'
upvoted 0 times
...
Emogene
12 months ago
I heard about Bobby Tables' dad too, he caused quite a mess!
upvoted 0 times
...
Fernanda
12 months ago
C) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = @accountnumber\'
upvoted 0 times
...
Robt
1 year ago
A) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = 'accountnumber'
upvoted 0 times
...
...
Tarra
1 year ago
Wait, what's SQL injection? I thought we were just retrieving some records. Did I miss something important here?
upvoted 0 times
...
Antonio
1 year ago
I agree with Amie. Option C is the way to go to ensure the security of the database.
upvoted 0 times
Henriette
1 year ago
I agree, option C is the safest choice to protect the database from potential threats.
upvoted 0 times
...
Henriette
1 year ago
I think option C is the correct one. It uses parameterized queries to prevent SQL injection attacks.
upvoted 0 times
...
...
Cyndy
1 year ago
I'm not sure, but I think option D might also work.
upvoted 0 times
...
Amie
1 year ago
Option C is the correct answer. Using parameterized queries is the best way to protect against SQL injection attacks.
upvoted 0 times
Yasuko
1 year ago
Definitely, it's an important security measure to keep our data safe.
upvoted 0 times
...
Wynell
1 year ago
So we should always use parameterized queries when accessing databases in Azure functions.
upvoted 0 times
...
Cammy
1 year ago
Yes, you're right. Parameterized queries help protect against SQL injection attacks.
upvoted 0 times
...
Dulce
1 year ago
I think the correct answer is C) cmd = \'SELECT * FROM Persons p WHERE p.accountnumber = @accountnumber\'
upvoted 0 times
...
...
Stevie
1 year ago
I agree with Minna, option C protects against SQL injection attacks.
upvoted 0 times
...
Minna
1 year ago
I think the correct answer is C.
upvoted 0 times
...

Save Cancel