Thursday 1 March 2018

Oracle 1Z0-148 Question Answer

You are designing and developing a complex database application built using many dynamic SQL statements. Which option could expose your code to SQL injection attacks?

A. Using bind variables instead of directly concatenating parameters into dynamic SQL statements
B. Using automated tools to generate code
C. Not validating parameters which are concatenated into dynamic SQL statements
D. Validating parameters before concatenating them into dynamic SQL statements
E. Having excess database privileges

Answer: A


Examine this function body:



Which two headers will allow this function to compile successfully and take advantage of both invoker’s rights and function result caching?


A. CREATE FUNCTION get_hire_date (emp_id NUMBER) RETURN
VARCHAR2RESULT_CACHE RELIES_ON (departments)AUTHID
CURRENT_USERISdate_hired DATE;
B. CREATE FUNCTION get_hire_date (emp_id NUMBER) RETURN
VARCHAR2RESULT_CACHEAUTHID CURRENT_USERISdate_hired DATE;
C. CREATE FUNCTION get_hire_date (emp_id NUMBER) RETURN
VARCHAR2RESULT_CACHEAUTHID DEFINERISdate_hired DATE;
D. CREATE FUNCTION get_hire_date (emp_id NUMBER) RETURN
VARCHAR2RESULT_CACHE RELIES_ON (employees)AUTHID
CURRENT_USERISdate_hired DATE;
E. CREATE FUNCTION get_hire_date (emp_id NUMBER) RETURN VARCHAR2AUTHID
DEFINERISdate_hired DATE;

Answer: D,E