Developers CRT-450 Reddit Questions

The developer should use the lightning-input-field component to support the security requirements. This component respects the field-level security and sharing settings of the Salesforce org, and displays the appropriate data to different types of users. The other components do not have this feature, and may expose sensitive data to unauthorized users. References: Lightning Web Components Developer Guide), Secure Coding Guide)

The developer can update the method to prevent a SOQL injection attack by using variable binding and replacing the dynamic query with a static SOQL, or by using the escapeSingleQuote method to sanitize the parameter before its use. These are two ways to avoid concatenating user input directly into the query string, which can allow malicious input to alter the query logic and expose sensitive data. For example, the developer can rewrite the method as follows:

// Using variable binding and static SOQL List performSearch(String lastName){ String queryName = ‘%’ + lastName + ‘%’; return [SELECT Id, FirstName, LastName FROM Contact WHERE LastName LIKE :queryName]; }

// Using escapeSingleQuote method List performSearch(String lastName){ String sanitizedLastName = String.escapeSingleQuotes(lastName); return Database.query(‘SELECT Id, FirstName, LastName FROM Contact WHERE LastName LIKE '%’ + sanitizedLastName + ‘%'’); }

Using a regular expression on the parameter to remove special characters is not a reliable way to prevent a SOQL injection attack, because it may not cover all possible scenarios and may also remove valid input. Using the @Readonly annotation and the with sharing keyword on the class is not relevant to the SOQL injection issue, because they affect the data access and performance of the class, not the security of the query.

References: SOQL Injection, Invoking Callouts Using Apex, Prepare for Your Salesforce Platform Developer I Credential

The global access modifier declares that the class and method are known by all Apex code everywhere, not just within the same application or package namespace. This access modifier must be used for any method that must be referenced outside of the application, either in SOAP API or by other Apex code1. The other options are either incorrect or insufficient, as they do not guarantee the accessibility of the method outside the package namespace2. References:

• Access Modifiers | Apex Developer Guide | Salesforce Developers
• Global Modifier Accessing Public Elements in a Managed Package

In this scenario, a formula field is the most appropriate choice to calculate the ratio between rejected and approved timesheets for a given project. This is because formula fields automatically calculate their values based on other fields’ values, requiring no additional maintenance or manual intervention. They are used for read-only purposes and are visible to users if they have read access to the object containing the formula field. To create the formula field, the developer can use the following expression:

IF(Total_Approved_Timesheets__c > 0, Total_Rejected_Timesheet__c / Total_Approved_Timesheets__c, 0)

This expression checks if the total approved timesheets is greater than zero, and if so, divides the total rejected timesheets by the total approved timesheets. Otherwise, it returns zero. This formula field will display the ratio as a decimal number, which can be formatted as a percentage if desired.

References: The use of formula fields for automatic calculations can be referenced in the Salesforce Platform Developer I learning documents, specifically in modules that cover objects and fields management, such as:

• Create Object Relationships
• Data Modeling
• Formula Operators and Functions by Context