CRT-450 Sample Practice Exam Questions 2024 Updated Verified
Exam Study Guide Free Practice Test LAST UPDATED CRT-450
NEW QUESTION # 67
A developer has a Apex controller for a Visualforce page that takes an ID as a URL parameter. How should the developer prevent a cross site scripting vulnerability?
- A. ApexPages.currentPage() .getParameters() .get('url_param') .escapeHtml4()
- B. String.ValueOf(ApexPages.currentPage() .getParameters() .get('url_param'))
- C. String.escapeSingleQuotes(ApexPages.currentPage() .getParameters(). get('url_param'))
- D. ApexPages.currentPage() .getParameters() .get('url_param')
Answer: B
Explanation:
Cross site scripting (XSS) is a vulnerability that occurs when an attacker can insert unauthorized HTML or JavaScript code into a web page viewed by other users. This can lead to hijacking the user's session, stealing confidential information, or defacing the page. To prevent XSS, the developer should always validate and encode any user-supplied data before displaying it on the page. The ApexPages.currentPage() .getParameters()
.get('url_param') method returns the value of the URL parameter as a string, but does not perform any validation or encoding. Therefore, it is vulnerable to XSS if the parameter contains malicious code. The ApexPages.currentPage() .getParameters() .get('url_param') .escapeHtml4() method escapes the HTML characters in the parameter value, such as <, >, &, and ", but does not prevent JavaScript code from being executed. Therefore, it is also vulnerable to XSS if the parameter contains a script tag or an event handler attribute. The String.escapeSingleQuotes(ApexPages.currentPage() .getParameters(). get('url_param')) method escapes the single quotes in the parameter value, but does not affect any other characters. Therefore, it is also vulnerable to XSS if the parameter contains any HTML or JavaScript code. The String.ValueOf(ApexPages.currentPage() .getParameters() .get('url_param')) method converts the parameter value to a string and encodes any HTML characters as HTML entities, such as <, >, &, and ". This prevents any HTML or JavaScript code from being rendered or executed on the page. Therefore, it is the best option to prevent XSS. References: You can learn more about XSS and how to prevent it in Apex from the following sources:
* Cross Site Scripting (XSS) | Apex Developer Guide
* Secure Coding Cross Site Scripting | Secure Coding Guide
* Cross-Site Scripting in Apex | SecureFlag Security Knowledge Base
NEW QUESTION # 68
A developer is creating a Lightning web component to show a list of sales records.
The Sales Representative user should be able to see the commission-field on each record. The Sales Assistance user should be able to see all field on the record except the commission field.
How should this be enforced so that the component works for both users without showing any errors?
- A. Use security. stripInaccessible to remove fields inaccessible to the current user.
- B. Use with SECURITY_EMFoRCED in the SOQL that fetches the data for the component.
- C. Use Lightning Data Service to get the collection of sales records.
- D. Use Lightning Locker Service to enforce sharing rules and field-level security.
Answer: A
NEW QUESTION # 69
What is a fundamental difference between a Master-Detail relationship and a Lookup relationship?
- A. In a Lookup relationship, the field value is mandatory.
- B. A Master-Detail relationship detail record inherits the sharing and security of its master record.
- C. In a Lookup relationship when the parent record is deleted, the child records are always deleted.
- D. In a Master-Detail relationship, when a record of a master object is deleted, the detail records are not deleted.
Answer: B
NEW QUESTION # 70
A developer needs to provide a way to mass edit,update, and delete records from a list view in which two ways can this be accomlpished? choose 2 answers
- A. Download an unmanaged package from the appexchange that provides customizable mass edit, update and delete functionality
- B. Create a new visualforce page and apex controller for the list view that provides mass edit,update and delete functionality
- C. Download a managed package from the appexchange that provides customizable enhanced list views and buttons
- D. Configure the user interface and enable both inline editing enhanced lists
Answer: B,C
NEW QUESTION # 71
A developer is creating an enhancement to an application that will allow people to be related to their employer. Which data model provides the simplest solution to meet the requirements?
- A. Create a lookup realtionship to indicate that a person has an employer
- B. Create a junction object to relate many people to many through master-detail relationship
- C. Create a master-detail relationship to indicate that a person has an employer
- D. Create a junction object to relate many people to many through lookup relationship
Answer: C
NEW QUESTION # 72
Which two practices should be used for processing records in a trigger? (Choose two.)
- A. Use (callout=true)to update an external system.
- B. Use a Setto ensure unique values in a query filter.
- C. Use a Mapto reduce the number of SOQL calls.
- D. Use @futuremethods to handle DML operations.
Answer: B,C
Explanation:
Explanation/Reference:
NEW QUESTION # 73
Given the following block code: try{ List <Accounts> retrievedRecords = [SELECT Id FROM Account WHERE Website = null]; }catch(Exception e){ //manage exception logic } What should a developer do to ensure the code execution is disrupted if the retrievedRecordslist remains empty after the SOQL query?
- A. Check the state of the retrievedRecords variable and use System.assert(false) if the variable is empty
- B. Check the state of the retrievedRecords variable and access the first element of the list if the variable is empty.
- C. Check the state of the retrieveRecords variable and throw a custom exception if the variable is empty.
- D. Replace the retrievedRecords variable declaration from ftount to a single Account.
Answer: A
NEW QUESTION # 74
A developer wants to override a button using Visualforce on an object.
What is the requirement?
- A. The controller or extension must have a PageReference method.
- B. The object record must be instantiated in a controller or extension.
- C. The standardController attribute must be set to the object.
- D. The action attribute must be set to a controller method.
Answer: C
NEW QUESTION # 75
Where can a developer identify the time taken by each process in a transaction using Developer Console log inspector?
- A. Save Order tab under Execution Overview panel
- B. Performance Tree tab under Stack Tree panel
- C. Execution Tree tab under Stack Tree panel
- D. Timeline tab under Execution Overview panel
Answer: D
NEW QUESTION # 76
Refer to the following code snippet for an environment has more than 200 Accounts belonging to the Technology' industry:
When the code execution, which two events occur as a result of the Apex transaction?
When the code executes, which two events occur as a result of the Apex transaction?
Choose 2 answers
- A. The Apex transaction fails with the following message. "SObject row was retrieved via SOQL without querying the requested field Account.Is.Tech__c''.
- B. The Apex transaction succeeds regardless of any uncaught exception and all processed accounts are updated.
- C. If executed In a synchronous context, the apex transaction is likely to fall by exceeding the DHL governor limit.
- D. If executed in an asynchronous context, the apex transaction is likely to fall by exceeding the DML governor limit
Answer: A
NEW QUESTION # 77
In an organization that has enabled multiple currencies, a developer needs to aggregate the sum of the Estimated_value__c currency field from the CampaignMember object using a roll-up summary field called Total_estimated_value__c on Campaign.
- A. The values in Campaignmember.Estimated_value__c are converted into the currency of the Campaign record and the sum is displayed using the currency on the Campaign record.
- B. The values in CampaignMember.Estimated_value__c are summed up and the resulting Total_estimated_value__c field is displayed as a numeric field on the Campaign record.
- C. The values in CampaignMember.Estimated_value__c are converted into the currency on the majority of the CampaignMember records and the sum is displayed using that currency.
- D. The values In CampaignMember.Estimated_value__c are converted into the currency of the current user, and the sum is displayed using the currency on the Campaign record.
Answer: A
NEW QUESTION # 78
Assuming that naze is 8 String obtained by an <apex:inpotText> tag on 8 Visualforce page, which two SOQL queries performed are safe from SOQL injection?
'Choose 2 answers
- A.

- B.

- C.

- D.

Answer: A,C
Explanation:
SOQL injection is a vulnerability that occurs when user-supplied input is used to construct a dynamic SOQL query without proper validation or escaping. This can allow an attacker to modify the query and execute unintended commands or access unauthorized data. To prevent SOQL injection, it is recommended to use static queries with bind variables or use the escapeSingleQuotes method to sanitize the input. Based on the image descriptions from my tool outputs, the following options are safe from SOQL injection:
* Option A: This option uses a static query with a bind variable, which automatically escapes any malicious input and prevents it from changing the query structure. The bind variable name is obtained from an apex:inputText tag on a Visualforce page and is used as a filter for the Account Name field.
* Option C: This option also uses a static query with a bind variable, which is the same as option A. The only difference is that the bind variable name is obtained from a different apex:inputText tag on the same Visualforce page and is used as a filter for the Contact Name field.
The other options are not safe from SOQL injection because they use dynamic queries with string concatenation, which can allow an attacker to inject SOQL commands into the query string and bypass the intended logic or access unauthorized data.
References: The use of static queries with bind variables and the escapeSingleQuotes method to prevent SOQL injection can be referenced in the Salesforce Platform Developer I learning documents, specifically in modules that cover Apex security and SOQL, such as:
* SOQL Injection
* Secure Coding SQL Injection
* Apex Basics & Database
NEW QUESTION # 79
A developer must write anApex method that will be called from a lightning component. The method may delete an Account stored in the accountRec variable.
Which method should a developer use to ensure only users that should be able to delete Accounts can successfully perform deletion?
- A. Schena, sobjectType, Account, isDeletetable ()
- B. accountRec., isDeletable()
- C. AccountRec, ObjecType, ieDeletable ()
- D. Account, isDeletable ()
Answer: A
Explanation:
the current user has the permission to delete Account records, and false otherwise. This method is part of the Schema.DescribeSObjectResult class, which provides information about the metadata and permissions of an sObject type. The other options are incorrect because they either use invalid syntax or refer to the wrong object or variable. The accountRec variable is an instance of an Account record, not an sObject type, and it does not have an isDeletable() method. The Account sObject type does not have an isDeletable() method either, it is a property of the Schema.DescribeSObjectResult class. The AccountRec.ObjectType property returns the sObject type of the accountRec variable, which is Account, but it does not have an isDeletable() method either. References:
* Schema.DescribeSObjectResult Class
* Schema.sObjectType Class
* Apex Developer Guide: Checking User Permissions
NEW QUESTION # 80
What are two ways a developer can get the status of an enquered job for a class that queueable interface?
Choose 2 answers
- A. View the apex flex Queue
- B. Query the AsyncApexJobe object
- C. View the apex status Page
- D. View the apex Jobs page
Answer: B,D
Explanation:
* View the Apex Jobs page and query the AsyncApexJob object are two ways a developer can get the status of an enqueued job for a class that implements the Queueable interface. They are both methods to
* monitor and manage the asynchronous Apex jobs that are submitted to the Apex job queue12.
* View the Apex Jobs page is a user interface option that allows a developer to see the status and results of the asynchronous Apex jobs in the Setup menu of Salesforce. It can show the progress, completion, failure, or cancellation of the jobs, as well as the start time, end time, submitted by, and apex class name of the jobs12.
* Query the AsyncApexJob object is a programmatic option that allows a developer to retrieve the status and results of the asynchronous Apex jobs using SOQL. It can access the same fields and information as the Apex Jobs page, as well as additional fields such as JobType, ParentJobId, and ExtendedStatus12.
* View the Apex Status page and view the Apex Flex Queue are two other options, but they are not applicable for the Queueable interface. They are used for different types of asynchronous Apex jobs12.
* View the Apex Status page is an option that allows a developer to see the status and results of the batch Apex jobs and future methods in the Setup menu of Salesforce. It can show the number of batches or methods processed, failed, or remaining, as well as the start time, end time, submitted by, and apex class or method name of the jobs12.
* View the Apex Flex Queue is an option that allows a developer to see and reorder the pending batch Apex jobs that are waiting to be processed in the Setup menu of Salesforce. It can hold up to 100 batch Apex jobs that exceed the limit of 5 concurrent jobs. It can show the apex class name, submitted by, and submitted date of the jobs12.
References:
* 1: Asynchronous Apex
* 2: Cert Prep: Platform Developer I: Automation and Logic
NEW QUESTION # 81
Universal Containers has a Visualforce page that displays a table of every Container_c. being ....... Is falling with a view state limit because some of the customers rent over 10,000 containers.
What should a developer change about the Visualforce page to help with the page load errors?
- A. Use JavaScript remoting with SOQL Offset.
- B. Use Lazy loading and a transient List variable.
- C. Implement pagination with an OffsetController.
- D. Implement pagination with a StandardSetController,
Answer: D
Explanation:
To avoid exceeding the view state limit of 170 KB12, the developer should implement pagination with a StandardSetController. A StandardSetController allows the developer to display a set of records in a Visualforce page with built-in support for pagination, sorting, and filtering3. By using a StandardSetController, the developer can limit the number of records that are displayed and stored in the view state at a time, and provide navigation buttons for the user to access the next or previous set of records.
The other options are not correct because:
* A. Use Lazy loading and a transient List variable. This option is not effective, because lazy loading means that the data is loaded only when it is needed, but it still requires storing the data in the view state. A transient List variable is not included in the view state, but it also means that the data is lost
* after each request and has to be queried again, which can affect performance and consistency.
* B. Use JavaScript remoting with SOQL Offset. This option is not recommended, because JavaScript remoting does not support pagination, sorting, or filtering, and requires additional JavaScript code to handle the callbacks and display the data. SOQL Offset is also limited to 2,000 records, and can cause performance issues when used with large data sets.
* C. Implement pagination with an OffsetController. This option is not optimal, because an OffsetController is a custom controller that uses SOQL Offset to implement pagination. As mentioned above, SOQL Offset has limitations and drawbacks that make it unsuitable for large data sets.
References:
* : Optimize the View State
* : Create More Complex Visualforce Pages with Increased View State Limit
* : StandardSetController Class
* : [Transient Keyword]
* : [SOQL OFFSET Clause]
NEW QUESTION # 82
......
The New CRT-450 2024 Updated Verified Study Guides & Best Courses: https://www.trainingquiz.com/CRT-450-practice-quiz.html
Authentic CRT-450 Exam Dumps PDF - 2024 Updated: https://drive.google.com/open?id=17A3t6KlY28HO_ZjI2GjbI4wF0lG5cKEV

