To solve this question, the user needs to have knowledge of the basic principles of security controls for database applications.

Option A: This option is incorrect because securing a database application with username/password access controls alone is not sufficient to fully secure the application. Although username/password access control is an essential security measure, it is not sufficient in isolation.

Option B: This option is correct because username/password access controls are necessary but not sufficient to fully secure a database application. Other controls such as encryption, access control lists, monitoring, and auditing should be combined with username/password access controls for a complete security solution.

Option C: This option is incorrect because the length of the password alone does not guarantee the security of the database application. There are other factors to consider such as password complexity, password rotation, and password storage.

Option D: This option is incorrect because even if none of the users have administrative access, username/password access controls alone are still not sufficient to fully secure a database application.

Therefore, the correct answer is:

The Answer is: B. Sufficient only when combined with other controls