212-82 Question #75: Real Exam Question with Answer & Explanation

Question

Which security measure can help prevent SQL injection attacks? (Select all that apply)

Options

• AInput validation
• BCross-site scripting (XSS)
• CUsing weak passwords
• DCode obfuscation

Explanation

SQL Injection Prevention

Input validation (A) is correct because it ensures user-supplied data is checked, sanitized, and restricted to expected formats before being processed by the database, preventing malicious SQL code from being executed. Code obfuscation (D) can add a layer of defense by making it harder for attackers to understand the application's structure and craft targeted SQL injection payloads, though it is considered a supplementary measure rather than a primary defense.

Cross-site scripting (B) is a completely different vulnerability involving malicious scripts injected into web pages viewed by other users - it is itself an attack, not a security measure against SQL injection. Using weak passwords (C) is a security weakness, not a protection mechanism, and does nothing to prevent SQL injection attacks.

🧠 Memory Tip: Think "Validate your Input, Obscure your Code" - the two proactive steps you control as a developer. Also remember: XSS and SQL injection are both threats, so any answer listing an attack type as a "security measure" should be an immediate red flag on the exam.

⚠️ Note for exam takers: It is worth knowing that parameterized queries/prepared statements are widely considered the most effective defense against SQL injection - if that option appears on your actual exam, it would almost certainly be correct as well.

No community discussion yet for this question.