nerdexam
Cisco

350-401 · Question #1181

Which security actions must be implemented to prevent an API injection attack?

The correct answer is C. Validate, filter, and sanitize all incoming data.. To prevent API injection attacks, all incoming data must be thoroughly validated, filtered, and sanitized to neutralize malicious input before it can be processed.

Submitted by haru.x· Mar 6, 2026Security

Question

Which security actions must be implemented to prevent an API injection attack?

Options

  • ALog and monitor failed attempts.
  • BUse password hash with biometric authentication.
  • CValidate, filter, and sanitize all incoming data.
  • DUse short-lived access tokens and authenticate the apps.

How the community answered

(35 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    89% (31)
  • D
    3% (1)

Why each option

To prevent API injection attacks, all incoming data must be thoroughly validated, filtered, and sanitized to neutralize malicious input before it can be processed.

ALog and monitor failed attempts.

Logging and monitoring failed attempts are crucial for detection, forensics, and incident response, but they do not actively prevent the initial injection attack from occurring.

BUse password hash with biometric authentication.

Using password hashes and biometric authentication strengthens authentication and protects against credential theft, but these measures do not directly prevent injection attacks once an authenticated session is established.

CValidate, filter, and sanitize all incoming data.Correct

API injection attacks, such as SQL injection or command injection, occur when untrusted input is directly incorporated into queries or commands without proper handling. Validating data ensures it meets expected types and formats, filtering removes disallowed characters or patterns, and sanitizing transforms or escapes potentially harmful input, effectively neutralizing the injection vector and preventing the attack.

DUse short-lived access tokens and authenticate the apps.

Short-lived access tokens and authenticating applications improve authorization security and limit the window for token misuse, but they do not stop malicious data from being injected into API calls if the application is vulnerable to input processing flaws.

Concept tested: API injection prevention methods

Source: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/01_2017-Injection

Topics

#API injection#Input validation#Data sanitization#API security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice