350-901 Question #8: Real Exam Question with Answer & Explanation

Question

Which two techniques protect against injection attacks? (Choose two.)

Options

• Ainput validation
• Btrim whitespace
• Climit text areas to 255 characters
• Dstring escaping of user free text and data entry
• Eonly use dropdown, checkbox, and radio button fields

Explanation

To protect against injection attacks, it is crucial to implement robust input validation to ensure data conforms to expected formats and to perform string escaping on all user-supplied free text before it is processed by an interpreter.

Common mistakes.

• B. Trimming whitespace from user input is a form of sanitization but does not directly protect against the malicious code or commands characteristic of injection attacks.
• C. Limiting text areas to a specific character count, such as 255 characters, may constrain the size of an injection payload but does not inherently prevent the injection of malicious commands within that limit.
• E. While restricting input to predefined options like dropdowns or checkboxes can prevent injection by removing free-text entry, it is a design constraint rather than a universally applicable technique when free-text input is required.

Concept tested. Injection attack prevention techniques

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/owasp-top-10#a03-2021-injection

No community discussion yet for this question.