nerdexam
ExamsCAS-001Questions#34
CompTIA

CAS-001 · Question #34

CAS-001 Question #34: Real Exam Question with Answer & Explanation

The correct answer is D: Input validation. Input validation (D) is the security practice that should be implemented on web forms. When users submit data through a web form, that data must be sanitized and validated before it is processed or stored. Without input validation, attackers can submit malicious payloads. SQL inj

Question

A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

Options

  • ASQL injection
  • BXSS scripting
  • CClick jacking
  • DInput validation

Explanation

Input validation (D) is the security practice that should be implemented on web forms. When users submit data through a web form, that data must be sanitized and validated before it is processed or stored. Without input validation, attackers can submit malicious payloads. SQL injection (A) and XSS scripting (B) are attack vectors - types of threats, not practices. Clickjacking (C) is also an attack technique. Input validation is the defensive control that mitigates all injection-class attacks, including SQL injection and cross-site scripting, by ensuring that only expected, safe data is accepted and processed by the application.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice